web application assessment report - carahsoft.com€¦ · webinspect. 47 2 4 95.9% sc-5: denial of...
TRANSCRIPT
Web Application Assessment Report
Compliance
HPE Fortify WebInspect
21 minutes : 23 seconds
10/5/2017 11:35:08 AM
600
17.10.283.0
Standard
181
Zero 1 Scan Name:
Crawl Sessions:
Scan Duration:
Vulnerabilities:
Policy:
Scan Date:
Scan Version:
Site Scan Type: Client: FF
Template Name:
Description:
NIST FISMA SP 800-53 Revision 4
CAUTIONARY NOTE: IMPLEMENTING CHANGES BASED ON REVISIONS TO SPECIAL PUBLICATION 800-53http://dx.doi.org/10.6028/NIST.SP.800-53r4
When NIST publishes revisions to Special Publication 800-53, there are four primary types of changes made to the document: (i) security controls or control enhancements are added to or withdrawn from Appendices F and G and/or to the low, moderate, and high baselines; (ii) supplemental guidance is modified; (iii) material in the main chapters or appendices is modified; and (iv) language is clarified and/or updated throughout the document.
When modifying existing tailored security control baselines at Tier 3 in the risk management hierarchy (as described in Special Publication 800-39) and updating security controls at any tier as a result of Special Publication 800-53 revisions, organizations should take a measured, risk-based approach in accordance with organizational risk tolerance and current risk assessments. Unless otherwise directed by OMB policy, the following activities are recommended to implement changes to Special Publication 800-53:
- First, organizations determine if any added security controls/control enhancements are applicable to organizational information systems or environments of operation following tailoring guidelines in this publication.
- Next, organizations review changes to the supplemental guidance, guidance in the main chapters and appendices, and updated/clarified language throughout the publication to determine if changes apply to any organizational information systems and if any immediate actions are required.
- Finally, once organizations have determined the entirety of changes necessitated by the revisions to the publication, the changes are integrated into the established continuous monitoring process to the greatest extent possible. The implementation of new or modified security controls to address specific, active threats is always the highest priority for sequencing and implementing changes. Modifications such as changes to templates or minor language changes in policy or procedures are generally the lowest priority and are made in conjunction with established review cycles.
[HP WebInspect Operator Notes]
This compliance template maps the current capabilities of HP WebInspect to applicable controls included in NIST FISMA SP 800-53 Revision 4. Use of this compliance template is not intended to provide a holistic compliance rating; but a guide for application security-relevant components of NIST FISMA SP 800-53 Revision 4.
Compliance Summary
IndeterminatePassed Failed Percentage
AC-3: Access Enforcement
The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
98.1%3252104
IA-2: Identification and Authentication (Organizational Users)
The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).
89.6%158326
(8) identification and authentication | network access to privileged accounts - replay resistant
The information system implements replay-resistant authentication mechanisms for network access to privileged accounts.
100%106
(9) identification and authentication | network access to non-privileged accounts - replay resistant
The information system implements replay-resistant authentication mechanisms for network access to non-privileged accounts.
100%106
IA-6: Authenticator Feedback
The information system obscures feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.
92.3%66112
IA-8: Identification and Authentication (Non-Organizational Users)
Report Date: 12/12/2017 2
The information system uniquely identifies and authenticates non-organizational users (or processes acting on behalf of non-organizational users).
89.6%158326
IR-9: Information Spillage Response
The organization responds to information spills by:
a. Identifying the specific information involved in the information system contamination;b. Alerting [Assignment: organization-defined personnel or roles] of the information spill using a method of communication not associated with the spill;c. Isolating the contaminated information system or system component;d. Eradicating the information from the contaminated information system or component;e. Identifying other information systems or system components that may have been subsequently contaminated; andf. Performing other [Assignment: organization-defined actions].
[HP WebInspect Operator Notes]The intent of this category is to alert the HP WebInspect operator of potentially sensitive content that was discovered throughout the execution of the scan. HP WebInspect cannot discern whether information is classified or sensitive with absolute certainty, so further analysis is required above and beyond running HP WebInspect.
95.9%4247
SC-5: Denial of Service Protection
The information system protects against or limits the effects of the following types of denial of service attacks: [Assignment: organization-defined types of denial of service attacks or reference to source for such information] by employing [Assignment: organization-defined security safeguards].
100%6306
SC-7: Boundary Protection
(10) boundary protection | prevent unauthorized exfiltration
The organization prevents the unauthorized exfiltration of information across managed interfaces.
Supplemental Guidance:
Safeguards implemented by organizations to prevent unauthorized exfiltration of information from information systems include, for example: (i) strict adherence to protocol formats; (ii) monitoring for beaconing from information systems; (iii) monitoring for steganography; (iv) disconnecting external network interfaces except when explicitly needed; (v) disassembling and reassembling packet headers; and (vi) employing traffic profile analysis to detect deviations from the volume/types of traffic expected within organizations or call backs to command and control centers. Devices enforcing strict adherence to protocol formats include, for example, deep packet inspection firewalls and XML gateways. These devices verify adherence to protocol formats and specification at the application layer and serve to identify vulnerabilities that cannot be detected by devices operating at the network or transport layers. This control enhancement is closely associated with cross-domain solutions and system guards enforcing information flow requirements. Related control: SI-3.
62.5%135
SC-8: Transmission Confidentiality and Integrity
The information system protects the [Selection (one or more): confidentiality; integrity] of transmitted information.
83.3%0315
SC-18: Mobile Code
(1) mobile code | identify unacceptable code / take corrective actions
The information system identifies [Assignment: organization-defined unacceptable mobile code] and takes [Assignment: organization-defined corrective actions].
Supplemental Guidance: Corrective actions when unacceptable mobile code is detected include, for example, blocking, quarantine, or alerting administrators. Blocking includes, for example, preventing transmission of word processing files with embedded macros when such macros have been defined to be unacceptable mobile code.
100%2033
Report Date: 12/12/2017 3
such macros have been defined to be unacceptable mobile code.
SC-23: Session Authenticity
(1) session authenticity | invalidate session identifiers at logout
The information system invalidates session identifiers upon user logout or other session termination.
Supplemental Guidance: This control enhancement curtails the ability of adversaries from capturing and continuing to employ previously valid session IDs.
100%005
(3) session authenticity | unique session identifiers with randomization
The information system generates a unique session identifier for each session with [Assignment: organization-defined randomness requirements] and recognizes only session identifiers that are system-generated.
Supplemental Guidance: This control enhancement curtails the ability of adversaries from reusing previously valid session IDs. Employing the concept of randomness in the generation of unique session identifiers helps to protect against brute-force attacks to determine future session identifiers. Related control: SC-13.
100%101
SI-10: Information Input Validation
(1) information input validation | predictable behavior
The information system behaves in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.
98.6%5426437
SI-11: Error Handling
The information system:a. Generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries; andb. Reveals error messages only to [Assignment: organization-defined personnel or roles].
84.3%12527
SI-15: Information Output Filtering
The information system validates information output from [Assignment: organization-defined software programs and/or applications] to ensure that the information is consistent with the expected content.
98.5%4226409
Compliance Detail
AC-3: Access Enforcement
The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
Credential/Session Prediction Severity Pass/Fail Tested
3274 wbbboard action.php Session Hijacking High - No
3277 Sun NetDynamics ndCGI.exe Session Hijacking High Pass Yes
Insufficient Authorization Severity Pass/Fail Tested
3276 WebDAV Support Enabled Low Pass Yes
3205 mwForum Possible Web Application Administration High - No
3216 WebSphere Payment Manager Login Info - No
3217 WebSphere Payment Manager Login (2) Info - No
3325 phpMyNewsletter Web Application Administration High Pass Yes
3327 AlGuest Web Application Administration High Pass Yes
3317 BEA Weblogic Snoop Default Application Discovery Low Pass Yes
3340 Avotravis Static Administrative Cookie High Pass Yes
Report Date: 12/12/2017 4
Insufficient Authorization Severity Pass/Fail Tested
3341 AlienForm2 Arbitrary File Access Critical - No
3350 CSNews Arbitrary Command Execution Critical - No
3412 Rapid Web Publisher Administrative Interface High Pass Yes
3539 Novell NetWare Default Application Multiple Vulnerabilities (env.pl)
Medium Pass Yes
3540 Novell NetWare Default Application Multiple Vulnerabilities (lcgitest.nlm)
Medium Pass Yes
3541 Novell NetWare Default Application Multiple Vulnerabilities (env.bas)
Medium Pass Yes
3542 Novell NetWare Default Application Multiple Vulnerabilities (se) Medium - No
3544 Novell NetWare Default Web Application (SessionServlet) Low - No
3555 Abyss Webserver Multiple Vulnerabilities High - No
3572 Frontpage Server Extensions ToDo File (_x_todo.htm) Low - No
3573 Frontpage Server Extensions ToDo File (_x_todoh.htm) Low - No
3580 Ion Script Arbitrary File Access High - No
3594 Administrative Interface (user_adm.html) Low - No
3598 File (tmp) Low - No
3605 File (content-space) Medium - No
3606 File (sitelist.txt) Medium - No
3607 File (email.txt) Medium - No
3608 Email Template File Medium - No
3609 Download File Medium - No
3610 Login Interface (logon.html) Low - No
3611 Login Interface (logon.htm) Low - No
3614 Login Interface (logon.pl) Low - No
3615 Login Interface (logon.cgi) Low - No
3623 Possible Intranet Access Medium - No
3648 OSX Content File (FBCIndex) Medium - No
3650 PHPShare File Upload Issue High - No
3651 PHPShare File Upload Issue (root) High - No
3672 Citrix NFuse Traversal File Access High - No
3673 Citrix NFuse Traversal File Access High - No
3680 BEA Weblogic AdminMain Administrative Interface Discovery High Pass Yes
3681 BEA Weblogic AdminProps Administrative Interface Discovery High Pass Yes
3682 BEA Weblogic AdminRealm Administrative Interface Discovery High Pass Yes
3707 Xerox Docushare Administrative Interface Low - No
3713 BEA Weblogic Webguitop.html Administrative Interface Discovery
High - No
3724 phpToNuke Arbitrary File Access High - No
3725 TheServer Server Configuration Information Disclosure High - No
3773 Oracle Application Server Default Application (/isqlplus) Low - No
3792 BEA Weblogic UDDIListener Default Application Discovery Low - No
3793 BEA Weblogic UDDIAddAdminUserServlet Default Application Discovery
Low - No
Report Date: 12/12/2017 5
Insufficient Authorization Severity Pass/Fail Tested
3794 BEA Weblogic UDDIAddUserServlet Default Application Discovery
Low - No
3795 BEA Weblogic UDDIListUsersServlet Default Application Discovery
Low - No
3796 BEA Weblogic UDDIRemoveUserServlet Default Application Discovery
Low - No
3797 BEA Weblogic UDDISetPasswordServlet Default Application Discovery
Low - No
3798 BEA Weblogic UDDIExplorer Default Application Discovery Low - No
3799 BEA Weblogic LogfileSearch Default Application Discovery High - No
3800 BEA Weblogic LogfileSearch Default Application Discovery Low - No
3854 Script Directory (scripts) Low Pass Yes
3860 Script Directory (cgi-bin) Low Pass Yes
3861 Script Directory (cgi) Low Pass Yes
3862 Script Directory (script) Low Pass Yes
3863 Script Directory (cgi-local) Low Pass Yes
3864 Script Directory (cgibin) Low Pass Yes
3865 Script Directory (htbin) Low Pass Yes
3866 Script Directory (cgi-win) Low Pass Yes
3867 Dynamic Script Folder Engine Low Pass Yes
3868 Ion Script Arbitrary File Access High - No
4284 IlohaMail Arbitrary File Upload Medium - No
4306 Possible Login Form Info Pass Yes
4351 myGuestBk Web Application Administration Medium - No
4352 Beanwebb Guestbook Application Administration Medium - No
4388 AN HTTPd Arbitrary System File Creation High - No
4408 miniPortail Web Application Administration Medium - No
4429 iisCART 2000 Arbitrary File System Creation Medium - No
4520 Q-Shop "upload.htm" Arbitrary System File Creation Medium - No
4719 IIS Mapping Check Medium Pass Yes
4731 Script Directory Check Medium Pass Yes
4732 Script File Extension Disclosure Best Practices Pass Yes
4869 Web Connection Administration Critical - No
4876 Web.Config High Pass Yes
4877 Web.Config.old High Pass Yes
4878 Web.Config.bak High Pass Yes
4879 Web.Config.sav High Pass Yes
4880 Copy Of Web.config High Pass Yes
4881 Web.Config.temp High Pass Yes
4882 Web.Config.backup High Pass Yes
4883 Web.Config.1 High - No
4884 Web.Config.2 High - No
4885 Web.Config.3 High - No
Report Date: 12/12/2017 6
Insufficient Authorization Severity Pass/Fail Tested
4888 Web.Config.bac High - No
4889 Web.Config.txt High Pass Yes
4892 Web.Config.TMP High - No
4893 Web.Config.tmp High - No
4894 Web.Config.TEMP High - No
4896 Web.Config.arc High - No
4898 Web.Config~1 High - No
4899 Web.Config.-old High - No
4901 Web.Config.old2 High - No
4902 Web.Config.save High - No
4903 Web.Config.~bk High - No
16 Netscape Enterprise Server Web Publisher Access Critical - No
22 Frontpage Server Extensions Encrypted Password File (service.pwd)
Critical - No
35 Frontpage Server Extensions Encrypted Password File (authors.pwd)
Critical - No
78 Frontpage Server Extensions Password File Pointer (service.stp)
Low - No
81 Frontpage Server Extensions Configuration Disclosure Low - No
156 Apache Configuration Information Disclosure (server-info) Medium - No
546 Frontpage Server Extensions Administrator List (service.grp) Medium - No
547 Frontpage Server Extensions Sub-web Creation File (services.org)
Low - No
580 IIS repost.asp Arbitrary File Upload High - No
581 IIS postinfo.asp Arbitrary File Upload High - No
586 GWScripts News Publisher Author Administration Medium - No
591 WebSite Pro Arbitrary File Upload High - No
592 WebSite Pro Arbitrary File Upload High - No
596 WWW-SQL Authorization Control Bypass High - No
602 Thatware Administrative Access High - No
630 Formmail Detection Medium - No
632 ColdFusion Expression Evaluator Medium - No
633 ColdFusion Expression Evaluator (sendmail) Medium - No
635 ColdFusion Expression Evaluator(openfile) Medium - No
636 ColdFusion Default Web Application (displayopenedfile.cfm) Medium - No
637 ColdFusion Example Application Arbitrary File Upload (getfile.cfm)
High - No
639 ColdFusion Example Application Arbitrary File Upload (getfile.cfm)
High - No
661 IIS/Site Server Arbitrary File Upload Medium - No
662 IIS/Site Server Arbitrary File Upload (uploadx.asp) Medium - No
663 IIS/Site Server Arbitrary File Upload (upload.asp) Medium - No
665 Account Manager admin access Medium - No
623 CDomainFree File Exposure High - No
Report Date: 12/12/2017 7
Insufficient Authorization Severity Pass/Fail Tested
718 Frontpage Server Extensions Web Database Dependency (deptodoc.btr)
Low - No
721 Frontpage Server Extensions Web Navigational Information (structure.cnf)
Low - No
722 Frontpage Author Password File Retrieval (users.pwd) High - No
723 Frontpage Server Extensions Sub-Web Permissions File (uniqueperm.cnf)
Low - No
725 Frontpage Server Extensions WebBots Listing (botinfs.cnf) Low - No
697 wwwcount Remote File Viewing Vulnerability Low - No
758 Infonautics getdoc.cgi Remote document Viewing Vulnerability Low - No
761 nph-test-cgi Remote File System Viewing Vulnerability High - No
764 WS_FTP Log (ws_ftp.log) Medium Fail Yes
785 Backdoor - rwwwshell.pl Low - No
794 AXS Visitor Tracking Administrative Interface Low Pass Yes
821 WebEvent Administrative Access High - No
936 WS_FTP Configuration (WS_FTP.ini) High Pass Yes
937 WS_FTP Configuration (ws_ftp.ini) High - No
942 Netscape Server Configuration Information Medium - No
890 Unify eWave UploadServlet Arbitrary File Upload Critical - No
898 Subscribe Me Administrative Access Low - No
903 SilverStream Administrative Access High - No
909 Possible File Upload Capability Low Pass Yes
1345 Administration Application (admin.dat) Low - No
1346 Administration Application (admin.data) Low - No
1347 Administration Application (admin.txt) High - No
1350 Administration Application (admin.dbf) Low - No
1351 Administration Application (admin.ini) High - No
1352 Administration Application (admin.db) Low - No
1353 Administration Application (admin.cfg) Critical - No
1354 Administration Application (admin.exe) Low - No
1355 Administration Application (admin.htx) Low - No
1356 Administration Application (admin.lst) Low - No
1358 Administration Application (admin.pl) Low - No
1362 NeoWebScript Default Application (senvironment.nhtml) Low - No
1363 NeoWebScript Default Application (load_webenv.nhtml) Low - No
1364 NeoWebScript Default Application (mailtest.html) Low - No
1368 Debug Application (debug.txt) High Fail Yes
1369 Debug Application (debug.asp) Low - No
1370 Debug Application (debug.cgi) High - No
1371 Debug Application (debug.htm) Low - No
1372 Debug Application (debug.html) Low - No
1373 Debug Application (debug.cfg) Low - No
1374 Debug Application (debug.dat) High - No
Report Date: 12/12/2017 8
Insufficient Authorization Severity Pass/Fail Tested
1375 Debug Application (debug.pl) Low - No
1412 File (orders.html) Low - No
1413 File (orders.asp) Low - No
872 Unicode Folder (msadc) Low Pass Yes
1496 Oracle Application Server WebDB Administrative Access High - No
1497 Oracle Application Server PLSQL Administrative Access Critical - No
1811 WebDriver Administration Interface High - No
1870 Cobalt RaQ2/RaQ3 cgiwrap Bypass High - No
1871 Edit.pl Application Low - No
1873 IIS Newdsn Arbitrary File Creation High - No
1875 Af.cgi Application Low - No
1902 Lotus Domino Arbitrary File Source Disclosure (/.nsf/../) High - No
1910 IIS getdrvrs.exe Arbitrary File Creation High - No
1912 Submit.cgi Application Low - No
1894 Allmanage Remote administration Medium - No
1920 Pu3.pl Vulnerability Low - No
1956 ColdFusion Server Shutdown Medium - No
1965 Source.asp Arbitrary File Creation Medium - No
2027 Lotus Domino Arbitrary File Source Disclosure (/%00%00.nsf/../)
High - No
2028 Lotus Domino Arbitrary File Source Disclosure (/%00%20.nsf/../)
High - No
2029 Lotus Domino Arbitrary File Source Disclosure (/%00%c0%af.nsf/../)
High - No
2030 Lotus Domino Arbitrary File Source Disclosure (/%00...nsf/../) High - No
2031 Lotus Domino Arbitrary File Source Disclosure (/%00.nsf//../) High - No
2032 Lotus Domino Arbitrary File Source Disclosure (/%00.nsf/../) High - No
2033 Lotus Domino Arbitrary File Source Disclosure (/%00...nsf/..//) High - No
2034 Lotus Domino Arbitrary File Source Disclosure (/%00.nsf/../) High - No
2035 Lotus Domino Arbitrary File Source Disclosure (/%00.nsf.nsf/../)
High - No
2036 Lotus Domino Arbitrary File Source Disclosure (/%20%00.nsf/../)
High - No
2037 Lotus Domino Arbitrary File Source Disclosure (/%20.nsf//../) High - No
2038 Lotus Domino Arbitrary File Source Disclosure (/%20.nsf/..//) High - No
2039 Lotus Domino Arbitrary File Source Disclosure (/%c0%af%00.nsf/../)
High - No
2040 Lotus Domino Arbitrary File Source Disclosure (/%c0%af.nsf//../)
High - No
2041 Lotus Domino Arbitrary File Source Disclosure (/%c0%af.nsf/..//)
High - No
2042 Lotus Domino Arbitrary File Source Disclosure (/...nsf//../) High - No
2043 Lotus Domino Arbitrary File Source Disclosure (/...nsf/..//) High - No
2044 Lotus Domino Arbitrary File Source Disclosure (/.nsf///../) High - No
2045 Lotus Domino Arbitrary File Source Disclosure (/.nsf//../) High - No
2046 Lotus Domino Arbitrary File Source Disclosure (/.nsf//..//) High - No
Report Date: 12/12/2017 9
Insufficient Authorization Severity Pass/Fail Tested
2050 Lotus Domino Arbitrary File Source Disclosure (/.nsf%00.nsf/../)
High - No
2052 Lotus Domino Arbitrary File Source Disclosure (/.nsf.nsf/..//) High - No
2054 Lotus Domino Arbitrary File Source Disclosure (/.nsf/..//) High - No
2055 Lotus Domino Arbitrary File Source Disclosure (/.nsf/..///) High - No
2057 Lotus Domino Arbitrary File Source Disclosure (/.nsf.nsf//../) High - No
2061 Directory (cgi-bin/.cobalt) High - No
1991 Lotus Domino Database (database.nsf) High - No
1999 ColdFusion Default Web Application (forums_.mdb) Medium - No
2011 ColdFusion Default Web Application (getfile.cfm) Medium - No
2014 Allaire ColdFusion Remote File Display, Deletion, Upload and Execution Vulnerability
Medium - No
2019 Jakarta Tomcat Context Administration High - No
2020 Lotus Domino Database (webadmin.nsf) Info - No
1975 IIS cpshost.dll Arbitrary File Upload Critical - No
2115 Apache Account Information Disclosure (.htpasswd) High Pass Yes
2129 BEA WebLogic Console Administrative Interface Discovery Low - No
2177 WebSite Pro Arbitrary File Upload (args.cmd) High - No
2272 Administrative Interface (add_category.asp) Low - No
2273 Administrative Interface (batch_add.asp) Low - No
2274 Administrative Interface (batch_manage.asp) Low - No
2275 Login Interface (login.asp) Low - No
2282 Administrative Interface (admin.asp) Low Pass Yes
2283 Administrative Interface (admin.cgi) Low Pass Yes
2284 Administrative Interface (admin.html) Low Pass Yes
2285 Administrative Interface (admin.htm) Low Pass Yes
2288 Administrative Interface (accounts.asp) Low - No
2231 ChiliSoft codebrws.asp Critical - No
2237 AdCycle build.cgi Reconfiguration High - No
2840 PHPNuke Multiple Possible Vulnerabilities High - No
2841 GetAccess Arbitrary Java Class Execution High - No
2842 PHProject Multiple Possible Vulnerabilities Critical - No
2892 Lotus Domino OpenServer Database Browsing High - No
2894 Lotus Domino ?ReadEntries Directory Browsing Medium - No
2899 Lotus Domino Database (admin4.nsf) High - No
2900 Lotus Domino Database (admin.nsf) Medium - No
2901 Lotus Domino Database (agentrunner.nsf) High - No
2902 Lotus Domino Database (bookmark.nsf) Low - No
2904 Lotus Domino Database (catalog.nsf) High - No
2905 Lotus Domino Database (certlog.nsf) High - No
2906 Lotus Domino Database (certsrv.nsf) Critical - No
2907 Lotus Domino Database (cldbdir.nsf) High - No
Report Date: 12/12/2017 10
Insufficient Authorization Severity Pass/Fail Tested
2908 Lotus Domino Database (clusta4.nsf) High - No
2909 Lotus Domino Database (collect4.nsf) High - No
2910 Lotus Domino Database (dba4.nsf) Medium - No
2911 Lotus Domino Database (dclf.nsf) Low - No
2912 Lotus Domino Database (decsadm.nsf) High - No
2913 Lotus Domino Database (busytime.nsf) High - No
2914 Lotus Domino Database (dirassist.nsf) Medium - No
2915 Lotus Domino Database (doladmin.nsf) High - No
2916 Lotus Domino Database (domcfg.nsf) High - No
2917 Lotus Domino Database (domguide.nsf) Low - No
2919 Lotus Domino Database (domadmin.nsf) High - No
2920 Lotus Domino Database (domlog.nsf) High - No
2921 Lotus Domino Database (dspug.nsf) Low - No
2922 Lotus Domino Database (events4.nsf) High - No
2923 Lotus Domino Database (events5.nsf) High - No
2924 Lotus Domino Database (events.nsf) High - No
2835 Mambo Site Server Administration High - No
2836 Sambar Server Arbitrary File Creation High - No
2855 Homebet Multiple Possible Vulnerabilities Medium - No
2930 Lotus Domino Database (homepage.nsf) Low - No
2946 Lotus Domino Database (leiadm.nsf) High - No
2947 Lotus Domino Database (leilog.nsf) High - No
2948 Lotus Domino Database (log.nsf) High - No
2949 Lotus Domino Database (mab.nsf) Medium - No
2950 Lotus Domino Database (mtstore.nsf) Medium - No
2951 Lotus Domino Database (mtatbls.nsf) Medium - No
2952 Lotus Domino Database (names.nsf) High - No
2953 Lotus Domino Database (mail.box) High - No
2954 Lotus Domino Database (nntppost.nsf) Medium - No
2955 Lotus Domino Database (ntsync45.nsf) High - No
2957 Lotus Domino Database (qpadmin.nsf) High - No
2958 Lotus Domino Database (reports.nsf) High - No
2962 Lotus Domino Database (main.nsf) Low - No
2965 Lotus Domino Database (schema50.nsf) High - No
2966 Lotus Domino Database (setupweb.nsf) High - No
2967 Lotus Domino Database (smbcfg.nsf) High - No
2968 Lotus Domino Database (smtpobwq.nsf) High - No
2969 Lotus Domino Database (srvnam.nsf) Low - No
2971 Lotus Domino Database (smtpibwq.nsf) High - No
2972 Lotus Domino Database (statmail.nsf) High - No
2973 Lotus Domino Database (leivlt.nsf) Medium - No
Report Date: 12/12/2017 11
Insufficient Authorization Severity Pass/Fail Tested
2974 Lotus Domino Database (statrep.nsf) High - No
2975 Lotus Domino Database (stauths.nsf) High - No
2976 Lotus Domino Database (stautht.nsf) High - No
2977 Lotus Domino Database (stconfig.nsf) High - No
2978 Lotus Domino Database (stconf.nsf) High - No
2979 Lotus Domino Database (stdomino.nsf) High - No
2980 Lotus Domino Database (stlog.nsf) High - No
2981 Lotus Domino Database (streg.nsf) High - No
2982 Lotus Domino Database (stsrc.nsf) Medium - No
2984 Lotus Domino Database (web.nsf) Low - No
2985 Lotus Domino Database (userreg.nsf) Medium - No
2986 Lotus Domino Database (vpuserinfo.nsf) High - No
2987 Lotus Domino ?Open Database Browsing High - No
2988 Lotus Domino !OpenServer Database Browsing High - No
2989 Lotus Domino !Open Database Browsing High - No
2990 Lotus Domino 250 Plus Webadmin.ntf Access High - No
3014 Lotus Domino Database (cpa.nsf) Medium - No
3017 Oracle Application Server owa_util.showsource High - No
3018 Oracle Application Server owa_util.signature Low - No
3019 Oracle Application Server owa_util.show_query_columns High - No
3020 Oracle Application Server owa_util.listprint Critical - No
3023 Oracle Application Server Default Application (dms0) High - No
3024 Oracle Application Server Default Application (/dmsdump) High - No
3025 Oracle Application Server Default Application (/serlvet/spy) High - No
3026 Oracle Application Server Default Application (/soap/servlet/spy)
High - No
3027 Oracle Application Server Default Application (/dms/aggrespy) High - No
3028 Oracle Application Server Default Application (/oprocmgr-status)
High - No
3029 Oracle Application Server Default Application (/oprocmgr-service)
High - No
3030 Oracle Application Server Default Application (/demo) Medium - No
3032 Oracle Application Server Default Application (/fcgi-bin/echo) Low - No
3033 Oracle Application Server Default Application (/fcgi-bin/echo2) Low - No
3035 Oracle Application Server SOAP Administration High - No
3036 Oracle Application Server SOAP Administration High - No
3039 Oracle Application Server XSQLServlet XML File Viewing High - No
3082 WebSphere Samples (NCSamples) High - No
4951 .NET Resource Files Medium - No
4952 .NET Resource Files Medium Pass Yes
4953 .NET Solution File Search High - No
4954 .NET VB Source Code High Pass Yes
4955 .NET C# Source Code High Pass Yes
Report Date: 12/12/2017 12
Insufficient Authorization Severity Pass/Fail Tested
4956 .NET VB Project File Search High - No
4957 .NET C# Project File Search High - No
4964 .NET Build Output File Medium - No
5066 Directory Indexing of Any Directory on Host in WebSTAR (5.3.2 and below)
High - No
5085 RiSearch and RiSearch Pro Multiple Vulnerabilities Critical - No
5126 AJ-Fork Directory Permissions Vulnerability Critical - No
5169 MyCart Discloses Settings Information to Remote Users Medium - No
5189 ASP Calendar Administrative Access Vulnerability Critical - No
5199 Blog Torrent Arbitrary File Downloading Vulnerability Critical - No
5204 Centre Grants Administrative Access to Remote Users Critical - No
5233 OutStart Participate Discloses Directories to Remote Users Critical - No
5336 ImageGallery Discloses Database to Remote Users High - No
5402 Keene Digital Media Server Administrative Access High - No
5419 68 Designs Froogle Uploader Administrative Access Vulnerability
High - No
5442 Web Content Management Administrative Access Critical Pass Yes
5494 Hesk 'admin_main.php' Administrative Access Critical - No
5496 JBoss Administration Console Access Critical Pass Yes
5508 Silent Storm Privillege Escalation and Cross-Site Scripting High - No
5553 BEA WebLogic role-name Tag Error Medium - No
5583 Help Desk Reloaded Re-Install Vulnerability High - No
5585 Cassini Development Server Access Vulnerability Critical - No
5668 Login Interface (login.aspx) Low - No
5669 Login Interface (login.do) Low - No
5670 Default Page (default.asp) Info - No
5671 Default Page (default.aspx) Info - No
10168 Default Page (localstart.asp) Info - No
10243 Basic Auth Evasion High - No
10296 BadBlue Arbitrary File Upload High - No
10543 Set-Cookie does not use HTTPOnly Keyword Low Pass Yes
10582 IIS uploadn.asp Arbitrary File Upload High - No
10628 Possible Authentication Misconfiguration (Status Code) Info Pass Yes
10629 Possible Authentication Misconfiguration (WWW-Authenticate) Info Pass Yes
10957 FCKeditor test.html Arbitrary File Upload High Pass Yes
11213 PHP Debug Application (debug.php3) Low - No
11214 PHP Debug Application (debug.php4) Low - No
11215 PHP Debug Application (debug.php5) Low - No
11216 PHP Admin Application (admin.php) Low - No
11217 PHP Admin Application (admin.php3) Low - No
11218 PHP Admin Application (admin.php4) Low - No
11219 PHP Admin Application (admin.php5) Low - No
Report Date: 12/12/2017 13
Insufficient Authorization Severity Pass/Fail Tested
11224 PHP Password Page (password.php) Low - No
11388 Privilege Escalation Critical - No
11389 Privilege Escalation Critical - No
11394 Unauthorized access to resource High - No
Insufficient Session Expiration Severity Pass/Fail Tested
11382 Insufficient Session Expiration - IIS High Pass Yes
11348 Insufficient Session Expiration - Java based Server High Pass Yes
4728 Persistent Cookies Medium Pass Yes
Session Fixation Severity Pass/Fail Tested
11305 OAuth Version Vulnerable to Session Fixation Found High Pass Yes
11201 Session Fixation High Pass Yes
IA-2: Identification and Authentication (Organizational Users)
The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).
Brute Force Severity Pass/Fail Tested
3574 Frontpage Author Password File Retrieval (administrators.pwd) High - No
2065 Formvarconfiguration.exe Multiple Possible Vulnerabilities Critical - No
2066 Formvar.bot Multiple Possible Vulnerabilities Critical - No
2067 comments.txt Multiple Possible Vulnerabilities High - No
2063 Formvar.top Multiple Possible Vulnerabilities Critical - No
2064 Formvar.ini Multiple Possible Vulnerabilities Critical - No
1442 SMTP Web Application Multiple Possible Vulnerabilities (clemail.exe)
Critical - No
1443 SMTP Web Application Multiple Possible Vulnerabilities (comments.exe)
Critical - No
1444 SMTP Web Application Multiple Possible Vulnerabilities (Formvar.exe)
Critical - No
1445 SMTP Web Application Multiple Possible Vulnerabilities (gbmail.exe)
Critical - No
1446 SMTP Web Application Multiple Possible Vulnerabilities (mailform.exe)
Critical - No
538 IIS Web Server Account Manipulation (anot3.htr) Low - No
536 IIS Web Server Account Manipulation (aexp4b.htr) Low - No
537 IIS Web Server Account Manipulation (anot.htr) Low - No
10346 Possible Insecure Cryptographic Hash (SHA-0/SHA-1) Best Practices Pass Yes
Insufficient Authentication Severity Pass/Fail Tested
10335 WordPress Footnotes Plugin Administration Page Authentication Bypass
High Pass Yes
10595 Unencrypted Login Form High Fail Yes
10463 PHP Login Application Low - No
10493 Mole Settings Pages Authentication Bypass High Pass Yes
10512 HTTP Basic Logins Sent Over Unencrypted Connection High Fail Yes
5447 Gravity Board X Arbitrary Code Execution and SQL Injection Critical - No
5388 phpAuction SQL Injection and Authentication Bypass Critical - No
5320 PHPCart Authentication Flaw Critical - No
Report Date: 12/12/2017 14
Insufficient Authentication Severity Pass/Fail Tested
5235 xGB Grants Administrative Access to Remote Users Critical - No
5189 ASP Calendar Administrative Access Vulnerability Critical - No
5208 Novell GroupWise WebAccess Error Modules Loading Vulnerability
Critical - No
5153 ASP.NET Unhashed Viewstate Agent Medium Pass Yes
5083 Litecommerce Installation Script May Let Remote Users Gain Administrative Access
High - No
5079 WpQuiz Gain Admin Rights Exploit Critical - No
5063 Multiple vulnerabilities in JAWS High - No
530 IIS Web Server Account Manipulation (achg.htr) Low - No
535 IIS Web Server Account Manipulation (aexp4.htr) Low - No
571 Contivity Server Administrative Interface High - No
572 Calendar.pl Arbitrary Command Execution Critical - No
573 Calendar_admin.pl Arbitrary Command Execution Critical - No
605 PlusMail Adminstrative Access Medium - No
610 CyberOffice Shopping Cart Database Download Critical - No
589 PHPNuke Administrative Access Medium - No
365 WebLog Administrative Access Bypass High - No
383 Siteminder Administration Interface Medium - No
531 IIS Web Server Account Manipulation (aexp.htr) Low - No
532 IIS Web Server Account Manipulation (aexp2.htr) Low - No
533 IIS Web Server Account Manipulation (aexp2b.htr) Low - No
534 IIS Web Server Account Manipulation (aexp3.htr) Low - No
144 IIS ism.dll Multiple Possible Vulnerabilities Critical - No
38 Apache Access Control List Disclosure (.htaccess) Medium Pass Yes
833 News Update Administrative Access Medium - No
776 Form.cgi Issue Low - No
777 Message.cgi Issue Low - No
774 WebUtils Issue Low - No
690 Progress WebSpeed Administration Medium - No
692 Nortel Contivity Switch Remote Administration Vulnerability High - No
624 EWS Password file exposure2 Medium - No
544 MultiHTML Remote Shell Access Critical - No
887 Catalyst 3500 XL Arbitrary Command Execution Critical - No
1847 News Desk Arbitrary Command Execution Critical - No
1535 InterShop Administration Interface Medium - No
1928 Sambar Administrative Interface High - No
1929 Trend Micro OfficeScan Administration Medium - No
1930 Frontpage Server Extensions Exploit Low - No
1933 Import.txt Low - No
1936 Check.txt Issue Low - No
1912 Submit.cgi Application Low - No
Report Date: 12/12/2017 15
Insufficient Authentication Severity Pass/Fail Tested
1889 Cobalt RaQ siteUserMod.cgi Privilege Escalation Medium - No
1893 Allmanage Administrative Password Reveal Medium - No
1536 Intershop DataCash Cartridge Administration Interface Medium - No
1875 Af.cgi Application Low - No
1885 Unlg1.1 Application Low - No
1886 Unlg1.2 Application Low - No
1425 phpWebLog Administrative Access High - No
789 stats.prf Issue Low - No
790 architext_query.cgi Exploit Low - No
791 filemail.pl Issue Low - No
1990 cgi-lib.pl Exploit Low - No
2129 BEA WebLogic Console Administrative Interface Discovery Low - No
2111 Apache Access Log Information Disclosure (access.log) Medium Pass Yes
2113 Apache Access Log Information Disclosure (access_log) Medium Pass Yes
2303 Cobalt RaQ networker.cgi Log Information Disclosure Critical - No
2320 Frontpage Server Frontpage Server Extensions htimage.exe Multiple Vulnerabilities
High - No
2181 calendar_admin.pl Arbitrary Command Execution Critical Pass Yes
1978 Cache Manager Administrative Interface Medium - No
1979 Admnlogin Issue Low - No
1983 Srchadm Issue Low - No
1984 htmldocs Issue Low - No
1985 Visitor.exe Issue Low - No
1986 Redir.exe Issue Low - No
1988 Stats.prg Issue Low - No
1989 Minimal.exe Issue Low - No
1973 nlog-smb.cgi Issue Low - No
1964 Java Web Server Arbitrary Command Execution High - No
1955 cgiback.cgi Issue Low - No
1942 Tablebuild.pl Issue Low - No
1951 Sambar Arbitrary File Creation/Deletion/Disclosure (echo.bat) Critical - No
1952 Sambar Arbitrary File Creation/Deletion/Disclosure (hello.bat) Critical - No
1954 fm_shell.asp Issue Low - No
1937 Checks.txt Issue Low - No
1938 FrontPage Server Extensions Administration Interface (fpadmin.htm)
High - No
1939 Contents.htm Issue Low - No
1940 WebSTART%20LOG Issue Low - No
1943 displayTC.pl Issue Low - No
1944 c_download.cgi Issue Low - No
1945 ntitar.pl Issue Low - No
1946 Enter.cgi Issue Low - No
Report Date: 12/12/2017 16
Insufficient Authentication Severity Pass/Fail Tested
3036 Oracle Application Server SOAP Administration High - No
3038 Oracle Application Server SOAP Configuration High - No
3120 WebSphere Configuration Information Disclosure (svrctrl.ini) Critical - No
3121 WebSphere Configuration Information Disclosure (db2www.ini) Critical - No
3123 WebSphere Configuration Information Disclosure (srvrctrl.conf) Critical - No
3149 WebSphere Configuration Information Disclosure (ncommerce.conf)
Critical - No
3008 Forte Examples SQLDemo High - No
2839 phpMyAdmin Arbitrary Command Execution Critical - No
3021 Oracle Application Server DAD Administration High - No
2941 Hosting Controller Stats Browse High - No
2942 Hosting Controller Stats Browse High - No
2943 Hosting Controller Stats Browse High - No
2944 Hosting Controller Stats Browse High - No
2928 Hosting Controller Serv-U Browse High - No
2929 Hosting Controller Serv-U Browse High - No
2926 Hosting Controller Stats Browse High - No
2927 Hosting Controller Stats Browse High - No
2855 Homebet Multiple Possible Vulnerabilities Medium - No
2931 Hosting Controller Serv-U Browse High - No
2932 Hosting Controller Browse Disk High - No
2933 Hosting Controller Browse Disk High - No
2934 FAQManager Nullbyte High - No
2935 Hosting Controller Stats Browse High - No
2936 Hosting Controller Stats Browse High - No
2937 Hosting Controller Stats Browse High - No
2939 Hosting Controller Stats Browse High - No
2940 Hosting Controller Stats Browse High - No
2925 Hosting Controller Stats Browse High - No
2754 Apache Access Control List Disclosure (.access) Medium Pass Yes
3543 Novell NetWare Filesystem Browsing High - No
3550 PHP Affiliate Authentication Bypass Medium - No
3501 Easy Homepage Creator Possible Application Administration High - No
3701 SurfControl SuperScout Multiple Vulnerabilities High - No
3668 Apache User Misconfiguration (File Access) High - No
3683 HamWeather Administration High - No
3656 NetDetector Database Access High - No
3631 WebFocus Administrative Access Medium - No
3646 Apache Access Control List Disclosure Backup Medium Pass Yes
3397 PHP Trouble Ticket Possible Application Administration High - No
3347 Novell Groupwise ServletManager Application Administration High Pass Yes
3430 PHPAuction Application Adminstration High - No
Report Date: 12/12/2017 17
Insufficient Authentication Severity Pass/Fail Tested
3331 Anthill Cross-Site Scripting High - No
3199 ASPJar Application Administration Medium - No
3119 WebSphere Configuration Information Disclosure (ncommerce.ini)
Critical - No
3150 StepWeb Search Administrative Access High - No
3182 Sympoll Voting System Application Administration High - No
3314 BSCW Arbitrary User Registration Medium - No
3240 Easynews Arbitrary File Modification Critical - No
3252 PGP Keyserver Possible Web Application Administration High - No
4722 Logins Sent Over Unencrypted Connection High Fail Yes
4723 Logins Sent Over Query Best Practices Pass Yes
4724 Password Field Masked Medium Pass Yes
4725 Certificate Hostname Discrepancy Medium Pass Yes
4720 SSL Cookie Not Used Medium Pass Yes
4721 Admin Section Must Require Authentication High Pass Yes
4584 MatrikzGB Web Application Administration High - No
4629 Webalizer Usage Page Discovery Low Pass Yes
4419 Owl Intranet Authentication Failure Medium - No
4868 Web Connection API Error Log Medium - No
4866 Web Connection API Maint ShowStatus Medium - No
4867 Web Connection API DLL Error Log Medium - No
4863 Web Connection API EditConfig Critical - No
4864 Web Connection API ShowStatus High - No
4865 Web Connection API ShowLog Medium - No
4834 OpenJournal Failure To Require Authentication Medium - No
4373 BadBlue Web Application Administration Medium - No
4395 TrueGalerie Web Application Administration Medium - No
4318 Uploader.php Failure To Require Authentication Low - No
4314 Mambo Site Server Failure To Require Authentication Medium - No
4246 Versatile BulletinBoard Application Administration High - No
3810 Versatile BulletinBoard Application Administration High - No
3760 phpBB admin_ug_auth.php Privilege Elevation High - No
3777 SSL Policy Enforcement Issue Low Pass Yes
3786 Netscape Enterprise Server Web Publisher Access Critical - No
11202 Arbitrary File Upload High Pass Yes
10972 DotNetNuke Arbitrary File Upload High Pass Yes
11542 Unencrypted Login Form High - No
11543 SSL Cookie Not Used Medium - No
10666 Oracle Application Server Portal Authentication Bypass Medium Pass Yes
10703 Certificate Expired Medium Pass Yes
IA-2: Identification and Authentication (Organizational Users)
(8) identification and authentication | network access to privileged accounts - replay resistant
The information system implements replay-resistant authentication mechanisms for network access to privileged accounts.Report Date: 12/12/2017 18
The information system implements replay-resistant authentication mechanisms for network access to privileged accounts.
Credential/Session Prediction Severity Pass/Fail Tested
3277 Sun NetDynamics ndCGI.exe Session Hijacking High Pass Yes
3274 wbbboard action.php Session Hijacking High - No
Insufficient Session Expiration Severity Pass/Fail Tested
4728 Persistent Cookies Medium Pass Yes
11382 Insufficient Session Expiration - IIS High Pass Yes
11348 Insufficient Session Expiration - Java based Server High Pass Yes
Session Fixation Severity Pass/Fail Tested
11305 OAuth Version Vulnerable to Session Fixation Found High Pass Yes
11201 Session Fixation High Pass Yes
IA-2: Identification and Authentication (Organizational Users)
(9) identification and authentication | network access to non-privileged accounts - replay resistant
The information system implements replay-resistant authentication mechanisms for network access to non-privileged accounts.
Credential/Session Prediction Severity Pass/Fail Tested
3274 wbbboard action.php Session Hijacking High - No
3277 Sun NetDynamics ndCGI.exe Session Hijacking High Pass Yes
Insufficient Session Expiration Severity Pass/Fail Tested
4728 Persistent Cookies Medium Pass Yes
11348 Insufficient Session Expiration - Java based Server High Pass Yes
11382 Insufficient Session Expiration - IIS High Pass Yes
Session Fixation Severity Pass/Fail Tested
11201 Session Fixation High Pass Yes
11305 OAuth Version Vulnerable to Session Fixation Found High Pass Yes
IA-6: Authenticator Feedback
The information system obscures feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.
Specific Checks Severity Pass/Fail Tested
11224 PHP Password Page (password.php) Low - No
11225 PHP Password Page (password.php3) Low - No
11226 PHP Password Page (password.php4) Low - No
11227 PHP Password Page (password.php5) Low - No
11236 PHP Password Page (passwords.php) Low - No
11237 PHP Password Page (passwords.php3) Low - No
11238 PHP Password Page (passwords.php4) Low - No
11239 PHP Password Page (passwords.php5) Low - No
11276 Password Field Auto Complete Active Low Pass Yes
11220 PHP Password Page (pass.php3) Low - No
11221 PHP Password Page (pass.php) Low - No
10725 Softbiz Classifieds Script lostpassword.php Cross-Site Scripting Medium Pass Yes
10786 Possible Database Connection String (Access OleDb with MS Jet With Password)
High Pass Yes
10806 ADOVBS Username/Password Information Disclosure High - No
Report Date: 12/12/2017 19
Specific Checks Severity Pass/Fail Tested
4724 Password Field Masked Medium Pass Yes
3797 BEA Weblogic UDDISetPasswordServlet Default Application Discovery
Low - No
3389 csPassword.cgi Possible Information Disclosure Medium - No
3507 EUpload Password File Disclosure Medium - No
3574 Frontpage Author Password File Retrieval (administrators.pwd) High - No
1256 Account Information Disclosure (password) Critical - No
1258 Account Information Disclosure (password.htm) Low - No
1259 Account Information Disclosure (password.html) Low - No
1260 Account Information Disclosure (password.dat) Critical - No
1261 Account Information Disclosure (password.data) Critical - No
1262 Account Information Disclosure (password.txt) Critical - No
1263 Account Information Disclosure (password.asp) Low - No
1264 Account Information Disclosure (password.dbf) Critical - No
1265 Account Information Disclosure (password.ini) Critical - No
1266 Account Information Disclosure (password.db) Critical - No
1267 Account Information Disclosure (password.cfg) Critical - No
1268 Account Information Disclosure (password.exe) Low - No
1269 Account Information Disclosure (password.htx) Low - No
1270 Account Information Disclosure (password.lst) Critical - No
1271 Account Information Disclosure (password.php) Low - No
1272 Account Information Disclosure (password.cgi) Low - No
1273 Account Information Disclosure (password.pl) Low - No
1274 Account Information Disclosure (password.php3) Low - No
1275 Account Information Disclosure (passwords.htm) Low - No
1276 Account Information Disclosure (passwords.html) Low - No
1277 Account Information Disclosure (passwords.dat) Critical - No
1278 Account Information Disclosure (passwords.data) Critical - No
1279 Account Information Disclosure (passwords.txt) Critical - No
1280 Account Information Disclosure (passwords.asp) Low - No
1281 Account Information Disclosure (passwords.dbf) Low - No
1282 Account Information Disclosure (passwords.ini) Critical - No
1283 Account Information Disclosure (passwords.db) Critical - No
1284 Account Information Disclosure (passwords.cfg) Critical - No
1285 Account Information Disclosure (passwords.exe) Low - No
1286 Account Information Disclosure (passwords.htx) Low - No
1287 Account Information Disclosure (passwords.php) Low - No
1288 Account Information Disclosure (passwords.lst) Critical - No
1289 Account Information Disclosure (passwords.cgi) Low - No
1290 Account Information Disclosure (passwords.pl) Low - No
1291 Account Information Disclosure (passwords.php3) Low - No
1896 Hot Area Banner open password file Medium - No
Report Date: 12/12/2017 20
Specific Checks Severity Pass/Fail Tested
1893 Allmanage Administrative Password Reveal Medium - No
1476 Unix Password File (/etc/passwd) High - No
624 EWS Password file exposure2 Medium - No
722 Frontpage Author Password File Retrieval (users.pwd) High - No
763 WEBgais Websendmail Password File Retrieval Vulnerability High - No
22 Frontpage Server Extensions Encrypted Password File (service.pwd)
Critical - No
35 Frontpage Server Extensions Encrypted Password File (authors.pwd)
Critical - No
78 Frontpage Server Extensions Password File Pointer (service.stp)
Low - No
5226 aeNovo Discloses Database and Administrative Password to Remote Users
Critical - No
5311 Cookie Cart Password File Disclosure Critical - No
5264 TowerBlog! Discloses Hashed Administrative Password Critical - No
5390 PHP-Blogger E-mail address and Password Disclosure Vulnerability
Critical - No
5517 CA Unicenter Common Services Database Password Disclosure Low - No
10489 BolinOS gBPassword.php Cross-Site Scripting Medium Pass Yes
10551 Possible Username or Password Disclosure High - No
10341 PHP-Blogger pref.db Password Disclosure High Pass Yes
10332 MyWebFTP pass.txt Password Disclosure Critical Pass Yes
10359 MyWebFTP Admin Password Disclosure High Pass Yes
10402 EZPhotoSales Gallery Password Disclosure High Pass Yes
10405 EZPhotoSales Admin Password Disclosure High Pass Yes
10443 EasyNews install.php Database Password Disclosure High Pass Yes
10167 Password in Query or Cookie Data High Fail Yes
5626 Possible Database Connection String (Access OleDb with MS Jet With Password)
Critical Pass Yes
5549 BEA WebLogic Password Disclosure Vulnerability Low - No
IA-8: Identification and Authentication (Non-Organizational Users)
The information system uniquely identifies and authenticates non-organizational users (or processes acting on behalf of non-organizational users).
Brute Force Severity Pass/Fail Tested
10346 Possible Insecure Cryptographic Hash (SHA-0/SHA-1) Best Practices Pass Yes
536 IIS Web Server Account Manipulation (aexp4b.htr) Low - No
537 IIS Web Server Account Manipulation (anot.htr) Low - No
538 IIS Web Server Account Manipulation (anot3.htr) Low - No
1442 SMTP Web Application Multiple Possible Vulnerabilities (clemail.exe)
Critical - No
1443 SMTP Web Application Multiple Possible Vulnerabilities (comments.exe)
Critical - No
1444 SMTP Web Application Multiple Possible Vulnerabilities (Formvar.exe)
Critical - No
1445 SMTP Web Application Multiple Possible Vulnerabilities (gbmail.exe)
Critical - No
1446 SMTP Web Application Multiple Possible Vulnerabilities (mailform.exe)
Critical - No
Report Date: 12/12/2017 21
Brute Force Severity Pass/Fail Tested
2067 comments.txt Multiple Possible Vulnerabilities High - No
2065 Formvarconfiguration.exe Multiple Possible Vulnerabilities Critical - No
2066 Formvar.bot Multiple Possible Vulnerabilities Critical - No
2063 Formvar.top Multiple Possible Vulnerabilities Critical - No
2064 Formvar.ini Multiple Possible Vulnerabilities Critical - No
3574 Frontpage Author Password File Retrieval (administrators.pwd) High - No
Insufficient Authentication Severity Pass/Fail Tested
3550 PHP Affiliate Authentication Bypass Medium - No
3543 Novell NetWare Filesystem Browsing High - No
3501 Easy Homepage Creator Possible Application Administration High - No
3646 Apache Access Control List Disclosure Backup Medium Pass Yes
3631 WebFocus Administrative Access Medium - No
3656 NetDetector Database Access High - No
3683 HamWeather Administration High - No
3668 Apache User Misconfiguration (File Access) High - No
3701 SurfControl SuperScout Multiple Vulnerabilities High - No
3397 PHP Trouble Ticket Possible Application Administration High - No
3430 PHPAuction Application Adminstration High - No
3331 Anthill Cross-Site Scripting High - No
3347 Novell Groupwise ServletManager Application Administration High Pass Yes
3314 BSCW Arbitrary User Registration Medium - No
3252 PGP Keyserver Possible Web Application Administration High - No
3240 Easynews Arbitrary File Modification Critical - No
3182 Sympoll Voting System Application Administration High - No
3119 WebSphere Configuration Information Disclosure (ncommerce.ini)
Critical - No
3120 WebSphere Configuration Information Disclosure (svrctrl.ini) Critical - No
3199 ASPJar Application Administration Medium - No
3810 Versatile BulletinBoard Application Administration High - No
4246 Versatile BulletinBoard Application Administration High - No
3786 Netscape Enterprise Server Web Publisher Access Critical - No
3777 SSL Policy Enforcement Issue Low Pass Yes
3760 phpBB admin_ug_auth.php Privilege Elevation High - No
4314 Mambo Site Server Failure To Require Authentication Medium - No
4318 Uploader.php Failure To Require Authentication Low - No
4373 BadBlue Web Application Administration Medium - No
4395 TrueGalerie Web Application Administration Medium - No
4725 Certificate Hostname Discrepancy Medium Pass Yes
4723 Logins Sent Over Query Best Practices Pass Yes
4724 Password Field Masked Medium Pass Yes
4721 Admin Section Must Require Authentication High Pass Yes
4722 Logins Sent Over Unencrypted Connection High Fail Yes
Report Date: 12/12/2017 22
Insufficient Authentication Severity Pass/Fail Tested
4720 SSL Cookie Not Used Medium Pass Yes
4419 Owl Intranet Authentication Failure Medium - No
4629 Webalizer Usage Page Discovery Low Pass Yes
4584 MatrikzGB Web Application Administration High - No
4834 OpenJournal Failure To Require Authentication Medium - No
4865 Web Connection API ShowLog Medium - No
4866 Web Connection API Maint ShowStatus Medium - No
4863 Web Connection API EditConfig Critical - No
4864 Web Connection API ShowStatus High - No
4867 Web Connection API DLL Error Log Medium - No
4868 Web Connection API Error Log Medium - No
1978 Cache Manager Administrative Interface Medium - No
2113 Apache Access Log Information Disclosure (access_log) Medium Pass Yes
2129 BEA WebLogic Console Administrative Interface Discovery Low - No
2181 calendar_admin.pl Arbitrary Command Execution Critical Pass Yes
2111 Apache Access Log Information Disclosure (access.log) Medium Pass Yes
2303 Cobalt RaQ networker.cgi Log Information Disclosure Critical - No
1946 Enter.cgi Issue Low - No
1951 Sambar Arbitrary File Creation/Deletion/Disclosure (echo.bat) Critical - No
1944 c_download.cgi Issue Low - No
1945 ntitar.pl Issue Low - No
1940 WebSTART%20LOG Issue Low - No
1938 FrontPage Server Extensions Administration Interface (fpadmin.htm)
High - No
1939 Contents.htm Issue Low - No
1955 cgiback.cgi Issue Low - No
1952 Sambar Arbitrary File Creation/Deletion/Disclosure (hello.bat) Critical - No
1954 fm_shell.asp Issue Low - No
1942 Tablebuild.pl Issue Low - No
1943 displayTC.pl Issue Low - No
1964 Java Web Server Arbitrary Command Execution High - No
1973 nlog-smb.cgi Issue Low - No
1989 Minimal.exe Issue Low - No
1990 cgi-lib.pl Exploit Low - No
1986 Redir.exe Issue Low - No
1988 Stats.prg Issue Low - No
1984 htmldocs Issue Low - No
1985 Visitor.exe Issue Low - No
1979 Admnlogin Issue Low - No
1983 Srchadm Issue Low - No
2754 Apache Access Control List Disclosure (.access) Medium Pass Yes
Report Date: 12/12/2017 23
Insufficient Authentication Severity Pass/Fail Tested
2320 Frontpage Server Frontpage Server Extensions htimage.exe Multiple Vulnerabilities
High - No
2925 Hosting Controller Stats Browse High - No
2926 Hosting Controller Stats Browse High - No
2940 Hosting Controller Stats Browse High - No
2941 Hosting Controller Stats Browse High - No
2937 Hosting Controller Stats Browse High - No
2939 Hosting Controller Stats Browse High - No
2936 Hosting Controller Stats Browse High - No
2934 FAQManager Nullbyte High - No
2935 Hosting Controller Stats Browse High - No
2932 Hosting Controller Browse Disk High - No
2933 Hosting Controller Browse Disk High - No
2855 Homebet Multiple Possible Vulnerabilities Medium - No
2839 phpMyAdmin Arbitrary Command Execution Critical - No
2927 Hosting Controller Stats Browse High - No
2928 Hosting Controller Serv-U Browse High - No
2929 Hosting Controller Serv-U Browse High - No
2931 Hosting Controller Serv-U Browse High - No
2944 Hosting Controller Stats Browse High - No
2942 Hosting Controller Stats Browse High - No
2943 Hosting Controller Stats Browse High - No
3008 Forte Examples SQLDemo High - No
3021 Oracle Application Server DAD Administration High - No
3036 Oracle Application Server SOAP Administration High - No
3149 WebSphere Configuration Information Disclosure (ncommerce.conf)
Critical - No
3150 StepWeb Search Administrative Access High - No
3121 WebSphere Configuration Information Disclosure (db2www.ini) Critical - No
3123 WebSphere Configuration Information Disclosure (srvrctrl.conf) Critical - No
3038 Oracle Application Server SOAP Configuration High - No
887 Catalyst 3500 XL Arbitrary Command Execution Critical - No
1535 InterShop Administration Interface Medium - No
1536 Intershop DataCash Cartridge Administration Interface Medium - No
1847 News Desk Arbitrary Command Execution Critical - No
1928 Sambar Administrative Interface High - No
1929 Trend Micro OfficeScan Administration Medium - No
1936 Check.txt Issue Low - No
1937 Checks.txt Issue Low - No
1930 Frontpage Server Extensions Exploit Low - No
1933 Import.txt Low - No
1886 Unlg1.2 Application Low - No
Report Date: 12/12/2017 24
Insufficient Authentication Severity Pass/Fail Tested
1889 Cobalt RaQ siteUserMod.cgi Privilege Escalation Medium - No
1893 Allmanage Administrative Password Reveal Medium - No
1875 Af.cgi Application Low - No
1885 Unlg1.1 Application Low - No
1912 Submit.cgi Application Low - No
791 filemail.pl Issue Low - No
789 stats.prf Issue Low - No
790 architext_query.cgi Exploit Low - No
1425 phpWebLog Administrative Access High - No
530 IIS Web Server Account Manipulation (achg.htr) Low - No
531 IIS Web Server Account Manipulation (aexp.htr) Low - No
573 Calendar_admin.pl Arbitrary Command Execution Critical - No
571 Contivity Server Administrative Interface High - No
572 Calendar.pl Arbitrary Command Execution Critical - No
589 PHPNuke Administrative Access Medium - No
610 CyberOffice Shopping Cart Database Download Critical - No
605 PlusMail Adminstrative Access Medium - No
544 MultiHTML Remote Shell Access Critical - No
144 IIS ism.dll Multiple Possible Vulnerabilities Critical - No
38 Apache Access Control List Disclosure (.htaccess) Medium Pass Yes
534 IIS Web Server Account Manipulation (aexp3.htr) Low - No
535 IIS Web Server Account Manipulation (aexp4.htr) Low - No
532 IIS Web Server Account Manipulation (aexp2.htr) Low - No
533 IIS Web Server Account Manipulation (aexp2b.htr) Low - No
365 WebLog Administrative Access Bypass High - No
383 Siteminder Administration Interface Medium - No
774 WebUtils Issue Low - No
776 Form.cgi Issue Low - No
777 Message.cgi Issue Low - No
833 News Update Administrative Access Medium - No
690 Progress WebSpeed Administration Medium - No
692 Nortel Contivity Switch Remote Administration Vulnerability High - No
624 EWS Password file exposure2 Medium - No
10335 WordPress Footnotes Plugin Administration Page Authentication Bypass
High Pass Yes
10595 Unencrypted Login Form High Fail Yes
10512 HTTP Basic Logins Sent Over Unencrypted Connection High Fail Yes
10493 Mole Settings Pages Authentication Bypass High Pass Yes
10463 PHP Login Application Low - No
5447 Gravity Board X Arbitrary Code Execution and SQL Injection Critical - No
5388 phpAuction SQL Injection and Authentication Bypass Critical - No
5320 PHPCart Authentication Flaw Critical - No
Report Date: 12/12/2017 25
Insufficient Authentication Severity Pass/Fail Tested
5235 xGB Grants Administrative Access to Remote Users Critical - No
5208 Novell GroupWise WebAccess Error Modules Loading Vulnerability
Critical - No
5079 WpQuiz Gain Admin Rights Exploit Critical - No
5083 Litecommerce Installation Script May Let Remote Users Gain Administrative Access
High - No
5153 ASP.NET Unhashed Viewstate Agent Medium Pass Yes
5189 ASP Calendar Administrative Access Vulnerability Critical - No
5063 Multiple vulnerabilities in JAWS High - No
10703 Certificate Expired Medium Pass Yes
10666 Oracle Application Server Portal Authentication Bypass Medium Pass Yes
11202 Arbitrary File Upload High Pass Yes
10972 DotNetNuke Arbitrary File Upload High Pass Yes
11542 Unencrypted Login Form High - No
11543 SSL Cookie Not Used Medium - No
IR-9: Information Spillage Response
The organization responds to information spills by:
a. Identifying the specific information involved in the information system contamination;b. Alerting [Assignment: organization-defined personnel or roles] of the information spill using a method of communication not associated with the spill;c. Isolating the contaminated information system or system component;d. Eradicating the information from the contaminated information system or component;e. Identifying other information systems or system components that may have been subsequently contaminated; andf. Performing other [Assignment: organization-defined actions].
[HP WebInspect Operator Notes]The intent of this category is to alert the HP WebInspect operator of potentially sensitive content that was discovered throughout the execution of the scan. HP WebInspect cannot discern whether information is classified or sensitive with absolute certainty, so further analysis is required above and beyond running HP WebInspect.
Information Disclosure Severity Pass/Fail Tested
11378 Weak SSL Protocol - SSLv3 High Pass Yes
11379 SSL Certificate uses MD5 Signature Medium Pass Yes
11380 Usage of Self-Signed Certificate Medium Pass Yes
11381 SSL Certificate Issues Medium Pass Yes
11395 Weak SSL Protocol - TLS v1.0 High Pass Yes
11453 SSL Certificate uses SHA-1 Signature Medium Pass Yes
11481 WEB-INF Directory Copy High Pass Yes
10973 ASP.Net Information Disclosure (Padding Oracle Exploit) Critical Pass Yes
10944 ASP.NET Proxy Script Debug Version Detected Low Pass Yes
10925 ActiveX Control Discovery Low Pass Yes
11286 Weak SSL Protocol - SSLv2 Critical Pass Yes
11290 Session ID Fingerprinting Best Practices Fail Yes
11291 Insecure Cache-control Policy for Session Cookies Medium Pass Yes
11311 WebInspect Agent Findings High Pass Yes
11312 Privacy Violation: Social Security Number Critical Pass Yes
11313 Privacy Violation: Credit Card Number Critical Pass Yes
Report Date: 12/12/2017 26
Information Disclosure Severity Pass/Fail Tested
11316 WebInspect Agent Findings Configuration Best Practices Pass Yes
11337 XML External Entity Injection High Pass Yes
11355 Geolocation Information Disclosure High Pass Yes
11361 Mobile MAC Address Disclosure Low Pass Yes
11342 Sensitive Data in HTML5 Storage Low Pass Yes
11344 Mobile UUID Disclosure Low Pass Yes
11345 Mobile UDID Disclosure Medium Pass Yes
11369 OpenSSL ChangeCipherSpec Man-in-the-Middle MitM Vulnerability
Medium Pass Yes
11371 Email over Insecure Connection Medium Pass Yes
10679 PHP Source Code Disclosure (.phps File) High Pass Yes
10656 BitTorrent File Found Info Pass Yes
10729 ASP.NET Stack Trace Disclosure Medium Pass Yes
10736 ASP.NET Stack Trace (VB) Low Pass Yes
10740 Apache Cocoon Stack Trace Low Pass Yes
10742 Apache Tomcat Default Examples Medium Pass Yes
10478 Application Probing: phpinfo() Info Pass Yes
10479 Phpinfo() Information Disclosure Medium Pass Yes
10530 IIS Sample Web Application Source Code Disclosure (ViewCode.asp)
High Pass Yes
10316 Coppermine Photo Gallery update.php Information Disclosure Low Pass Yes
10317 Coppermine Photo Gallery slideshow.inc.php File Path Disclosure
Low Pass Yes
10272 Possible Local File Inclusion/Reading Vulnerability High Pass Yes
10278 Installed Application: HacmeCasino Info Pass Yes
10344 Possible Insecure Cryptographic Hash (MD Family) Best Practices Pass Yes
10346 Possible Insecure Cryptographic Hash (SHA-0/SHA-1) Best Practices Pass Yes
10365 Common Include Files (.inc) Medium Fail Yes
10261 Source Code Viewing Example Application Medium Pass Yes
10263 Outlook .PST File Disclosure Medium Pass Yes
10264 Installed Application: Squirrelmail Info Pass Yes
10265 Squirrelmail Configtest.php Information Disclosure Low Pass Yes
10267 Installed Application: Drupal Info Pass Yes
10268 Installed Application: Roller Info Pass Yes
10269 .NET Verbose Errors Enabled Medium Pass Yes
SC-5: Denial of Service Protection
The information system protects against or limits the effects of the following types of denial of service attacks: [Assignment: organization-defined types of denial of service attacks or reference to source for such information] by employing [Assignment: organization-defined security safeguards].
Denial of Service Severity Pass/Fail Tested
10189 PHP Nested Array Denial Of Service High - No
5550 Oracle9i AS XML SOAP Processing DoS High - No
5552 BEA WebLogic SSL Denial of Service Medium - No
10273 Warning: IIS Server Overloaded Info Pass Yes
Report Date: 12/12/2017 27
Denial of Service Severity Pass/Fail Tested
10295 BadBlue PassThru Denial of Service Critical - No
10506 Apache Header Line Abort Denial of Service Medium Pass Yes
5064 VP-ASP Shopping Cart Multiple Vulnerabilities Critical - No
5104 Whatsup Gold 8.0 Version Check Medium - No
5119 Whatsup Gold Denial Of Service Medium - No
5069 PHP-Nuke SQL Injection in Reviews module High - No
5383 OneWorldStore Remote Denial of Service Critical - No
5470 WhatsUp Gold Web Interface Denial of Service Critical - No
5472 Macallan Mail Solution Denial of Service Critical - No
5485 Caudium Web Server Denial of Service Critical - No
5399 Jeuce Personal Web Server Denial of Service Critical - No
5403 04WebServer Denial of Service and Log Manipulation High - No
671 Lilikoi Ceilidh Path Disclosure/DOS Attack Medium - No
686 WebView Buffer Overflow DOS Attack Medium - No
687 ICQ Web Front Guestbook DOS Attack Low - No
786 WebBBS Buffer Overflow DOS Attack Medium - No
509 IIS 4.0 advsearch.asp DOS Attack High - No
510 IIS 4.0 search.asp DOS Attack High - No
511 IIS 4.0 query.asp DOS Attack High - No
77 IIS Frontpage Server Extensions Author.dll Possible DOS Critical - No
36 Counter.exe Web Hit Counter DOS Attack High - No
91 Frontpage Server Extensions Shtml.dll Multiple Possible Vulnerabilities
High - No
607 Lotus Domino /cgi-bin/ Path Disclosure/DOS Attack Low - No
922 Cart32 Multiple Possible Vulnerabilities Critical - No
923 Cart32 Configuration Information Disclosure Medium - No
924 Cart32 Multiple Possible Vulnerabilities Medium - No
925 Cart32 Multiple Possible Vulnerabilities Medium - No
1874 OmniHTTPD Temp File Creation Potential DOS Attack Medium Pass Yes
1442 SMTP Web Application Multiple Possible Vulnerabilities (clemail.exe)
Critical - No
1443 SMTP Web Application Multiple Possible Vulnerabilities (comments.exe)
Critical - No
1444 SMTP Web Application Multiple Possible Vulnerabilities (Formvar.exe)
Critical - No
1445 SMTP Web Application Multiple Possible Vulnerabilities (gbmail.exe)
Critical - No
1446 SMTP Web Application Multiple Possible Vulnerabilities (mailform.exe)
Critical - No
2063 Formvar.top Multiple Possible Vulnerabilities Critical - No
1956 ColdFusion Server Shutdown Medium - No
1941 SimpleServer tpgnrock Issue Low - No
2195 Pi3Web Buffer Overflow DOS/Path Disclosure Medium - No
2214 BadBlue Configuration Information Disclosure/DOS Attack Medium - No
2117 Apache Frontpage Server Extensions author.exe DOS Attack Medium - No
Report Date: 12/12/2017 28
Denial of Service Severity Pass/Fail Tested
2066 Formvar.bot Multiple Possible Vulnerabilities Critical - No
2067 comments.txt Multiple Possible Vulnerabilities High - No
2026 OmniHTTPD Statsconfig Arbitrary Command Execution Critical - No
2064 Formvar.ini Multiple Possible Vulnerabilities Critical - No
2065 Formvarconfiguration.exe Multiple Possible Vulnerabilities Critical - No
4425 IIS 5.0 Denial of Service Critical - No
3723 Frontpage Server Extensions shtml.dll Denial of Service Critical - No
3316 BEA Weblogic JSP Processor Denial of Service High - No
3360 SEANOX Devwex Arbitrary File Source Disclosure High - No
3344 Xerver Arbitrary File Source Disclosure High - No
3436 Novell iManage Denial Of Service Medium - No
3411 phpBB Possible Denial Of Service Medium - No
3415 phpSquidPass User Denial of Service High - No
3372 Resin view_source.jsp Directory Traversal File Access High - No
3701 SurfControl SuperScout Multiple Vulnerabilities High - No
3583 WebSphere .jsp Handler Denial of Service High - No
3502 phpBB profile.php Administration Access High - No
11372 OpenSSL Anonymous Elliptic Curve Diffie-Hellman (AECDH) Denial of Service
Medium Pass Yes
11273 Apache HTTPD Range Header Denial of Service Critical - No
10988 Java Double-precision Parsing Denial of Service Critical - No
11200 PHP Double-precision Parsing Denial of Service Critical - No
11502 XML Entity Expansion High Pass Yes
SC-7: Boundary Protection
(10) boundary protection | prevent unauthorized exfiltration
The organization prevents the unauthorized exfiltration of information across managed interfaces.
Supplemental Guidance:
Safeguards implemented by organizations to prevent unauthorized exfiltration of information from information systems include, for example: (i) strict adherence to protocol formats; (ii) monitoring for beaconing from information systems; (iii) monitoring for steganography; (iv) disconnecting external network interfaces except when explicitly needed; (v) disassembling and reassembling packet headers; and (vi) employing traffic profile analysis to detect deviations from the volume/types of traffic expected within organizations or call backs to command and control centers. Devices enforcing strict adherence to protocol formats include, for example, deep packet inspection firewalls and XML gateways. These devices verify adherence to protocol formats and specification at the application layer and serve to identify vulnerabilities that cannot be detected by devices operating at the network or transport layers. This control enhancement is closely associated with cross-domain solutions and system guards enforcing information flow requirements. Related control: SI-3.
Specific Checks Severity Pass/Fail Tested
11298 MongoDB PHP Request Injection Attack Critical - No
11278 CORS Unsafe Methods Allowed Low Pass Yes
11279 Overly Permissive CORS Access Policy Low Fail Yes
11280 Prolonged Caching of CORS Preflight Response Low Pass Yes
11281 Cross-Origin Resource Sharing Low Pass Yes
11282 CORS Functionality Abuse Best Practices Fail Yes
11331 Ruby XML YAML Remote Code Execution High Pass Yes
Report Date: 12/12/2017 29
Specific Checks Severity Pass/Fail Tested
11337 XML External Entity Injection High Pass Yes
11310 Expression Language Injection High Fail Yes
SC-8: Transmission Confidentiality and Integrity
The information system protects the [Selection (one or more): confidentiality; integrity] of transmitted information.
Specific Checks Severity Pass/Fail Tested
11338 Insecure OAuth Communication Channel High Pass Yes
11284 Insufficient Transport Layer Protection Critical Pass Yes
11285 Insufficient Transport Layer Protection - Weak Cipher Critical Pass Yes
11286 Weak SSL Protocol - SSLv2 Critical Pass Yes
11288 Insufficient Session ID Length High Fail Yes
11289 Insufficient Session ID Entropy High Fail Yes
11303 Predictable Session ID High Pass Yes
10942 SSLv3/TLS Renegotiation Stream Injection Medium Pass Yes
10943 HTTPS Privacy/Trust Violation Medium Pass Yes
10761 Possible Cryptographic Data Low Pass Yes
10766 SHA-0/SHA-1 Hash Detected Medium Pass Yes
10780 PGP Public Key Block Low Pass Yes
10781 PGP Private Key Block High Pass Yes
10747 MD5 Hash Detected Medium Pass Yes
3777 SSL Policy Enforcement Issue Low Pass Yes
4720 SSL Cookie Not Used Medium Pass Yes
4722 Logins Sent Over Unencrypted Connection High Fail Yes
4723 Logins Sent Over Query Best Practices Pass Yes
SC-18: Mobile Code
(1) mobile code | identify unacceptable code / take corrective actions
The information system identifies [Assignment: organization-defined unacceptable mobile code] and takes [Assignment: organization-defined corrective actions].
Supplemental Guidance: Corrective actions when unacceptable mobile code is detected include, for example, blocking, quarantine, or alerting administrators. Blocking includes, for example, preventing transmission of word processing files with embedded macros when such macros have been defined to be unacceptable mobile code.
Specific Checks Severity Pass/Fail Tested
4250 VBScript Runtime Error Message Low Pass Yes
844 IIS 5.0 Server Configuration Information Disclosure (servervariables_vbscript.asp)
Low - No
5306 Embedded VBScript Cross-Site Scripting Critical Pass Yes
10561 Vulnerable Flash Engine Allowed Best Practices - No
10242 Flash Cross-Domain Policy File Best Practices Pass Yes
10436 Flash Object Detected Info Pass Yes
10190 Possible VBScript Runtime Error Message Low Pass Yes
10241 Flash Unrestricted Cross-Domain Access Medium Pass Yes
10749 Insecure Security.allowInsecureDomain() usage Critical Pass Yes
10750 Insecure Security.allowDomain() usage Critical Pass Yes
Report Date: 12/12/2017 30
Specific Checks Severity Pass/Fail Tested
10751 LoadBytes Usage Low Pass Yes
10752 Debug Messaging Medium Pass Yes
10753 Insecure Flash Storage Object High Pass Yes
10754 Shared Flash Storage Object Low Pass Yes
10755 ENABLEDEBUGGER Tag Detected High Pass Yes
10757 Insecure LocalConnection.allowDomain() usage Critical Pass Yes
10764 ActionScript Source Path Disclosure Medium Pass Yes
10765 Application Source Available Critical Pass Yes
10808 PROTECT Tag detected Info Pass Yes
10809 ENABLEDEBUGGER2 Tag Detected Info Pass Yes
10811 FlashVars Cross-Site Scripting High Pass Yes
10812 FlashVars Cross-Site Scripting / Request Forgery High Pass Yes
10813 ASNative Function Usage Detected High Pass Yes
10814 Suggested Security Controls for Embedding SWF Files in HTML Best Practices Pass Yes
10815 Suggested Security Controls for Embedding SWF Files in HTML Best Practices Pass Yes
10816 Suggested Security Controls for Embedding SWF Files in HTML Best Practices Pass Yes
10817 Use of FlashVars in System.security.loadPolicyFile Detected High Pass Yes
10818 Use of FlashVars in loadMovie Detected High Pass Yes
10819 Possible FlashVars Cross-Site Scripting in htmlText property of a TextField
High Pass Yes
10820 Possible FlashVars Cross-Site Scripting in htmlText property bound to an Uninitialized Variable
High Pass Yes
10821 FlashVar usage in ExternalInterface.call method High Pass Yes
10823 Insecure LocalConnection.allowInsecureDomain() usage Critical Pass Yes
10649 FlashStaticAnalysis Low Pass Yes
10925 ActiveX Control Discovery Low Pass Yes
10936 Unsafe Flash Embed Settings - AllowScriptAccess Medium Pass Yes
SC-23: Session Authenticity
(1) session authenticity | invalidate session identifiers at logout
The information system invalidates session identifiers upon user logout or other session termination.
Supplemental Guidance: This control enhancement curtails the ability of adversaries from capturing and continuing to employ previously valid session IDs.
Insufficient Session Expiration Severity Pass/Fail Tested
11348 Insufficient Session Expiration - Java based Server High Pass Yes
11382 Insufficient Session Expiration - IIS High Pass Yes
4728 Persistent Cookies Medium Pass Yes
Session Fixation Severity Pass/Fail Tested
11305 OAuth Version Vulnerable to Session Fixation Found High Pass Yes
11201 Session Fixation High Pass Yes
SC-23: Session Authenticity
(3) session authenticity | unique session identifiers with randomization
The information system generates a unique session identifier for each session with [Assignment: organization-defined randomness requirements] and recognizes only session identifiers that are system-generated.
Supplemental Guidance: This control enhancement curtails the ability of adversaries from reusing previously valid session IDs. Employing the concept of randomness in the generation of unique session identifiers helps to protect against brute-force attacks to determine future session identifiers. Related control: SC-13.
Report Date: 12/12/2017 31
Supplemental Guidance: This control enhancement curtails the ability of adversaries from reusing previously valid session IDs. Employing the concept of randomness in the generation of unique session identifiers helps to protect against brute-force attacks to determine future session identifiers. Related control: SC-13.
Credential/Session Prediction Severity Pass/Fail Tested
3277 Sun NetDynamics ndCGI.exe Session Hijacking High Pass Yes
3274 wbbboard action.php Session Hijacking High - No
SI-10: Information Input Validation
(1) information input validation | predictable behavior
The information system behaves in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.
Buffer Overflow Severity Pass/Fail Tested
3263 Sun Answerbook2 gettransbitmap Possible Buffer Overflow Critical - No
3269 NewAtlanta ServletExec ISAPI Arbitrary Command Execution Critical - No
3191 WebTrends Reporting Center Arbitrary Command Execution Critical - No
3226 MDaemon/Worldclient Remote Command Execution Critical - No
3236 4D Webserver Basic Auth Overflow Critical - No
3151 IIS .htr Arbitrary Command Execution Critical - No
3152 IIS ASP Chunked Encoding Overflow Critical - No
3375 Apache Chunked Encoding Overflow Test Critical - No
3344 Xerver Arbitrary File Source Disclosure High - No
3545 Novell NetWare ndsobj.nlm Arbitrary Command Execution Low - No
3547 Novell Netware nsn Arbitrary Command Execution Low - No
3549 Tomahawk SteelArrow Arbitrary Command Execution Critical Pass Yes
4239 HSphere Webshell Possible Arbitrary Command Execution Medium - No
3778 ColdFusion ISAPI Arbitrary Command Execution High - No
4405 Biztalk Server Buffer Overflow High - No
788 spin_client.cgi Buffer Overflow Low - No
786 WebBBS Buffer Overflow DOS Attack Medium - No
676 Dmailweb Buffer Overflow Vulnerability Critical - No
677 Dmailweb.ini Buffer Overflow Vulnerability Low - No
678 Dmailweb.cgi Buffer Overflow Vulnerability Critical - No
686 WebView Buffer Overflow DOS Attack Medium - No
617 OmniHTTPD Buffer Overflow Critical - No
666 Wais client buffer overflow Critical - No
613 Antelope W4-Server cgitest.exe Buffer Overflow Critical - No
614 WebBBS Login Buffer Overflow Medium - No
603 IIS .ida Indexing Service Buffer Overflow/Path Disclosure Critical - No
575 DNewsWeb Buffer Overflow Critical - No
82 Frontpage Server Extensions fpcount.exe Buffer Overflow High - No
186 IIS RDS Multiple Possible Vulnerabilities Critical - No
1388 IIS Phone Book Service Arbitrary Command Execution Critical - No
1868 Responder.cgi Buffer Overflow Critical - No
Report Date: 12/12/2017 32
Buffer Overflow Severity Pass/Fail Tested
1918 NCSA Post_Query Critical - No
2024 Compaq Web-Based Management Administration High - No
2120 Planet Intra Buffer Overflow Critical - No
2195 Pi3Web Buffer Overflow DOS/Path Disclosure Medium - No
2175 Mobius DocumentDirect Buffer Overflow Critical - No
2300 Post-query Buffer Overflow Critical - No
2961 Backdoor - root.exe Critical - No
2885 ActivePerl ISAPI BufferOverflow Critical - No
2320 Frontpage Server Frontpage Server Extensions htimage.exe Multiple Vulnerabilities
High - No
2362 IIS 5.0 Internet Printing Protocol ISAPI Buffer Overflow Critical - No
10188 Novell Groupwise WebAccess Authentication Buffer Overflow Critical - No
10253 Possible Parameter Based Buffer Overflow (70 bytes) High - No
10254 Possible Parameter Based Buffer Overflow (270 bytes) High - No
10182 Apache Tomcat JK Web Server Connector Buffer Overflow Critical - No
5551 Oracle AS Web Cache Multiple vulnerabilities High - No
5560 Oracle 10g Stack Based Overflow Critical - No
5289 Sybase EAserver Stack-Based Buffer Overflow Critical - No
5376 AN HTTPD Server cmdIS.DLL Buffer Overflow Critical - No
5393 PMSoftware Simple Web Server Buffer Overflow Critical - No
5077 Possible IIS 5.0 Internet Printing Protocol ISAPI Buffer Overflow
Medium - No
5158 MiniShare GET Buffer Overflow Critical - No
5229 RaidenHTTPD PHP Source Code Disclosure Critical - No
5057 Possible Parameter Based Buffer Overflow (2100 bytes) High - No
4906 Frontpage Server Extensions fp30reg.dll Buffer Overflow Critical - No
Cross-site Scripting Severity Pass/Fail Tested
4927 Blackboard 'calender.pl' Cross-Site Scripting High - No
4928 cPanel 'addhandle.html' Cross-Site Scripting High - No
4930 XMB 'forumdisplay.php' Cross-Site Scripting High - No
4931 PostNuke 'openwindow.php' Cross-Site Scripting High - No
4932 OpenBB 'member.php' Cross-Site Scripting High - No
4933 OpenBB 'index.php' Cross-Site Scripting High - No
4934 paFileDB Cross-Site Scripting High - No
4935 News Manager Lite Cross-Site Scripting High - No
4936 AzDGDatingLite Cross-Site Scripting High - No
4897 cPanel 'dotaccess' Cross-Site Scripting High - No
4969 Fusion News Cross-Site Scripting High - No
4970 OpenBB 'myhome.php' Cross-Site Scripting High - No
4958 SquirrelMail 'compose.php' Cross-Site Scripting High - No
5004 AspDotNetStoreFront Cross-Site Scripting High - No
5009 e107: Cross-Site Scripting in feature called Submit News Critical Pass Yes
Report Date: 12/12/2017 33
Cross-site Scripting Severity Pass/Fail Tested
5014 e107: Cross-Site Scripting in feature called Email Article To A Friend
Critical Pass Yes
5007 e107: Cross-site Scripting in clock_menu.php Critical - No
4971 Sambar Server 'ssienv.shtml' Cross-Site Scripting Medium - No
4977 NewsPHP Cross-Site Scripting High - No
4978 TurboTraffic Cross-Site Scripting High - No
4983 Sambar 'dumpenv.pl' Cross-Site Scripting Medium - No
4986 Network Query Tool Cross-Site Scripting High - No
4988 Sambar 'show.asp' Cross-Site Scripting Medium - No
4989 Sambar 'showerperf.asp' Cross-Site Scripting Medium - No
4991 Coppermine Photo Gallery Cross-Site Scripting High - No
5055 CuteNews 'example1.php' Cross-Site Scripting High - No
5056 CuteNews 'example2.php' Cross-Site Scripting High - No
5053 CuteNews 'show_archives.php' Cross-Site Scripting High - No
5054 CuteNews 'show_news.php' Cross-Site Scripting High - No
5041 Cross-Site Scripting in phProfession Module For PostNuke High - No
5044 Invision Power Board 'f' Cross-Site Scripting High - No
5049 Cross-Site Scripting in PostNuke 0.726 Phoenix High - No
5064 VP-ASP Shopping Cart Multiple Vulnerabilities Critical - No
5060 Multiple Vulnerabilities in PowerPortal High - No
5061 Multiple Vulnerabilities in phpMyChat Critical - No
5062 Multiple Vulnerabilities in Invision Power Board v1.3.1 Final Critical - No
5063 Multiple vulnerabilities in JAWS High - No
5018 XMB Cross-Site Scripting in xmb.php High - No
5019 XMB Cross-Site Scripting in stats.php High - No
5020 XMB Cross-Site Scripting in stats.php High - No
5021 XMB Cross-Site Scripting in stats.php High - No
5017 XMB Cross-Site Scripting in phpinfo.php High - No
5023 XMB Cross-Site Scripting in post.php High - No
5024 XMB Cross-Site Scripting in forumdisplay.php High - No
5025 XMB Cross-Site Scripting in today.php High - No
5026 XMB Cross-Site Scripting in misc.php High - No
5032 Moodle Cross-Site Scripting High - No
5035 Cross-Site Scripting in PostNuke Phoenix High - No
5036 Cross-Site Scripting in PostNuke Phoenix High - No
5042 Invision Power Board 'c' Cross-Site Scripting High - No
5043 Invision Power Board 'UserName' Cross-Site Scripting High - No
5231 SparkleBlog Grants Administrative Access Critical - No
5227 YaBB Conduct Cross-Site Scripting Attack Critical - No
5224 paFileDB Path Disclosure and Cross-Site Scripting Vulnerability High - No
5212 auraCMS Path Disclosure, Cross-Site Scripting, Information Disclosure
Medium - No
Report Date: 12/12/2017 34
Cross-site Scripting Severity Pass/Fail Tested
5205 Ultimate PHP Board Discloses Path to Remote Users High - No
5210 Zorum Path Disclosure, Information Disclosure and Cross-Site Scripting
High - No
5192 PostNuke Cross-Site Scripting High - No
5152 HTTP TRACK Method Cross-Site Scripting Low Pass Yes
5184 Cart32 "GetLatestBuilds" Cross-Site Scripting Vulnerability High - No
5172 Microsoft ASP.NET or ASP Unicode Conversion Cross-Site Scripting
Critical Pass Yes
5177 PhotoPost Classifieds Multiple Vulnerabilities Critical - No
5069 PHP-Nuke SQL Injection in Reviews module High - No
5072 Multiple vulnerabilities in eNdonesia CMS Medium - No
5131 Lotus Domino Cross-Site Scripting High - No
5132 .NET Embedded Null Cross-Site Scripting High - No
5384 SqWebMail HTTP Response Splitting High - No
5355 ASP Nuke Cross-Site Scripting Vulnerability Critical - No
5367 Phorum 'search.php' HTTP Response Splitting High - No
5234 paNews Cross-Site Scripting Attacks High - No
5297 ASPPortal SQL Injection and Cross-Site Scripting Critical - No
5312 Book Review Cross-Site Scripting and Path Disclosure Medium - No
5266 phpMyAdmin Cross-Site Scripting High - No
5247 Nuke Bookmarks Permit SQL Injection, Cross-Site Scripting, and Path Disclosure
Critical - No
5402 Keene Digital Media Server Administrative Access High - No
5442 Web Content Management Administrative Access Critical Pass Yes
5434 Comersus Cross-Site Scripting Vulnerability Critical - No
5437 MySQL Eventum SQL Injection and Cross-Site Scripting Critical - No
5428 phpMyAdmin config.inc.php Cross-Site Scripting Medium - No
5491 Looking Glass Arbitrary Command Execution Critical Pass Yes
5471 Jakarta Tomcat Manager Cross-Site Scripting High Pass Yes
5508 Silent Storm Privillege Escalation and Cross-Site Scripting High - No
5500 Oracle Reports Server Cross-Site Scripting High Pass Yes
5501 ISA Server Cross-Site Scripting Low - No
5475 Land Down Under SQL Injection and Cross-Site Scripting Critical - No
5466 Oracle Reports 10g Cross-Site Scripting Medium - No
5543 Encoded embedded email Cross-Site Scripting Critical Pass Yes
5523 IBM Lotus Domino Cross-Site Scripting Medium - No
5538 URL Encoded Embedded Email Cross-Site Scripting Medium Pass Yes
5591 Parameter Escape Cross-Site Scripting Critical Pass Yes
5601 phpMyAdmin index.php Cross-Site Scripting Medium - No
5602 ExplorerXP Cross-Site Scripting Vulnerability Medium - No
5600 Struts Cross-Site Scripting Vulnerability Medium Pass Yes
5603 Blank'N'Berg Cross-Site Scripting Vulnerability Medium - No
5604 Aweb's Banner Generator Cross-Site Scripting Vulnerability Medium - No
Report Date: 12/12/2017 35
Cross-site Scripting Severity Pass/Fail Tested
5580 DRZES HMS Input Validation Vulnerability Medium - No
5563 RSA ACE/Agent Cross-Site Scripting Medium - No
5574 Null Character Cross-Site Scripting Critical Pass Yes
10187 Sun Java System Messenger Express 'error' Cross-Site Scripting
High - No
10195 Tomcat Snoop.jsp Example Cross-Site Scripting Medium - No
10241 Flash Unrestricted Cross-Domain Access Medium Pass Yes
5649 Cross-Site Scripting Critical Fail Yes
5609 NOCC Cross-Site Scripting Vulnerability Medium - No
5610 NOCC Cross-Site Scripting Vulnerability Medium - No
5606 PHP phpinfo() Conduct Cross-Site Scripting Vulnerability Medium Pass Yes
5607 Sire Cross-Site Scripting Medium - No
5608 NOCC Cross-Site Scripting Vulnerability Medium - No
10044 HTML Tag Injection Medium Fail Yes
5611 NOCC Cross-Site Scripting Vulnerability Medium - No
5650 Cross-Site Scripting (User Interaction) Critical Fail Yes
5652 Apache Expect Header Cross-site Scripting Vulnerability High Pass Yes
10441 Blackboard Academic Suite 'viewCatalog' Cross-Site Scripting Medium Pass Yes
10444 EasyNews index.php Cross-Site Scripting Medium Pass Yes
10433 Photo Cart 4.1 Multiple Cross-Site Scripting Medium Pass Yes
10442 DigiDomain Multiple Cross-Site Scripting Medium Pass Yes
10447 ProjectPier index.php Cross-Site Scripting Medium Pass Yes
10448 SupportCenter Plus Cross-Site Scripting Medium Pass Yes
10408 PHP iCalendar year.php Cross-Site Scripting Medium Pass Yes
10409 MyioSoft EasyGallery Multiple Cross-Site Scripting Medium Pass Yes
10424 sNews CMS Cross-Site Scripting Medium Pass Yes
10427 Jeebles Directory Cross-Site Scripting Medium Pass Yes
10429 phpAddressBook index.php Cross-Site Scripting Medium Pass Yes
10430 EasyCalendar calendar_backend.php Cross-Site Scripting Medium Pass Yes
10431 Simple Forum forum.php 'date_show' Parameter Cross-Site Scripting
Medium Pass Yes
10432 Falt4 CMS index.php 'handler' Parameter Cross-Site Scripting Medium Pass Yes
10367 Matt's Whois Cross-Site Scripting Medium Pass Yes
10368 Crafty Syntax Live Help livehelp.php Cross-Site Scripting Medium Pass Yes
10369 Crafty Syntax Live Help user_questions.php Cross-Site Scripting
Medium Pass Yes
10357 Crafty Syntax Live Help lostsheep.php Cross-Site Scripting Medium Pass Yes
10360 Cacti graph.php Cross-Site Scripting Medium Pass Yes
10400 FMDeluxe Cross-Site Scripting Medium Pass Yes
10401 Savvy Content Manager searchresults.cfm Cross-Site Scripting Medium Pass Yes
10406 Mambo MOStlyCE connector.php Cross-Site Scripting Medium Pass Yes
10407 PHP iCalendar week.php Cross-Site Scripting Medium Pass Yes
10361 Cacti graph_view.php Cross-Site Scripting Medium Pass Yes
Report Date: 12/12/2017 36
Cross-site Scripting Severity Pass/Fail Tested
10371 Crafty Syntax Live Help leavemessage.php Cross-Site Scripting Medium Pass Yes
10399 access2asp Cross-Site Scripting Medium Pass Yes
10276 F5 FirePass SSL VPN Cross-Site Scripting High Pass Yes
10277 SiteMinder Web Agent Smpwservices.fcc Cross-Site Scripting High Pass Yes
10290 InfoSoft FusionCharts/PowerCharts Possible Remote SWF Inclusion
Medium Pass Yes
10291 Dreamweaver SWF Possible Cross-Site Scripting Medium Pass Yes
10289 Apache mod_status Refresh Cross-Site-Scripting Medium - No
10292 Camtasia Studio Possible Remote SWF Inclusion Medium Pass Yes
10293 Acrobat Connect SWF Possible Cross-Site Scripting Medium Pass Yes
10314 Coppermine Photo Gallery showdoc.php Cross-Site Scripting Medium Pass Yes
10319 QontentOne Search Cross-Site Scripting Medium Pass Yes
10320 BlogPHP Cross-Site Scripting Low Pass Yes
10303 webSPELL Who Is Online Cross-Site Scripting Medium Pass Yes
10304 AmpJuke Search Cross-Site Scripting Medium Pass Yes
10305 Nucleus CMS Cross-Site Scripting Medium Pass Yes
10309 Uniwin eCart Cross-Site Scripting Medium Pass Yes
10325 Domain Trader catalog.php Cross-Site Scripting Medium Pass Yes
10326 MySpace Scripts Poll Creator index.php Cross-Site Scripting Medium Pass Yes
10328 ITechBids item_id Cross-Site Scripting Medium Pass Yes
10336 WordPress Footnotes Plugin admin_panel.php 'priority' Cross-Site Scripting
Medium Pass Yes
10337 Apache Tomcat SendMailServlet Example Cross-Site Scripting Medium Pass Yes
10338 Apache Tomcat CookieExample Cross-Site Scripting Medium Pass Yes
10350 Jinzora Media Jukebox Multiple Cross -Site Scripting Medium Pass Yes
10330 ITechClassifieds CatID Cross-Site Scripting Medium Pass Yes
10331 eTicket index.php Cross-Site Scripting High Pass Yes
10339 rwAuction Pro Cross-Site Scripting Low Pass Yes
10340 PHPSlideshow "directory" Cross Site Scripting Medium Pass Yes
10355 WordPress Search Unleashed Plugin Possible Cross-Site Scripting
Medium Pass Yes
10356 Sift Unity search.cgi Cross-Site Scripting Medium Pass Yes
10565 Real-Estate-Website location.asp Cross-Site Scripting Medium Pass Yes
10566 doITLive showmedia.asp Cross-Site Scripting Medium Pass Yes
10567 Mini CWB connector.php Cross-Site Scripting Medium Pass Yes
10570 Campus Bulletin Board book.asp Cross-Site Scripting Medium Pass Yes
10572 SMEweb bb.php Cross-Site Scripting Medium Pass Yes
10573 DocuShare Cross-Site Scripting Medium Pass Yes
10575 SamTodo index.php Cross-Site Scripting Medium Pass Yes
10561 Vulnerable Flash Engine Allowed Best Practices - No
10581 eSyndiCat register.php Multiple Cross-Site Scripting Medium Pass Yes
10593 Wordpress edit-post-rows.php Cross-Site Scripting Medium Pass Yes
10594 Web Wiz Rich Text Editor "email" Cross-Site Scripting Medium Pass Yes
Report Date: 12/12/2017 37
Cross-site Scripting Severity Pass/Fail Tested
10577 Maian Cart header.php Cross-Site Scripting Medium Pass Yes
10578 Maian Cart footer.php Cross-Site Scripting Medium Pass Yes
10579 vBTube vbtube.php Cross-Site Scripting Medium Pass Yes
10580 vBulletin memberlist.php Cross-Site Scripting Medium Pass Yes
10549 OpUtils MainLayout.do Cross-Site Scripting Medium Pass Yes
10550 SyndeoCMS index.php Cross-Site Scripting Medium Pass Yes
10547 OpenDocMan out.php Cross-Site Scripting Medium Pass Yes
10548 Lyris ListManager search Cross-Site Scripting Medium Pass Yes
10529 Netrix products.php Cross-Site Scripting Medium Pass Yes
10540 Realm CMS compact.asp Cross-Site Scripting Low Pass Yes
10545 PHPEasyData annuaire.php Cross-Site Scripting Medium Pass Yes
10546 PHPEasyData last_records.php Cross-Site Scripting Medium Pass Yes
10552 Tornado Knowledge Retrieval searcher.exe Cross-Site Scripting Medium Pass Yes
10553 BlogPHP index.php Cross-Site Scripting Medium Pass Yes
10554 PHP Address Book index.php Cross-Site Scripting Medium Pass Yes
10555 Control Panel XE users.asp Cross-Site Scripting Medium Pass Yes
10556 Form Processor XE Cross-Site Scripting Medium Pass Yes
10558 yBlog search.php Cross-Site Scripting Medium Pass Yes
10559 Contenido index.php Cross-Site Scripting Medium Pass Yes
10560 Academic Web Tools Multiple Cross-Site Scripting Medium Pass Yes
10613 Mambo index.php Multiple Cross-Site Scripting Medium Pass Yes
10614 Mambo connector.php Cross-Site Scripting Medium Pass Yes
10611 Pluck CMS header2.php Cross-Site Scripting Medium Pass Yes
10612 Pluck CMS themeinstall.php Cross-Site Scripting Medium Pass Yes
10607 Flex CMS inc-core-admin-editor-previouscolorsjs.php Cross-Site Scripting
Medium Pass Yes
10608 ActualAnalyzer view.php Cross-Site Scripting Medium Pass Yes
10609 AWStats Reflected Cross-Site Scripting High Pass Yes
10610 Pluck CMS header.php Cross-Site Scripting Medium Pass Yes
10597 Sun Java System Web Server advanced.jsp Cross-Site Scripting Medium Pass Yes
10599 Urchin session.cgi Cross-Site Scripting Medium Pass Yes
10601 Owl Intranet Engine register.php Cross-Site Scripting Medium Pass Yes
10602 Apache HTTPD mod_proxy_ftp Wildcard XSS High Pass Yes
10603 Crafty Syntax Live Help livehelp_js.php Cross-Site Scripting Medium Pass Yes
10605 iCalendar index.php Cross-Site Scripting Low Pass Yes
10606 PhpLinkExchange index.php Cross-Site Scripting Low Pass Yes
10630 Apache Tomcat sendError() Cross Site Scripting Medium - No
10624 MediaWiki api.php Cross-Site Scripting Medium Pass Yes
10625 Maian Cart index.php Cross Site Scripting Medium Pass Yes
10626 Maian Weblog index.php Cross Site Scripting Medium Pass Yes
10627 RSA WebID IISWebAgentIF.dll Cross-Site Scripting Medium Pass Yes
10631 Openfire login.jsp Cross-Site Scripting Medium Pass Yes
Report Date: 12/12/2017 38
Cross-site Scripting Severity Pass/Fail Tested
10632 Xampp ming.php Cross-Site Scripting Medium Pass Yes
10616 Liferay Portal login Cross-Site Scripting Medium Pass Yes
10617 Vanilla people.php Cross-Site Scripting Medium Pass Yes
10618 Benja CMS admin_new_submenu.php Cross-Site Scripting Medium Pass Yes
10619 Benja CMS admin_edit_topmenu.php Cross-Site Scripting Medium Pass Yes
10620 Benja CMS admin_edit_submenu.php Cross-Site Scripting Medium Pass Yes
10621 Xoops PopnupBlog module index.php Cross-Site Scripting Medium Pass Yes
10615 Sun Java System Access Manager Cross-Site Scripting Medium Pass Yes
10622 Photo Cart index.php Cross-Site Scripting Medium Pass Yes
10489 BolinOS gBPassword.php Cross-Site Scripting Medium Pass Yes
10507 Tux CMS Multiple Cross-Site Scripting Medium Pass Yes
10508 Maian Support footer.php Cross-Site Scripting Medium Pass Yes
10500 cpLinks search.php Cross-Site Scripting Medium Pass Yes
10501 BolinOS gBselectorContents.php Cross-Site Scripting Medium Pass Yes
10502 BolinOS gBLoginPage.php POST parameter "formlogin" Cross-Site Scripting
Medium Pass Yes
10503 Snitz Forums 2000 setup.asp Cross-Site Scripting Medium Pass Yes
10504 Sphider search.php Cross-Site Scripting Medium Pass Yes
10510 WordPress Footnotes Plugin admin_panel.php 'style_rules' Cross-Site Scripting
Medium Pass Yes
10511 WordPress Footnotes Plugin admin_panel.php 'pre_footnotes' Cross-Site Scripting
Medium Pass Yes
10513 phpVID search_results.php Cross-Site Scripting Medium Pass Yes
10514 Build A Niche Store search.php Cross-Site Scripting Medium Pass Yes
10515 WordPress Footnotes Plugin admin_panel.php 'post_footnotes' Cross-Site Scripting
Medium Pass Yes
10516 Mantis return_dynamic_filters.php Cross-Site Scripting Medium Pass Yes
10517 MJGuest guestbook.php Cross-Site Scripting Medium Pass Yes
10531 Itech Classifieds viewcat.php Cross-Site Scripting Medium Pass Yes
10532 phpInstantGallery Cross-Site Scripting Medium Pass Yes
10533 DotNetNuke Default.aspx Cross-Site Scripting Medium Pass Yes
10535 SchoolCenter URL "components" Cross-Site Scripting Medium Pass Yes
10536 SchoolCenter URL "admin" Cross-Site Scripting Medium Pass Yes
10537 Calendarix Cross-Site Scripting Medium Pass Yes
10538 PHP Image Gallery index.php Cross-Site Scripting Medium Pass Yes
10518 BMForum Multiple Cross-Site Scripting Medium Pass Yes
10519 CMS Faethon search.php Cross-Site Scripting Medium Pass Yes
10520 Zomplog category.php Cross Site Scripting Medium Pass Yes
10522 Calcium Web Calendar Calcium40.pl Cross-Site Scripting Medium Pass Yes
10523 AppServ index.php Cross-Site Scripting Medium Pass Yes
10524 Quate CMS Multiple Cross-Site Scripting Medium Pass Yes
10525 phpFreeForum Multiple Cross Site Scripting Vulnerabilities Medium Pass Yes
10528 Tomcat Host Manager Cross-Site Scripting Medium Pass Yes
Report Date: 12/12/2017 39
Cross-site Scripting Severity Pass/Fail Tested
10480 Acidcat CMS admin_colors_swatch.asp Cross-Site Scripting Medium Pass Yes
10476 AlstraSoft Template Seller Pro fullview.php Cross-Site Scripting Medium Pass Yes
10459 Swiki Multiple Cross-Site Scripting Medium Pass Yes
10460 MegaBBS upload.asp Cross-Site Scripting Medium Pass Yes
10481 BusinessObjects XI logon.object Cross-Site Scripting Medium Pass Yes
10483 BolinOS gBImageViewer.php Cross-Site Scripting Medium Pass Yes
10484 BolinOS gBLoginPage.php Cross-Site Scripting Medium Pass Yes
10486 ContRay search.cgi Cross-Site Scripting Medium Pass Yes
10494 NextAge Cart index.php Cross-Site Scripting Medium Pass Yes
10487 OSI Affiliate login.php Cross-Site Scripting Medium Pass Yes
10488 Advanced Electron Forums index.php Cross-Site Scripting Medium Pass Yes
10495 MusicBox Cross-Site Scripting Medium Pass Yes
10496 vlBook Cross-Site Scripting Medium Pass Yes
10498 LabWiki Cross-Site Scripting Medium Pass Yes
10499 i.List search.php Cross-Site Scripting Medium Pass Yes
10464 Simple Gallery index.php Cross-Site Scripting Medium Pass Yes
10465 ManageEngine Firewall Analyzer mindex.do Cross-Site Scripting
Medium Pass Yes
10469 LiveCart Multiple Cross-Site Scripting Vulnerabilities Medium Pass Yes
10471 CandyPress utilities_ConfigHelp.asp Cross-Site Scripting Medium Pass Yes
10473 cpCommerce calendar.php Cross-Site Scripting Medium Pass Yes
10474 Php-Stats whois.php Cross-Site Scripting Medium Pass Yes
10475 Omnistar Live kb.php Cross-Site Scripting Medium Pass Yes
10449 EventLog Analyzer Cross-Site Scripting Medium Pass Yes
10450 ServiceDesk Plus Cross-Site Scripting Medium Pass Yes
10451 Applications Manager Cross-Site Scripting Medium Pass Yes
10452 NetFlow Analyzer Cross-Site Scripting Medium Pass Yes
10453 OpManager Cross-Site Scripting Medium Pass Yes
10454 PerlMailer Cross-Site Scripting Medium Pass Yes
10455 PortalApp Multiple Cross-Site Scripting Medium Pass Yes
10458 KwsPHP ConcoursPhoto Module index.php Cross-Site Scripting Medium Pass Yes
3111 Frontpage Server Extensions Shtml.dll Cross-Site Scripting High - No
3010 Log View Cross-Site Scripting Medium - No
2257 phpBB search.php Cross-Site Scripting High Pass Yes
2306 Jakarta Tomcat 404 Error Cross-Site Scripting High - No
1852 wdirs.txt Information Disclosure Critical - No
715 Jakarta Tomcat Snoop Multiple Vulnerabilities Medium - No
4415 PHPNuke Your Account Cross-Site Scripting High - No
4411 HappyMall Cross-Site Scripting High - No
4414 Phorum Cross-Site Scripting High - No
4356 Ceilidh BBS Cross-Site Scripting High - No
4354 PHPNuke block-forums.php Cross-Site Scripting High - No
Report Date: 12/12/2017 40
Cross-site Scripting Severity Pass/Fail Tested
4355 osCommerce Cross-Site Scripting High - No
4331 ClearTrust Cross-Site Scripting High - No
4332 Gbook.php Cross-Site Scripting High - No
4344 Mambo Site Server Search Cross-Site Scripting High - No
4347 Basit Content Management Cross-Site Scripting High - No
4349 Sambar Server ipdata.stm Cross-Site Scripting Medium - No
4317 PY-Livredor Cross-site Scripting High - No
4310 WWWboard Cross-Site Scripting High - No
4295 ColdFusion index.cfm Cross-Site Scripting High - No
4275 FormMail.cgi Cross-site Scripting High - No
4285 Nuked Klan Cross-site Scripting High - No
4288 Mailman Email Cross-site Scripting High - No
4266 Sambar Server results.stm Cross-Site Scripting Medium - No
4252 ImageFolio Cross-Site Scripting High - No
4273 GeekLog users.php Cross-Site Scripting High - No
3788 Zeus Admin Interface Cross-Site Scripting High - No
3666 NikSun Netdetector Cross-Site Scripting Medium - No
3719 SurfControl SuperScout Cross-site Scripting High - No
3721 IIS .idc ISAPI Cross-site Scripting High - No
3727 vBulletin Cross-site Scripting High - No
3728 YaBB Multiple Vulnerabilities High - No
3757 WebSphere Proxy Cross-Site Scripting High - No
3758 WebSphere Proxy Header Injection Cross-Site Scripting High Pass Yes
3755 Mojo Cross-Site Scripting High - No
3756 MyMarket Cross-site Scripting High - No
3836 HTTP TRACE Method Cross-Site Scripting Low Pass Yes
3841 SquirrelMail read_body.php Cross-Site Scripting High - No
4240 YaBBSE news_template.php Cross-Site Scripting High - No
3781 Zeus index.fcgi Cross-Site Scripting High - No
3807 myPHPNuke Cross-Site Scripting High - No
3816 ImageFolio imagefolio.cgi Cross-Site Scripting High - No
4744 Zoom Engine Cross-Site Scripting High - No
4794 VP-ASP Cross-Site Scripting High - No
4715 Divine Content Server Cross-Site Scripting High - No
4646 Escapade Cross-Site Scripting High - No
4678 DBabble Cross-Site Scripting High - No
4690 ACart Cross-Site Scripting High - No
4697 GeekLog brokenfile.php Cross-Site Scripting High - No
4424 XMB Cross-Site Scripting High - No
4420 eZ Publish articleview Cross-Site Scripting High - No
4430 Saarport Webchat Cross-Site Scripting High - No
Report Date: 12/12/2017 41
Cross-site Scripting Severity Pass/Fail Tested
4439 PHP Session ID Cross-Site Scripting High - No
4427 Zeus vs_diag.cgi Cross-Site Scripting High - No
4453 JEUS Cross-Site Scripting High - No
4464 TUTOS Cross-Site Scripting High - No
4512 OmniHTTPD Cross-Site Scripting (test-win.exe) High - No
4529 Drupal main and sub page Cross-Site Scripting High - No
4611 eNdonesia Cross-Site Scripting High - No
4624 miniPortail Cross-Site Scripting High - No
4639 Digital Scribe Cross-Site Scripting High - No
4862 VirtuaNews Cross-Site Scripting High - No
4857 @Mail Cross-Site Scripting High - No
4836 ProductCart Cross-Site Scripting High - No
4817 PHPNuke friend.php Cross-Site Scripting High - No
4821 Oracle 'isqlplus' Cross-Site Scripting High - No
4796 Bajie Cross-Site Scripting High - No
4810 OpenBB Cross-Site Scripting High - No
4811 FreznoShop Cross-Site Scripting Low - No
4815 phpGedView Cross-Site Scripting High - No
4874 Invision Power Board 'showuser' Cross-Site Scripting High - No
4875 EMU Webmail Cross-Site Scripting High - No
4904 RxGoogle Cross-Site Scripting High - No
4910 vBulletin 'index.php' Cross-Site Scripting High - No
4911 cPanel 'dodelautores.html' Cross-Site Scripting High - No
4913 CactuShop Cross-Site Scripting High - No
4923 FTGatePro Cross-Site Scripting High - No
4924 NukeCalendar Cross-Site Scripting High - No
4926 AzDGDatingLite Cross-Site Scripting High - No
3528 Oracle Application Server hellouser.jsp Cross-Site Scripting High - No
3531 Cafelog b2 Weblog Multiple Possible Vulnerabilties Critical Pass Yes
3538 Bonsai CVS Archive Cross-site Scripting Medium Pass Yes
3552 OmniHTTPD Test Application Cross-site Scripting (test.shtml) High - No
3558 Aestiva HTML/OS 'htmlos' Cross-Site Scripting Medium - No
3559 Aestiva HTML/OS 'start' Cross-Site Scripting Medium - No
3522 Falcon Webserver Cross-Site Scripting High - No
3527 L-Forum Multiple Vunerabilities Critical Pass Yes
3504 ShoutBOX Forum Cross-Site Scripting High - No
3529 Oracle Application Server welcomeuser.jsp Cross-site Scripting High - No
3530 Oracle Application Server usebean.jsp Cross-site Scripting High - No
3464 Fluid Dynamics Search Engine Cross-Site Scripting High - No
3466 wops.cgi Cross-Site Scripting High - No
3471 Mewsoft Auction (terms) Cross-Site Scripting High - No
Report Date: 12/12/2017 42
Cross-site Scripting Severity Pass/Fail Tested
3478 Macromedia Sitespring (500error.jsp) Cross-Site Scripting High - No
3487 PostNuke Wiki Module Cross-Site Scripting High - No
3496 InterNIC Whois Cross-Site Scripting High - No
3484 GeekLog (search.php) Cross-Site Scripting High - No
3621 SquirrelMail Cross-Site Scripting High - No
3663 Jakarta Tomcat ContainerServlet Cross-Site Scripting High - No
3553 OmniHTTPD Test Application Cross-site Scripting (test.php) High - No
3582 HTTP Header CRLF Injection (HTTP Response Splitting) High Pass Yes
3560 Aestiva HTML/OS start.cgi Cross-Site Scripting Medium - No
3700 phpWebSite Cross-site Scripting High - No
3715 Authoria Cross-site Scripting High - No
3716 phpBBmod php.info Information Disclosure Medium - No
3664 Jakarta Tomcat Servlet Context Cross-Site Scripting High - No
3665 Jakarta Tomcat Servlet WebdavStatus Cross-Site Scripting High - No
3690 myNewsGroups Cross-site Scripting High - No
3694 Apache Host Header Cross-site Scripting Medium - No
3696 phpLinkat Cross-site Scripting High - No
3343 MyHelpdesk Input Validation Vulnerability Critical - No
3369 Mewsoft Auction (searchstring) Cross-Site Scripting High - No
3370 PHP Classifieds Cross-Site Scripting High - No
3339 Oracle Application Server Configurator Cross-Site Scripting High - No
3331 Anthill Cross-Site Scripting High - No
3337 Bugzilla query.cgi Cross-Site Scripting Medium Pass Yes
3321 PForum Cross-Site Scripting High - No
3329 php(Reactor) Cross-Site Scripting High - No
3394 Splatt Forum Cross-Site Scripting High - No
3395 ColdFusion view.cfm Cross-Site Scripting High - No
3434 Imp Webmail Cross-Site Scripting High - No
3421 LilHTTP Server urlcount.cgi Cross-Site Scripting High - No
3429 Blackboard Cross-Site Scripting High - No
3438 BadBlue Search Cross-Site Scripting High - No
3460 GoAhead Webserver Cross-Site Scripting High - No
3461 Jakarta Tomcat Servlet Cross-Site Scripting High Pass Yes
3463 Lil'HTTP Pbcgi.cgi Cross-Site Scripting High - No
3176 csSearch Command Execution Critical - No
3076 WebSphere Cross-Site Scripting Medium - No
3181 IceWarp Web Mail Cross-Site Scripting High - No
3193 php ImageView Configuration Information Disclosure Medium - No
3196 PostCalendar Cross-Site Scripting High - No
3230 Novell NetWare Web Search Server Cross-Site Scripting High - No
3198 askSam as_web.exe Cross-Site Scripting High - No
Report Date: 12/12/2017 43
Cross-site Scripting Severity Pass/Fail Tested
3225 SGDynamo Cross-Site Scripting High - No
3229 PHPNuke Cross-Site Scripting High - No
3224 Aktivate Shopping System Cross-Site Scripting High - No
3243 ViewCVS Cross-Site Scripting High - No
3248 mcNews Cross-Site Scripting High - No
3259 Cobalt RaQ service.cgi Cross-Site Scripting High - No
3240 Easynews Arbitrary File Modification Critical - No
3253 Citrix NFuse Web Publishing Cross-Site Scripting High - No
3279 Delegate 404 Page Cross-Site Scripting High - No
11205 Third Party Undisclosed Cross-Site Scripting Critical Pass Yes
10968 Apache Axis2 Cross-Site Scripting Critical Pass Yes
10966 PG eLMS Pro Cross-Site Scripting Medium Pass Yes
10967 Science Fair In A Box Cross-Site Scripting High Pass Yes
10928 WordPress Persistent XSS (url parameter) Medium Pass Yes
10929 IBM Tivoli FilepathLogin.html Cross-Site Scripting Medium Pass Yes
10924 Oracle BEA Weblogic console-help.portal Cross-Site Scripting Medium Pass Yes
10926 Sun Communications Express search.xml Cross-Site Scripting Medium Pass Yes
10927 Sun Communications Express UWCMain Cross-Site Scripting Medium Pass Yes
10933 XOOPS viewpmsg.php Cross-Site Scripting Medium Pass Yes
10940 Persistent Cross-Site Scripting (XSS) Critical - No
10947 IBM WebSphere Portal & Lotus Notes Cross-Site Scripting High Pass Yes
10959 vBulletin Two-Step External Links "url" Parameter Cross-Site Scripting
High Pass Yes
10954 PortWise SSL VPN Cross-Site Scripting Medium Pass Yes
10950 ASP.NET Viewstate Cross-Site Scripting High Pass Yes
10953 Microsoft SharePoint Server Cross-Site Scripting Medium Pass Yes
11222 Persistent Cross-Site Scripting (XSS) Critical - No
11269 Persistent Cross-Site Scripting Critical - No
11270 Persistent Cross-Site Scripting (User Interaction) Critical - No
11362 Apache Struts ClassLoader Manipulation High - No
11325 PHP-Nuke "forwarder" Parameter HTTP Response Splitting Critical Pass Yes
11309 Browser Mime Sniffing is not disabled Low Fail Yes
11307 Reliance on X-Content-Type-Options Low Pass Yes
11308 Missing Content-Type Header Low Pass Yes
10665 AWStats Totals awstatstotals.php Cross-Site Scripting Medium Pass Yes
10663 Drupal Link To Us Cross-Site Scripting Medium Pass Yes
10664 DataSpade Index.asp Cross-Site Scripting Medium Pass Yes
10659 Avactis Shopping checkout.php Cart Cross-Site Scripting Medium Pass Yes
10660 TimeTrex login.php Cross-Site Scripting Medium Pass Yes
10648 Riverdark RSS Syndicator rss.php Cross-Site Scripting Medium Pass Yes
10661 Juniper Networks Secure Access 2000 rdremediate.cgi Cross-Site Scripting
Medium Pass Yes
Report Date: 12/12/2017 44
Cross-site Scripting Severity Pass/Fail Tested
10667 Maian Gallery index.php Cross-Site Scripting Medium Pass Yes
10668 Horde WebMail addevent.php Cross-Site Scripting Medium Pass Yes
10669 xtCommerce advanced_search_result.php Cross-Site Scripting Medium Pass Yes
10670 Wordpress MU wpmu-blogs.php Cross-Site Scripting Medium Pass Yes
10671 IBM Rational ClearQuest Web Cross Site Scripting Medium Pass Yes
10672 PHPGlossar index.php Cross-Site Scripting Medium Pass Yes
10674 Blosxom blosxom.cgi Cross-Site Scripting Medium Pass Yes
10676 WikyBlog keywordSearch Cross-Site Scripting Medium Pass Yes
10657 ParaNews news.php Cross-Site Scripting Medium Pass Yes
10646 eForum busca.php Cross-Site Scripting Medium Pass Yes
10647 VBZooM Forum profile.php Cross-Site Scripting Medium Pass Yes
10642 BEA AquaLogic Interaction or Plumtree Foundation server.pt Cross-Site Scripting
Medium Pass Yes
10643 SparkleBlog Journal.php HTML Injection Medium Pass Yes
10644 Invision Power Board Cross-Site Scripting Medium Pass Yes
10645 F5 FirePass 4100 SSL VPN Cross-Site Scripting Medium Pass Yes
10633 MRBS search.php Cross-Site Scripting Medium Pass Yes
10634 OWL register.php Cross-Site Scripting Medium Pass Yes
10635 phpMyAdmin Cross-Site Scripting Low Pass Yes
10636 Xampp iart.php Cross-Site Scripting Medium Pass Yes
10637 @Mail parse.php Cross-Site Scripting Medium Pass Yes
10638 Silentum LoginSys login.php Cross-Site Scripting Medium Pass Yes
10640 Maian Guestbook footer.php Multiple Cross-Site Scripting Medium Pass Yes
10641 Maian Uploader header.php Multiple Cross-Site Scripting Medium Pass Yes
10680 Dokeos work.php Cross-Site Scripting Medium Pass Yes
10677 WikyBlog useredits Cross-Site Scripting Medium Pass Yes
10678 Wikyblog WhatLinksHere Cross-Site Scripting Medium Pass Yes
10681 Dokeos myAgenda.php Cross-Site Scripting Medium Pass Yes
10686 Kontiki DMS 'action' Cross-Site Scripting Medium Pass Yes
10688 PHP-Nuke eWeather module modules.php Cross-Site Scripting Medium Pass Yes
10704 WhoDomLite whois.cgi Cross-Site Scripting Medium Pass Yes
10697 Celoxis user.do Cross-Site Scripting Vulnerability Medium Pass Yes
10698 Matterdaddy Market login.php Cross-Site Scripting Medium Pass Yes
10689 InfoBiz Server search_results.php Cross-Site Scripting Medium Pass Yes
10690 MediaWiki 'useskin' Cross-Site Scripting High Pass Yes
10692 WikiHiero extension for WikiMedia Cross-Site Scripting Medium Pass Yes
10696 Website Directory index.php Cross-Site Scripting Medium Pass Yes
10706 Kmita Gallery search.php Cross-Site Scripting Medium Pass Yes
10707 Kmita Catalogue search.php Cross-Site Scripting Medium Pass Yes
10701 Coldfusion Fusebox index.cfm Cross-Site Scripting Medium Pass Yes
10702 phpMyAdmin pmd_pdf.php Cross-Site Scripting Medium Pass Yes
10709 IBM Quickr Server Calendar Cross-Site Scripting Medium Pass Yes
Report Date: 12/12/2017 45
Cross-site Scripting Severity Pass/Fail Tested
10710 IBM Rational ClearQuest Web Cross-Site Scripting Medium Pass Yes
10711 Merak Mail Server index.html Cross-Site Scripting Medium Pass Yes
10712 @Mail util.php Cross-Site Scripting Medium Pass Yes
10714 Novell GroupWise WebAccess Cross-Site Scripting Medium Pass Yes
10715 SAP Web Application Server Cross-Site Scripting Medium Pass Yes
10716 RSA Authentication Agent login page Cross-Site Scripting Medium Pass Yes
10717 Apache HTTP Method Cross-Site Scripting Medium Fail Yes
10718 IBM Lotus QuickPlace Main.nsf Cross-Site Scripting Medium Pass Yes
10724 Softbiz Classifieds Script signinform.php Cross-Site Scripting Medium Pass Yes
10725 Softbiz Classifieds Script lostpassword.php Cross-Site Scripting Medium Pass Yes
10820 Possible FlashVars Cross-Site Scripting in htmlText property bound to an Uninitialized Variable
High Pass Yes
10821 FlashVar usage in ExternalInterface.call method High Pass Yes
10824 Oracle Application Server Cross-Site Scripting Medium Pass Yes
10826 Oracle Forms Cross-Site Scripting Vulnerability Medium Pass Yes
10827 Sun ONE Calendar Express Cross-Site Scripting High Pass Yes
10828 Sun ONE Calendar Express command.shtml Cross-Site Scripting
High Pass Yes
10829 Sun ONE Calendar Express command.shtml Cross-Site Scripting
High Pass Yes
10833 Drupal Wikitools Cross-Site Scripting Medium Pass Yes
10836 Owl Intranet Engine Registration Cross-Site Scripting Vulnerability
Medium Pass Yes
10837 WebSphere PlantsByWebSphere ShoppingServlet 'category' Cross-Site Scripting
Medium Pass Yes
10838 SAP MaxDB Web Database Cross-Site Scripting Medium Pass Yes
10839 WebSphere PlantsByWebSphere AccountServlet 'userid' Cross-Site Scripting
Medium Pass Yes
10743 Apache Roller 'search' Cross-Site Scripting Medium Pass Yes
10741 IBM Rational ClearQuest 'contextid' Cross-Site Scripting Medium Pass Yes
10739 ColdFusion MX User-Agent Cross-Site Scripting Medium Pass Yes
10731 JSON Hijacking Possible Medium Pass Yes
10732 IBM Rational ClearQuest 'schema' Cross-Site Scripting Medium Pass Yes
10730 Glassfish Administration Console Cross-Site Scripting Medium Pass Yes
10728 AWStats awstats.pl Cross-Site Scripting High Pass Yes
10726 Softbiz Classifieds Script index.php Cross-Site Scripting Medium Pass Yes
10727 Softbiz Classifieds Script gallery.php Cross-Site Scripting Medium Pass Yes
10840 Apache Tomcat calendar 'time' Cross-Site Scripting Medium Pass Yes
10841 Apache mod_perl perl-status Cross-Site Scripting Medium Pass Yes
10843 @Mail admin.php Cross-Site Scripting Medium Pass Yes
10844 Cisco ASA5520 Web VPN Host Header Cross-Site Scripting Medium Pass Yes
10847 Stronghold Server Cross-Site Scripting Medium Pass Yes
10848 Horde Kronolith addevent.php url Cross-Site Scripting Medium Pass Yes
10850 Apache Geronimo Cross-Site Scripting Medium Pass Yes
10851 cPanel handle.html Cross-Site Scripting High Pass Yes
Report Date: 12/12/2017 46
Cross-site Scripting Severity Pass/Fail Tested
10852 InfoBiz Server Cross-Site Scripting High Pass Yes
10853 Apache Jackrabbit search.jsp Cross-Site Scripting Medium Pass Yes
10857 Apache ActiveMQ Cross-Site Scripting Medium Pass Yes
10858 Search Engine Builder "searWords" Cross-Site Scripting Medium Pass Yes
10859 TikiWiki CMS/Groupware Cross-Site Scripting Medium Pass Yes
10860 phpMyAdmin server_export.php Cross-Site Scripting Medium Pass Yes
10862 @Mail admin.php 'type' Cross-Site Scripting Medium Pass Yes
10863 PHP-Nuke Module League Cross-Site Scripting Medium Pass Yes
10864 Vanillla updatecheck.php Cross-Site Scripting Medium Pass Yes
10865 phpMySport index.php Cross-Site Scripting Medium Pass Yes
10866 WebSphere PlantsByWebSphere ShoppingServlet 'itemqty7' Cross-Site Scripting
Medium Pass Yes
10867 AdPeeps Ad Rotator index.php Cross-Site Scripting Medium Pass Yes
10868 Novell Groupwise WebAccess 'User.Theme.index' Cross-Site Scripting
Medium Pass Yes
10870 Novell GroupWise Web Access Cross-Site Scripting Medium Pass Yes
10873 DotNetNuke ErrorPage.aspx Cross-Site Scripting Medium Pass Yes
10874 Joomla! index.php 'theme_background' Cross-SiteScripting Medium Pass Yes
10880 Pivot pivot/index.php Cross-Site Scripting Medium Pass Yes
10882 Joomla! index.php 'theme_elements' Cross-Site Scripting Medium Pass Yes
10883 Joomla! index.php 'theme_header' Cross-Site Scripting Medium Pass Yes
10913 Netflow Analyzer index.jsp 'view' Cross-Site Scripting Medium Pass Yes
10914 Netflow Analyzer index.jsp 'section' Cross-Site Scripting Medium Pass Yes
10922 Oracle Secure Enterprise Search Cross-Site Scripting Medium Pass Yes
10923 Glassfish Multiple Cross-Site Scripting Medium Pass Yes
Format String Attack Severity Pass/Fail Tested
10251 Possible Format String Injection High - No
10252 Possible .NET Format String Injection Low - No
LDAP Injection Severity Pass/Fail Tested
5493 phpLDAPadmin Arbitrary File Disclosure Critical - No
OS Commanding Severity Pass/Fail Tested
5404 Web-Portal-System 'wps_shop.cgi' Remote Command Execution
Critical - No
5409 Y.SAK Scripts Arbitrary Command Execution Vulnerability High - No
5285 Easy Message Board Arbitrary Command Execution Critical - No
5356 CSV_DB Arbitrary Command Execution Vulnerability High - No
5359 Community Link Pro Arbitrary Command Execution Vulnerability
Critical - No
5344 Affinity Path Arbitrary Command Execution Vulnerability High - No
5328 JamMail Arbitrary Command Execution Vulnerability Critical - No
5363 GlobalNoteScript Arbitrary Command Execution Critical - No
5370 probe.cgi Arbitrary Command Execution High - No
5073 Web_Store.cgi allows Command Execution Critical - No
Report Date: 12/12/2017 47
OS Commanding Severity Pass/Fail Tested
5080 eXtropia WebStore Input Validation Bug Lets Remote Users Execute Arbitrary Commands
Critical - No
5217 The Includer Arbitrary Command Execution Critical - No
10199 Universal Arbitrary Command Execution (Backticks) Critical Pass Yes
10200 Universal Arbitrary Command Execution (NULL) Critical Pass Yes
10201 Universal Arbitrary Command Execution (Newline) Critical Pass Yes
10202 Universal Arbitrary Command Execution (Pipe/Ampersand) Critical Pass Yes
10203 Universal Arbitrary Command Execution (Pipe/Ampersand/Single Quote)
Critical Pass Yes
10204 Universal Arbitrary Command Execution (Pipe/Ampersand/Double Quote)
Critical Pass Yes
10205 Universal Arbitrary Command Execution (Ampersand/Pipe) Critical Pass Yes
10351 SAPID CMF last_module PHP Code Execution High Pass Yes
10352 Pacer CMS last_module PHP Code Execution High Pass Yes
10353 Open-Realty last_module PHP Code Execution High Pass Yes
10354 Journalness last_module PHP Code Execution High Pass Yes
10288 TUTOS Cmd.php Arbitrary Command Execution Critical Pass Yes
10592 Sun Java System Active Server Pages Arbitrary Command Execution
Critical - No
3307 Penguin TraceRoute v1.0 Arbitrary Command Execution Critical - No
3255 Add2it Mailman Free Arbitrary Command Execution Critical - No
3261 lastlines.cgi Arbitrary Command Execution Critical - No
3151 IIS .htr Arbitrary Command Execution Critical - No
3387 Webcart Arbitrary Command Execution Critical - No
3396 ShopPlus Cart Arbitrary Command Execution Critical - No
3322 Sunsolve Arbitrary Command Execution Critical - No
3561 Site Searcher Arbitrary Command Execution Critical - No
4905 X-Cart Arbitrary Command Execution High - No
4886 cPanel Arbitrary Command Execution High - No
4472 HappyMall member_html.cgi Arbitrary Command Execution Critical - No
4486 CCBill Arbitrary Command Execution Critical - No
4442 zenTrack Arbitrary Command Execution Critical - No
3802 Smartsearch.cgi Arbitrary Command Execution Critical - No
3759 Mailreader Arbitrary Command Execution High - No
3774 IIS Unicode Arbitrary Command Execution (..%c1%1c..) Critical Pass Yes
4268 Psunami Bulletin Board Arbitrary Command Execution High - No
4303 cPanel guestbook.cgi Arbitrary Command Execution Critical - No
4322 Logbook Arbitrary Command Execution Critical - No
4403 HappyMall Arbitrary Command Execution Medium - No
775 Tigvote.cgi Command Execution Critical Pass Yes
858 IIS Unicode Arbitrary Command Execution (..%c1%9c..) Critical Pass Yes
859 IIS Unicode Arbitrary Command Execution (..%c1%pc..) Critical Pass Yes
860 IIS Unicode Arbitrary Command Execution (..%c1%af..) Critical Pass Yes
Report Date: 12/12/2017 48
OS Commanding Severity Pass/Fail Tested
861 IIS Unicode Arbitrary Command Execution (..%c0%af..) Critical Pass Yes
862 IIS Unicode Arbitrary Command Execution (..%c0%9v..) Critical Pass Yes
863 IIS Unicode Arbitrary Command Execution (..%c0%qf..) Critical Pass Yes
864 IIS Unicode Arbitrary Command Execution (..%c1%8s..) Critical Pass Yes
865 IIS Unicode Double Decode Arbitrary Command Execution (..%e0%80%af..)
Critical - No
866 IIS Unicode Double Decode Arbitrary Command Execution (..%f0%80%80%af..)
Critical - No
867 IIS Unicode Double Decode Arbitrary Command Execution (..%f8%80%80%80%af..)
Critical - No
868 IIS Unicode Double Decode Arbitrary Command Execution (..%fc%80%80%80%80%af..)
Critical - No
869 IIS Unicode Arbitrary Command Execution (..%c0%af..) Critical Pass Yes
628 Campus CGI Remote Execution Critical - No
629 FaxSurvey Remote Execution Critical - No
696 IRIS Performer pfdisplay.cgi Remote File Viewing Vulnerability High - No
1458 EZShopper Arbitrary Command Execution Critical - No
1459 EZShopper Arbitrary Command Execution Critical - No
1520 IIS Unicode Double Decode Arbitrary Command Execution (%c0%ae%c0%ae)
Critical - No
1365 IIS Unicode Arbitrary Command Execution (..%c1%9c..) Critical Pass Yes
2319 EZShopper Arbitrary Command Execution Critical - No
2321 Yet Another Bulletin Board Arbitrary Command Execution Critical - No
2327 Irix Webdist.cgi Arbitrary Command Execution Critical - No
2328 infosrch.cgi Arbitrary Command Execution Critical - No
2238 MailNews.cgi Arbitrary Command Execution Critical Pass Yes
2152 Parameter Manipulation Directory Traversal Command Execution (/../../../../../../../../bin/id%00|)
Critical Pass Yes
2108 GoAhead Webserver Arbitrary Command Execution Critical Pass Yes
2026 OmniHTTPD Statsconfig Arbitrary Command Execution Critical - No
1951 Sambar Arbitrary File Creation/Deletion/Disclosure (echo.bat) Critical - No
1952 Sambar Arbitrary File Creation/Deletion/Disclosure (hello.bat) Critical - No
2945 CSVForm.pl Remote Execution Critical - No
2393 IIS Unicode Double Decode Arbitrary Command Execution (..%%35%63..)
Critical - No
2395 IIS Unicode Double Decode Arbitrary Command Execution (..%%35c..)
Critical - No
2396 IIS Unicode Double Decode Arbitrary Command Execution (..%25%35%63..)
Critical - No
2846 PowerUp Arbitrary Command Execution Critical - No
2847 sglMerch Arbitrary File Disclosure Critical - No
2849 Hassan Cart Arbitrary Command Execution Critical - No
2851 Eshop Arbitrary Command Execution Critical - No
2852 IIS %u UTF Encoding Arbitrary Command Execution Critical - No
2889 DirectoryManager Remote Execution Critical - No
2890 DirectoryManager Remote Execution Critical - No
Report Date: 12/12/2017 49
OS Commanding Severity Pass/Fail Tested
2891 DirectoryManager Remote Execution Critical - No
10662 phpMyAdmin Arbitrary Command Execution Critical Pass Yes
11377 Bash Command Injection (Shell Shock) Critical Pass Yes
SQL Injection Severity Pass/Fail Tested
11298 MongoDB PHP Request Injection Attack Critical - No
11299 Blind SQL Injection (Confirmed) Critical Fail Yes
10890 IBM Rational ClearQuest main SQL Injection Critical Pass Yes
10961 Bugzilla Web Service Bug.search() SQL Injection High Pass Yes
10962 Blind SQL Injection (confirmed) Critical Pass Yes
10955 Campsite attachments.php 'article_id' Parameter SQL Injection Critical Pass Yes
11199 Blind SQL Injection (confirmed) Critical Pass Yes
11208 Blind SQL Injection Aggressive Option Critical - No
10722 SQL Query in Query String or Post Data Medium Pass Yes
10723 WordPress ShiftThis NewsLetter Plugin SQL Injection Critical Pass Yes
10721 vBulletin admincalendar.php SQL Injection High Pass Yes
10708 Joomla Com_blog SQL Injection High Pass Yes
10685 Wordpress Search Multibyte Character Set SQL Injection Critical Pass Yes
10673 OpenX SQL Injection High Pass Yes
10835 Joomla guestBook Extension 'gbid' SQL Injection Critical Pass Yes
2416 NCM Arbitrary SQL Command Execution High - No
1969 Oracle Application Server XSQL Servlet Arbitrary Java Code Execution
High - No
2025 Postaci Arbitrary SQL Command Execution High - No
152 IIS JET Engine Database Arbitrary Code Execution High - No
4362 InstaBoard SQL Injection High - No
4417 Biztalk DTA SQL Injection High - No
4343 paFileDB SQL Injection High - No
4321 PHPNuke modules.php SQL Injection High Pass Yes
4273 GeekLog users.php Cross-Site Scripting High - No
4300 Immobilier agentadmin.php SQL Injection High - No
4269 PHP TopSites SQL Injection High Pass Yes
4283 phpMyShop compte.php SQL Injection High - No
3790 Oracle Application Server PL/SQL Code Injection High Pass Yes
3805 IMP SQL Injection High - No
4241 IMP SQL Injection High Pass Yes
4851 ChiliSoft ASP 401k Sample High - No
3701 SurfControl SuperScout Multiple Vulnerabilities High - No
3702 Bugzilla createaccount.cgi SQL Injection High - No
3482 Adobe Content Server SQL Injection Critical - No
3499 Informix Web Datablade Universal SQL Injection Critical Pass Yes
3527 L-Forum Multiple Vunerabilities Critical Pass Yes
3531 Cafelog b2 Weblog Multiple Possible Vulnerabilties Critical Pass Yes
Report Date: 12/12/2017 50
SQL Injection Severity Pass/Fail Tested
3537 FUDForum Multiple Vulnerabilities Critical Pass Yes
3330 Demarc PureSecure Possible SQL Injection Critical - No
3334 Lokwa BB SQL Injection Critical - No
3335 GeekLog SQL Injection Critical - No
3357 Pforum Possible SQL Injection Critical - No
3343 MyHelpdesk Input Validation Vulnerability Critical - No
3385 phpBB bb_memberlist.php SQL Injection Critical - No
3390 PostNuke Cookie-based SQL Injection (article.php) Medium - No
3392 ezContent SQL Injection Critical - No
3308 phpGroupWare Possible SQL Injection Critical - No
3272 VP-ASP shopadmin.asp Possible SQL Injection Critical - No
10623 QuickPollScript code.php SQL Injection Critical Pass Yes
10589 Joomla DT Register SQL Injection High Pass Yes
10279 HacmeCasino SQL Injection Critical Pass Yes
10372 Crafty Syntax Live Help is_xmlhttp.php SQL Injection Critical Pass Yes
10395 SQL Injection Confirmed (No Data Extraction) Critical Pass Yes
10445 EasyNews index.php SQL Injection Critical Pass Yes
5598 Clever Copy SQL Injection Vulnerability Critical Pass Yes
5658 SQL Injection (confirmed) Critical Pass Yes
5659 Blind SQL Injection (confirmed) Critical - No
5672 Possible SQL Injection Critical - No
5605 betaparticle SQL Injection Vulnerability Critical - No
5566 Novell ZENworks Patch Management Server SQL Injection Critical - No
5572 PHP-Nuke Search Module SQL Injection Critical Pass Yes
5565 gCards news.php SQL Injection Critical Pass Yes
5577 EnvolutionFR Multiple Input Validation Issues Medium Pass Yes
5582 ASP-DEv XM Forums SQL Injection Vulnerability Medium Pass Yes
5593 PwsPHP SQL Injection Vulnerability Critical - No
5561 Zomplog SQL Injection Critical - No
5584 Edgewall Trac SQL Injection Vulnerability Critical - No
5540 My Little Forum SQL Injection Critical - No
5533 LiteCommerce SQL Injection Critical - No
5534 MX Kart and MX Shop SQL Injection Critical - No
5527 MidiCart ASP SQL Injection Critical - No
5528 MyBB misc.php 'fid' parameter SQL Injection Critical Pass Yes
5532 DeluxeBB SQL Injection Critical - No
5544 Utopia News Pro SQL Injection Critical Pass Yes
5535 NooTopList SQL Injection Critical - No
5542 phpMyFAQ SQL Injection, Arbitrary File Disclosure Critical - No
5547 Complete PHP Counter SQL Injection Critical - No
5218 SGallery SQL Injection Critical - No
Report Date: 12/12/2017 51
SQL Injection Severity Pass/Fail Tested
5213 ProjectBB SQL Injection Critical - No
5214 phpCOIN SQL Injection Critical - No
5209 Layton HelpBox Multiple SQL Injection Vulnerabilities Critical - No
5193 PHPNuke SQL Injection in search.php Critical - No
5194 PHPNuke SQL Injection in index.php Critical - No
5200 Multiple SQL Injection Vulnerabilities in Kayako eSupport Critical - No
5204 Centre Grants Administrative Access to Remote Users Critical - No
5195 PHPNuke Critical SQL Injection Vulnerability Critical - No
5197 phpBugTracker SQL Injection Vulnerability Critical - No
5222 Woltab Burning Board SQL Injection & Path Disclosure Critical - No
5223 vBulletin PHP Code Injection via template Parameter Medium - No
5220 PerlDesk SQL Injection Critical - No
5221 iG Shop SQL Injection Critical - No
5215 paFAQ Input Validation Holes Permit SQL Injection Attacks Critical - No
5225 paFileDB SQL Injection Critical - No
5228 TYPO3 Permits SQL Injection Critical - No
5244 Koobi SQL Injection Vulnerability Critical - No
5246 exoops SQL Injection Critical - No
5247 Nuke Bookmarks Permit SQL Injection, Cross-Site Scripting, and Path Disclosure
Critical - No
5248 ESMI PayPal Storefront SQL Injection Vulnerability Critical - No
5250 MercuryBoard SQL Injection Vulnerability Critical - No
5082 MyBulletinBoard "uid" SQL Injection Vulnerability Critical - No
5040 SQL Injection in phProfession Module For PostNuke Critical - No
5078 AntiBoard SQL Injection Vulnerability Critical - No
5069 PHP-Nuke SQL Injection in Reviews module High - No
5106 PostNuke Module SQL Injection Vulnerability Critical - No
5114 aspWebAlbum SQL Injection High - No
5086 Comersus SQL Injection Vulnerability Critical Pass Yes
5177 PhotoPost Classifieds Multiple Vulnerabilities Critical - No
5175 SQL Injection in PHP-Nuke Critical - No
5176 PhotoPost Pro SQL Injection in showgallery Critical - No
5178 2Bgal SQL Injection Vulnerability Critical - No
5179 SQL Injections in Ikonboard (st=) Critical - No
5180 SQL Injections in Ikonboard (keywords=) Critical - No
5122 SQL Injection in Megabbs Forum's Critical - No
5156 b2evolution "title" SQL Injection Vulnerability Critical - No
5165 SparkleBlog SQL Injection Critical - No
5167 OWL SQL Injection Critical - No
5161 SQL Injection in SGallery (PHPNuke) Critical - No
5164 MercuryBoard SQL Injection Critical - No
5038 SQL Injection in PHP-Nuke Video Gallery Module for PHP-Nuke Critical - No
Report Date: 12/12/2017 52
SQL Injection Severity Pass/Fail Tested
5022 XMB Forum SQL Injection in misc.php Critical - No
5029 PhotoPost PHP 'uploadphoto.php' SQL Injection High - No
5028 PhotoPost PHP 'comments.php' SQL Injection High - No
5062 Multiple Vulnerabilities in Invision Power Board v1.3.1 Final Critical - No
5061 Multiple Vulnerabilities in phpMyChat Critical - No
5064 VP-ASP Shopping Cart Multiple Vulnerabilities Critical - No
5045 Invision Power Board 'functions.php' SQL Injection High - No
5048 SQL Injection in PostNuke 0.726 Phoenix Critical - No
5015 phpBB privmsg.php SQL Injection Critical - No
5016 Web Wiz Forum SQL Injection High - No
5006 Multiple SQL Injections in JPortal (print.php) Critical - No
5003 Zen Cart login.php SQL Injection Vulnerability Critical Pass Yes
4929 phpBugTracker SQL Injection High - No
5371 getInternet SQL Injection Vulnerability Critical - No
5372 PHPKit SQL Injection Vulnerability Critical - No
5375 SugarCRM SQL Injection Vulnerability Critical - No
5379 2BGal SQL Injection Vulnerability Critical - No
5381 PhotoPost Pro SQL Injection Critical - No
5377 CartWIZ SQL Injection Vulnerability Critical - No
5378 Comersus SQL Injection Vulnerability Critical - No
5388 phpAuction SQL Injection and Authentication Bypass Critical - No
5386 LBE Web HelpDesk SQL Injection Critical - No
5387 phpWebSite SQL Injection in search.php Critical - No
5394 Dragonfly Commerce SQL Injection Vulnerability Critical - No
5398 class-1 Forum SQL Injection Vulnerability Critical - No
5392 MyBB member.php 'uid' parameter SQL Injection Vulnerability Critical - No
5331 CodeThat ShoppingCart SQL Injection Vulnerability Critical - No
5332 X-Cart SQL Injection Critical - No
5333 PostNuke SQL Injection (readpmsg.php) Critical - No
5345 uBlog Reload SQL Injection Vulnerability Critical - No
5337 WordPress SQL Injection and Path Disclosure Critical - No
5361 Mambo 'com_content' SQL Injection Vulnerability Critical - No
5348 MaxWebPortal SQL Injection Critical - No
5349 Serendipity SQL Injection (exit.php) Critical - No
5334 HelpCenter Live SQL Injection Critical - No
5338 CJUltra SQL Injection (out.php) Critical - No
5350 Claroline SQL Injection Critical - No
5353 UBBThreads SQL Injection Vulnerability Critical - No
5283 Calendarix SQL Injection Critical - No
5284 MetaCart SQL Injection Critical - No
5292 MyBB SQL Injection Critical - No
Report Date: 12/12/2017 53
SQL Injection Severity Pass/Fail Tested
5297 ASPPortal SQL Injection and Cross-Site Scripting Critical - No
5309 Net Portal Dynamic System (NPDS) SQL Injection Critical - No
5308 PortailPHP SQL Injection High - No
5315 enVivo!CMS SQL Injection Critical - No
5316 JGS Portal SQL Injection Critical - No
5321 BK Forum SQL Injection Vulnerability Critical - No
5317 ASP Inline Corporate Calendar SQL Injection Critical - No
5319 ProductCart SQL Injection Vulnerability Critical - No
5322 phpCOIN SQL Injection Vulnerability Critical - No
5323 socialMPN SQL Injection Vulnerability Critical - No
5257 SiteEnable SQL Injection Critical - No
5261 Active Auction House Permits SQL Injection Critical - No
5253 MX Shop Lets Remote Users Inject SQL Commands Critical - No
5254 Squirrelcart SQL Injection Critical - No
5255 Turnkey Websites Shopping Cart SQL Injection Critical - No
5256 PortalApp SQL Injection Critical - No
5267 PostNuke SQL Injection in the News module Critical - No
5269 Invision Power Board Permits SQL Injection Critical - No
5270 zOOm Media Gallery Permits SQL Injection Critical - No
5274 OneWorldStore Permit SQL Injection Critical - No
5275 OneWorldStore Multiple SQL Injection Critical - No
5277 phpBB Auction Module auction_rating.php SQL Injection Critical - No
5280 ASP Nuke Permits SQL Injection Critical - No
5281 CartWIZ Permit SQL Injection Critical - No
5410 Invision Community Blog SQL Injection Critical - No
5406 VP-ASP SQL Injection Vulnerability Critical - No
5407 Id Board SQL Injection Critical - No
5405 Ipswitch WhatsUp Professional Sql Injection Critical Pass Yes
5420 JiRo's Statistics System SQL Injection Critical Pass Yes
5415 MaxWebPortal SQL Injection Critical - No
5416 IkonBoard SQL Injection Vulnerability Critical Pass Yes
5411 WoltLab Burning Board SQL Injection Critical Pass Yes
5412 India Software Solution Shopping Cart SQL Injection Critical Pass Yes
5413 ZonGG SQL Injection Critical Pass Yes
5414 (i)Site Database Disclosure and SQL Injection Critical - No
5431 ReviewPost SQL Injection Vulnerability Critical Pass Yes
5408 Fortibus CMS SQL Injection Critical Pass Yes
5417 Event Calendar SQL Injection Vulnerability Critical - No
5425 Ocean12 Calendar Manager SQL Injection Critical Pass Yes
5426 CoolCafe SQL Injection Critical Pass Yes
5421 ASP Virtual News Manager SQL Injection Critical Pass Yes
Report Date: 12/12/2017 54
SQL Injection Severity Pass/Fail Tested
5422 NewsletterEz SQL Injection Critical Pass Yes
5423 ibProArcade SQL Injection Vulnerability Critical - No
5424 Active News Manager SQL Injection Critical Pass Yes
5432 VBZoom Forum SQL Injection Vulnerability Critical - No
5437 MySQL Eventum SQL Injection and Cross-Site Scripting Critical - No
5435 PHPList SQL Injection Critical - No
5440 Owl Intranet Engine SQL Injection Vulnerability Critical - No
5443 Ocean12 Mailing List Manager SQL Injection Critical Pass Yes
5492 Open Bulletin Board SQL Injection Critical Pass Yes
5487 PhotoPost 5.0 SQL Injection Critical - No
5490 MyBB member.php 'fid' parameter SQL Injection Critical Pass Yes
5482 ECW-Shop SQL Injection Critical - No
5483 PHPFreeNews SQL Injection Critical - No
5478 WoltLab Burning Board SQL Injection Critical - No
5481 phpWebSite SQL Injection Critical - No
5509 Hosting Controller SQL Injection Critical - No
5521 Mall23 SQL Injection Critical - No
5495 Land Down Under SQL Injection Critical - No
5514 WEB//NEWS SQL Injection Critical Pass Yes
5441 ChurchInfo SQL Injection and Path Disclosure Critical - No
5447 Gravity Board X Arbitrary Code Execution and SQL Injection Critical - No
5468 Vladersoft Shopping Cart SQL Injection Critical - No
5465 MidiCart SQL Injection Critical - No
5469 PHP Topic Board SQL Injection Critical - No
5475 Land Down Under SQL Injection and Cross-Site Scripting Critical - No
5455 PortalAPP SQL Injection Critical - No
5444 ACNews SQL Injection Critical Pass Yes
5446 OpenBook SQL Injection Critical Pass Yes
5456 Photopost PHP Pro Photo Gallery SQL Injection Critical - No
5457 ESMI Studio Products SQL Injection Critical - No
5458 ASPApp SQL Injection Critical - No
5464 PersianBlog SQL Injection Critical - No
SSI Injection Severity Pass/Fail Tested
5304 PHP Poll Remote Server Side Include High - No
616 Guestbook.pl Server-Side Include Command Execution High - No
2309 Arbitrary Server Side Include Execution Critical Pass Yes
XPath Injection Severity Pass/Fail Tested
5541 XPath Error Message Medium Pass Yes
11514 XPath Injection Critical Pass Yes
11569 XPath Injection Critical Pass Yes
SI-11: Error Handling
The information system:a. Generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries; andb. Reveals error messages only to [Assignment: organization-defined personnel or roles].Report Date: 12/12/2017 55
The information system:a. Generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries; andb. Reveals error messages only to [Assignment: organization-defined personnel or roles].
Specific Checks Severity Pass/Fail Tested
10873 DotNetNuke ErrorPage.aspx Cross-Site Scripting Medium Pass Yes
10937 File Open Error Messages Detected Info Pass Yes
10932 Server Error Response Low Fail Yes
10855 PHP Error Header Information Disclosure Low Pass Yes
5541 XPath Error Message Medium Pass Yes
5553 BEA WebLogic role-name Tag Error Medium - No
5666 ASP.NET Custom Error Full Path Disclosure Low - No
10208 PHP Error Message Low Pass Yes
10190 Possible VBScript Runtime Error Message Low Pass Yes
10187 Sun Java System Messenger Express 'error' Cross-Site Scripting
High - No
10269 .NET Verbose Errors Enabled Medium Pass Yes
10363 Mambo connector.php Error Message Script Path Disclosure Low Pass Yes
10364 OpenBiblio custom_marc_form_fields.php Error Message Path Disclosure
Low Pass Yes
10327 Error Log Information Disclosure Medium Pass Yes
10630 Apache Tomcat sendError() Cross Site Scripting Medium - No
10571 PHP open_basedir And display_errors Path Disclosure Low Pass Yes
4939 .NET Error Message Medium Pass Yes
5208 Novell GroupWise WebAccess Error Modules Loading Vulnerability
Critical - No
2256 Servlet Runtime Error Message Medium Pass Yes
2306 Jakarta Tomcat 404 Error Cross-Site Scripting High - No
2077 Java Runtime Error Message Medium Fail Yes
2172 Websphere Net.Data Error Message Medium Pass Yes
3051 Microsoft JScript Runtime Error Message High Pass Yes
3064 ASP Runtime Error Message Medium Pass Yes
742 Database Server Error Message Critical Fail Yes
745 Runtime Error Message Medium Fail Yes
1435 Shell Error Message Critical Pass Yes
1436 Shell Error Message Critical Pass Yes
1385 ColdFusion Error Message Medium Pass Yes
1498 Exception Error Message Medium Fail Yes
1518 Server Error Log Information Disclosure Medium - No
1451 Shell Error Message Critical Pass Yes
1917 nph-error.pl Application Low Pass Yes
3186 SOAP Exception Error Message Medium Pass Yes
3478 Macromedia Sitespring (500error.jsp) Cross-Site Scripting High - No
3599 Oracle Error Log (ora_errs.log) Low - No
3636 Verity Search97 Error Message Low Pass Yes
Report Date: 12/12/2017 56
Specific Checks Severity Pass/Fail Tested
4823 Jrun Server Error Message Low Pass Yes
4868 Web Connection API Error Log Medium - No
4867 Web Connection API DLL Error Log Medium - No
4423 LDAP Error Message Medium Pass Yes
4717 Server Error Response Low - No
4250 VBScript Runtime Error Message Low Pass Yes
3789 Oracle Application Server PL/SQL Error Message Low Pass Yes
SI-15: Information Output Filtering
The information system validates information output from [Assignment: organization-defined software programs and/or applications] to ensure that the information is consistent with the expected content.
Content Spoofing Severity Pass/Fail Tested
2308 PHPNuke Banners.php Administration Medium - No
10943 HTTPS Privacy/Trust Violation Medium Pass Yes
11252 User-Controllable Character Set Low Pass Yes
11365 Missing HTTP Strict-Transport-Security Header Low Pass Yes
11367 Misconfigured HTTP Strict-Transport-Security Header Low Pass Yes
11347 PostMessage Broadcast Vulnerability Medium Pass Yes
11338 Insecure OAuth Communication Channel High Pass Yes
Cross-site Scripting Severity Pass/Fail Tested
11325 PHP-Nuke "forwarder" Parameter HTTP Response Splitting Critical Pass Yes
11308 Missing Content-Type Header Low Pass Yes
11309 Browser Mime Sniffing is not disabled Low Fail Yes
11307 Reliance on X-Content-Type-Options Low Pass Yes
11362 Apache Struts ClassLoader Manipulation High - No
11269 Persistent Cross-Site Scripting Critical - No
11270 Persistent Cross-Site Scripting (User Interaction) Critical - No
10947 IBM WebSphere Portal & Lotus Notes Cross-Site Scripting High Pass Yes
10950 ASP.NET Viewstate Cross-Site Scripting High Pass Yes
10953 Microsoft SharePoint Server Cross-Site Scripting Medium Pass Yes
10954 PortWise SSL VPN Cross-Site Scripting Medium Pass Yes
10959 vBulletin Two-Step External Links "url" Parameter Cross-Site Scripting
High Pass Yes
10933 XOOPS viewpmsg.php Cross-Site Scripting Medium Pass Yes
10940 Persistent Cross-Site Scripting (XSS) Critical - No
10929 IBM Tivoli FilepathLogin.html Cross-Site Scripting Medium Pass Yes
10926 Sun Communications Express search.xml Cross-Site Scripting Medium Pass Yes
10913 Netflow Analyzer index.jsp 'view' Cross-Site Scripting Medium Pass Yes
10927 Sun Communications Express UWCMain Cross-Site Scripting Medium Pass Yes
10928 WordPress Persistent XSS (url parameter) Medium Pass Yes
11205 Third Party Undisclosed Cross-Site Scripting Critical Pass Yes
11222 Persistent Cross-Site Scripting (XSS) Critical - No
10966 PG eLMS Pro Cross-Site Scripting Medium Pass Yes
Report Date: 12/12/2017 57
Cross-site Scripting Severity Pass/Fail Tested
10967 Science Fair In A Box Cross-Site Scripting High Pass Yes
10968 Apache Axis2 Cross-Site Scripting Critical Pass Yes
10857 Apache ActiveMQ Cross-Site Scripting Medium Pass Yes
10882 Joomla! index.php 'theme_elements' Cross-Site Scripting Medium Pass Yes
10883 Joomla! index.php 'theme_header' Cross-Site Scripting Medium Pass Yes
10923 Glassfish Multiple Cross-Site Scripting Medium Pass Yes
10924 Oracle BEA Weblogic console-help.portal Cross-Site Scripting Medium Pass Yes
10914 Netflow Analyzer index.jsp 'section' Cross-Site Scripting Medium Pass Yes
10922 Oracle Secure Enterprise Search Cross-Site Scripting Medium Pass Yes
10874 Joomla! index.php 'theme_background' Cross-SiteScripting Medium Pass Yes
10880 Pivot pivot/index.php Cross-Site Scripting Medium Pass Yes
10870 Novell GroupWise Web Access Cross-Site Scripting Medium Pass Yes
10873 DotNetNuke ErrorPage.aspx Cross-Site Scripting Medium Pass Yes
10867 AdPeeps Ad Rotator index.php Cross-Site Scripting Medium Pass Yes
10868 Novell Groupwise WebAccess 'User.Theme.index' Cross-Site Scripting
Medium Pass Yes
10865 phpMySport index.php Cross-Site Scripting Medium Pass Yes
10866 WebSphere PlantsByWebSphere ShoppingServlet 'itemqty7' Cross-Site Scripting
Medium Pass Yes
10836 Owl Intranet Engine Registration Cross-Site Scripting Vulnerability
Medium Pass Yes
10853 Apache Jackrabbit search.jsp Cross-Site Scripting Medium Pass Yes
10858 Search Engine Builder "searWords" Cross-Site Scripting Medium Pass Yes
10859 TikiWiki CMS/Groupware Cross-Site Scripting Medium Pass Yes
10863 PHP-Nuke Module League Cross-Site Scripting Medium Pass Yes
10864 Vanillla updatecheck.php Cross-Site Scripting Medium Pass Yes
10860 phpMyAdmin server_export.php Cross-Site Scripting Medium Pass Yes
10862 @Mail admin.php 'type' Cross-Site Scripting Medium Pass Yes
10851 cPanel handle.html Cross-Site Scripting High Pass Yes
10852 InfoBiz Server Cross-Site Scripting High Pass Yes
10848 Horde Kronolith addevent.php url Cross-Site Scripting Medium Pass Yes
10850 Apache Geronimo Cross-Site Scripting Medium Pass Yes
10844 Cisco ASA5520 Web VPN Host Header Cross-Site Scripting Medium Pass Yes
10847 Stronghold Server Cross-Site Scripting Medium Pass Yes
10841 Apache mod_perl perl-status Cross-Site Scripting Medium Pass Yes
10843 @Mail admin.php Cross-Site Scripting Medium Pass Yes
10727 Softbiz Classifieds Script gallery.php Cross-Site Scripting Medium Pass Yes
10728 AWStats awstats.pl Cross-Site Scripting High Pass Yes
10724 Softbiz Classifieds Script signinform.php Cross-Site Scripting Medium Pass Yes
10726 Softbiz Classifieds Script index.php Cross-Site Scripting Medium Pass Yes
10730 Glassfish Administration Console Cross-Site Scripting Medium Pass Yes
10731 JSON Hijacking Possible Medium Pass Yes
10732 IBM Rational ClearQuest 'schema' Cross-Site Scripting Medium Pass Yes
Report Date: 12/12/2017 58
Cross-site Scripting Severity Pass/Fail Tested
10739 ColdFusion MX User-Agent Cross-Site Scripting Medium Pass Yes
10741 IBM Rational ClearQuest 'contextid' Cross-Site Scripting Medium Pass Yes
10743 Apache Roller 'search' Cross-Site Scripting Medium Pass Yes
10839 WebSphere PlantsByWebSphere AccountServlet 'userid' Cross-Site Scripting
Medium Pass Yes
10840 Apache Tomcat calendar 'time' Cross-Site Scripting Medium Pass Yes
10837 WebSphere PlantsByWebSphere ShoppingServlet 'category' Cross-Site Scripting
Medium Pass Yes
10838 SAP MaxDB Web Database Cross-Site Scripting Medium Pass Yes
10833 Drupal Wikitools Cross-Site Scripting Medium Pass Yes
10828 Sun ONE Calendar Express command.shtml Cross-Site Scripting
High Pass Yes
10829 Sun ONE Calendar Express command.shtml Cross-Site Scripting
High Pass Yes
10826 Oracle Forms Cross-Site Scripting Vulnerability Medium Pass Yes
10827 Sun ONE Calendar Express Cross-Site Scripting High Pass Yes
10821 FlashVar usage in ExternalInterface.call method High Pass Yes
10824 Oracle Application Server Cross-Site Scripting Medium Pass Yes
10820 Possible FlashVars Cross-Site Scripting in htmlText property bound to an Uninitialized Variable
High Pass Yes
10674 Blosxom blosxom.cgi Cross-Site Scripting Medium Pass Yes
10678 Wikyblog WhatLinksHere Cross-Site Scripting Medium Pass Yes
10680 Dokeos work.php Cross-Site Scripting Medium Pass Yes
10681 Dokeos myAgenda.php Cross-Site Scripting Medium Pass Yes
10686 Kontiki DMS 'action' Cross-Site Scripting Medium Pass Yes
10688 PHP-Nuke eWeather module modules.php Cross-Site Scripting Medium Pass Yes
10689 InfoBiz Server search_results.php Cross-Site Scripting Medium Pass Yes
10696 Website Directory index.php Cross-Site Scripting Medium Pass Yes
10697 Celoxis user.do Cross-Site Scripting Vulnerability Medium Pass Yes
10690 MediaWiki 'useskin' Cross-Site Scripting High Pass Yes
10692 WikiHiero extension for WikiMedia Cross-Site Scripting Medium Pass Yes
10698 Matterdaddy Market login.php Cross-Site Scripting Medium Pass Yes
10701 Coldfusion Fusebox index.cfm Cross-Site Scripting Medium Pass Yes
10704 WhoDomLite whois.cgi Cross-Site Scripting Medium Pass Yes
10706 Kmita Gallery search.php Cross-Site Scripting Medium Pass Yes
10709 IBM Quickr Server Calendar Cross-Site Scripting Medium Pass Yes
10702 phpMyAdmin pmd_pdf.php Cross-Site Scripting Medium Pass Yes
10707 Kmita Catalogue search.php Cross-Site Scripting Medium Pass Yes
10712 @Mail util.php Cross-Site Scripting Medium Pass Yes
10714 Novell GroupWise WebAccess Cross-Site Scripting Medium Pass Yes
10710 IBM Rational ClearQuest Web Cross-Site Scripting Medium Pass Yes
10711 Merak Mail Server index.html Cross-Site Scripting Medium Pass Yes
10725 Softbiz Classifieds Script lostpassword.php Cross-Site Scripting Medium Pass Yes
10717 Apache HTTP Method Cross-Site Scripting Medium Fail Yes
Report Date: 12/12/2017 59
Cross-site Scripting Severity Pass/Fail Tested
10718 IBM Lotus QuickPlace Main.nsf Cross-Site Scripting Medium Pass Yes
10715 SAP Web Application Server Cross-Site Scripting Medium Pass Yes
10716 RSA Authentication Agent login page Cross-Site Scripting Medium Pass Yes
10663 Drupal Link To Us Cross-Site Scripting Medium Pass Yes
10624 MediaWiki api.php Cross-Site Scripting Medium Pass Yes
10660 TimeTrex login.php Cross-Site Scripting Medium Pass Yes
10661 Juniper Networks Secure Access 2000 rdremediate.cgi Cross-Site Scripting
Medium Pass Yes
10664 DataSpade Index.asp Cross-Site Scripting Medium Pass Yes
10665 AWStats Totals awstatstotals.php Cross-Site Scripting Medium Pass Yes
10667 Maian Gallery index.php Cross-Site Scripting Medium Pass Yes
10676 WikyBlog keywordSearch Cross-Site Scripting Medium Pass Yes
10677 WikyBlog useredits Cross-Site Scripting Medium Pass Yes
10672 PHPGlossar index.php Cross-Site Scripting Medium Pass Yes
10670 Wordpress MU wpmu-blogs.php Cross-Site Scripting Medium Pass Yes
10671 IBM Rational ClearQuest Web Cross Site Scripting Medium Pass Yes
10668 Horde WebMail addevent.php Cross-Site Scripting Medium Pass Yes
10669 xtCommerce advanced_search_result.php Cross-Site Scripting Medium Pass Yes
10641 Maian Uploader header.php Multiple Cross-Site Scripting Medium Pass Yes
10642 BEA AquaLogic Interaction or Plumtree Foundation server.pt Cross-Site Scripting
Medium Pass Yes
10638 Silentum LoginSys login.php Cross-Site Scripting Medium Pass Yes
10640 Maian Guestbook footer.php Multiple Cross-Site Scripting Medium Pass Yes
10636 Xampp iart.php Cross-Site Scripting Medium Pass Yes
10637 @Mail parse.php Cross-Site Scripting Medium Pass Yes
10634 OWL register.php Cross-Site Scripting Medium Pass Yes
10635 phpMyAdmin Cross-Site Scripting Low Pass Yes
10645 F5 FirePass 4100 SSL VPN Cross-Site Scripting Medium Pass Yes
10646 eForum busca.php Cross-Site Scripting Medium Pass Yes
10643 SparkleBlog Journal.php HTML Injection Medium Pass Yes
10644 Invision Power Board Cross-Site Scripting Medium Pass Yes
10647 VBZooM Forum profile.php Cross-Site Scripting Medium Pass Yes
10648 Riverdark RSS Syndicator rss.php Cross-Site Scripting Medium Pass Yes
10657 ParaNews news.php Cross-Site Scripting Medium Pass Yes
10659 Avactis Shopping checkout.php Cart Cross-Site Scripting Medium Pass Yes
2306 Jakarta Tomcat 404 Error Cross-Site Scripting High - No
2257 phpBB search.php Cross-Site Scripting High Pass Yes
3076 WebSphere Cross-Site Scripting Medium - No
3111 Frontpage Server Extensions Shtml.dll Cross-Site Scripting High - No
3010 Log View Cross-Site Scripting Medium - No
1852 wdirs.txt Information Disclosure Critical - No
715 Jakarta Tomcat Snoop Multiple Vulnerabilities Medium - No
Report Date: 12/12/2017 60
Cross-site Scripting Severity Pass/Fail Tested
3788 Zeus Admin Interface Cross-Site Scripting High - No
3781 Zeus index.fcgi Cross-Site Scripting High - No
3756 MyMarket Cross-site Scripting High - No
3757 WebSphere Proxy Cross-Site Scripting High - No
3758 WebSphere Proxy Header Injection Cross-Site Scripting High Pass Yes
3727 vBulletin Cross-site Scripting High - No
3728 YaBB Multiple Vulnerabilities High - No
3755 Mojo Cross-Site Scripting High - No
3721 IIS .idc ISAPI Cross-site Scripting High - No
3841 SquirrelMail read_body.php Cross-Site Scripting High - No
4240 YaBBSE news_template.php Cross-Site Scripting High - No
3816 ImageFolio imagefolio.cgi Cross-Site Scripting High - No
3836 HTTP TRACE Method Cross-Site Scripting Low Pass Yes
3807 myPHPNuke Cross-Site Scripting High - No
4285 Nuked Klan Cross-site Scripting High - No
4288 Mailman Email Cross-site Scripting High - No
4295 ColdFusion index.cfm Cross-Site Scripting High - No
4273 GeekLog users.php Cross-Site Scripting High - No
4275 FormMail.cgi Cross-site Scripting High - No
4252 ImageFolio Cross-Site Scripting High - No
4266 Sambar Server results.stm Cross-Site Scripting Medium - No
4310 WWWboard Cross-Site Scripting High - No
4317 PY-Livredor Cross-site Scripting High - No
4331 ClearTrust Cross-Site Scripting High - No
4332 Gbook.php Cross-Site Scripting High - No
4349 Sambar Server ipdata.stm Cross-Site Scripting Medium - No
4344 Mambo Site Server Search Cross-Site Scripting High - No
4347 Basit Content Management Cross-Site Scripting High - No
4355 osCommerce Cross-Site Scripting High - No
4356 Ceilidh BBS Cross-Site Scripting High - No
4354 PHPNuke block-forums.php Cross-Site Scripting High - No
4411 HappyMall Cross-Site Scripting High - No
4414 Phorum Cross-Site Scripting High - No
4415 PHPNuke Your Account Cross-Site Scripting High - No
4697 GeekLog brokenfile.php Cross-Site Scripting High - No
4715 Divine Content Server Cross-Site Scripting High - No
4678 DBabble Cross-Site Scripting High - No
4690 ACart Cross-Site Scripting High - No
4794 VP-ASP Cross-Site Scripting High - No
4796 Bajie Cross-Site Scripting High - No
4744 Zoom Engine Cross-Site Scripting High - No
Report Date: 12/12/2017 61
Cross-site Scripting Severity Pass/Fail Tested
4420 eZ Publish articleview Cross-Site Scripting High - No
4424 XMB Cross-Site Scripting High - No
4427 Zeus vs_diag.cgi Cross-Site Scripting High - No
4453 JEUS Cross-Site Scripting High - No
4464 TUTOS Cross-Site Scripting High - No
4439 PHP Session ID Cross-Site Scripting High - No
4430 Saarport Webchat Cross-Site Scripting High - No
4512 OmniHTTPD Cross-Site Scripting (test-win.exe) High - No
4611 eNdonesia Cross-Site Scripting High - No
4529 Drupal main and sub page Cross-Site Scripting High - No
4639 Digital Scribe Cross-Site Scripting High - No
4646 Escapade Cross-Site Scripting High - No
4624 miniPortail Cross-Site Scripting High - No
4874 Invision Power Board 'showuser' Cross-Site Scripting High - No
4857 @Mail Cross-Site Scripting High - No
4862 VirtuaNews Cross-Site Scripting High - No
4821 Oracle 'isqlplus' Cross-Site Scripting High - No
4836 ProductCart Cross-Site Scripting High - No
4815 phpGedView Cross-Site Scripting High - No
4817 PHPNuke friend.php Cross-Site Scripting High - No
4810 OpenBB Cross-Site Scripting High - No
4811 FreznoShop Cross-Site Scripting Low - No
4904 RxGoogle Cross-Site Scripting High - No
4897 cPanel 'dotaccess' Cross-Site Scripting High - No
4875 EMU Webmail Cross-Site Scripting High - No
4911 cPanel 'dodelautores.html' Cross-Site Scripting High - No
4913 CactuShop Cross-Site Scripting High - No
4926 AzDGDatingLite Cross-Site Scripting High - No
4927 Blackboard 'calender.pl' Cross-Site Scripting High - No
4923 FTGatePro Cross-Site Scripting High - No
4924 NukeCalendar Cross-Site Scripting High - No
3663 Jakarta Tomcat ContainerServlet Cross-Site Scripting High - No
3664 Jakarta Tomcat Servlet Context Cross-Site Scripting High - No
3582 HTTP Header CRLF Injection (HTTP Response Splitting) High Pass Yes
3621 SquirrelMail Cross-Site Scripting High - No
3715 Authoria Cross-site Scripting High - No
3716 phpBBmod php.info Information Disclosure Medium - No
3719 SurfControl SuperScout Cross-site Scripting High - No
3696 phpLinkat Cross-site Scripting High - No
3700 phpWebSite Cross-site Scripting High - No
3690 myNewsGroups Cross-site Scripting High - No
Report Date: 12/12/2017 62
Cross-site Scripting Severity Pass/Fail Tested
3694 Apache Host Header Cross-site Scripting Medium - No
3665 Jakarta Tomcat Servlet WebdavStatus Cross-Site Scripting High - No
3666 NikSun Netdetector Cross-Site Scripting Medium - No
3478 Macromedia Sitespring (500error.jsp) Cross-Site Scripting High - No
3466 wops.cgi Cross-Site Scripting High - No
3471 Mewsoft Auction (terms) Cross-Site Scripting High - No
3484 GeekLog (search.php) Cross-Site Scripting High - No
3487 PostNuke Wiki Module Cross-Site Scripting High - No
3496 InterNIC Whois Cross-Site Scripting High - No
3530 Oracle Application Server usebean.jsp Cross-site Scripting High - No
3531 Cafelog b2 Weblog Multiple Possible Vulnerabilties Critical Pass Yes
3522 Falcon Webserver Cross-Site Scripting High - No
3527 L-Forum Multiple Vunerabilities Critical Pass Yes
3504 ShoutBOX Forum Cross-Site Scripting High - No
3538 Bonsai CVS Archive Cross-site Scripting Medium Pass Yes
3528 Oracle Application Server hellouser.jsp Cross-Site Scripting High - No
3529 Oracle Application Server welcomeuser.jsp Cross-site Scripting High - No
3559 Aestiva HTML/OS 'start' Cross-Site Scripting Medium - No
3560 Aestiva HTML/OS start.cgi Cross-Site Scripting Medium - No
3552 OmniHTTPD Test Application Cross-site Scripting (test.shtml) High - No
3553 OmniHTTPD Test Application Cross-site Scripting (test.php) High - No
3558 Aestiva HTML/OS 'htmlos' Cross-Site Scripting Medium - No
3196 PostCalendar Cross-Site Scripting High - No
3198 askSam as_web.exe Cross-Site Scripting High - No
3176 csSearch Command Execution Critical - No
3181 IceWarp Web Mail Cross-Site Scripting High - No
3224 Aktivate Shopping System Cross-Site Scripting High - No
3225 SGDynamo Cross-Site Scripting High - No
3193 php ImageView Configuration Information Disclosure Medium - No
3229 PHPNuke Cross-Site Scripting High - No
3230 Novell NetWare Web Search Server Cross-Site Scripting High - No
3259 Cobalt RaQ service.cgi Cross-Site Scripting High - No
3248 mcNews Cross-Site Scripting High - No
3253 Citrix NFuse Web Publishing Cross-Site Scripting High - No
3240 Easynews Arbitrary File Modification Critical - No
3243 ViewCVS Cross-Site Scripting High - No
3279 Delegate 404 Page Cross-Site Scripting High - No
3394 Splatt Forum Cross-Site Scripting High - No
3395 ColdFusion view.cfm Cross-Site Scripting High - No
3421 LilHTTP Server urlcount.cgi Cross-Site Scripting High - No
3429 Blackboard Cross-Site Scripting High - No
Report Date: 12/12/2017 63
Cross-site Scripting Severity Pass/Fail Tested
3434 Imp Webmail Cross-Site Scripting High - No
3438 BadBlue Search Cross-Site Scripting High - No
3463 Lil'HTTP Pbcgi.cgi Cross-Site Scripting High - No
3464 Fluid Dynamics Search Engine Cross-Site Scripting High - No
3460 GoAhead Webserver Cross-Site Scripting High - No
3461 Jakarta Tomcat Servlet Cross-Site Scripting High Pass Yes
3343 MyHelpdesk Input Validation Vulnerability Critical - No
3370 PHP Classifieds Cross-Site Scripting High - No
3369 Mewsoft Auction (searchstring) Cross-Site Scripting High - No
3337 Bugzilla query.cgi Cross-Site Scripting Medium Pass Yes
3339 Oracle Application Server Configurator Cross-Site Scripting High - No
3331 Anthill Cross-Site Scripting High - No
3321 PForum Cross-Site Scripting High - No
3329 php(Reactor) Cross-Site Scripting High - No
5210 Zorum Path Disclosure, Information Disclosure and Cross-Site Scripting
High - No
5212 auraCMS Path Disclosure, Cross-Site Scripting, Information Disclosure
Medium - No
5205 Ultimate PHP Board Discloses Path to Remote Users High - No
5192 PostNuke Cross-Site Scripting High - No
5234 paNews Cross-Site Scripting Attacks High - No
5231 SparkleBlog Grants Administrative Access Critical - No
5224 paFileDB Path Disclosure and Cross-Site Scripting Vulnerability High - No
5227 YaBB Conduct Cross-Site Scripting Attack Critical - No
5172 Microsoft ASP.NET or ASP Unicode Conversion Cross-Site Scripting
Critical Pass Yes
5184 Cart32 "GetLatestBuilds" Cross-Site Scripting Vulnerability High - No
5177 PhotoPost Classifieds Multiple Vulnerabilities Critical - No
5132 .NET Embedded Null Cross-Site Scripting High - No
5152 HTTP TRACK Method Cross-Site Scripting Low Pass Yes
5131 Lotus Domino Cross-Site Scripting High - No
5072 Multiple vulnerabilities in eNdonesia CMS Medium - No
5069 PHP-Nuke SQL Injection in Reviews module High - No
4936 AzDGDatingLite Cross-Site Scripting High - No
4970 OpenBB 'myhome.php' Cross-Site Scripting High - No
4971 Sambar Server 'ssienv.shtml' Cross-Site Scripting Medium - No
4958 SquirrelMail 'compose.php' Cross-Site Scripting High - No
4930 XMB 'forumdisplay.php' Cross-Site Scripting High - No
4931 PostNuke 'openwindow.php' Cross-Site Scripting High - No
4928 cPanel 'addhandle.html' Cross-Site Scripting High - No
4910 vBulletin 'index.php' Cross-Site Scripting High - No
4934 paFileDB Cross-Site Scripting High - No
4935 News Manager Lite Cross-Site Scripting High - No
Report Date: 12/12/2017 64
Cross-site Scripting Severity Pass/Fail Tested
4932 OpenBB 'member.php' Cross-Site Scripting High - No
4933 OpenBB 'index.php' Cross-Site Scripting High - No
4969 Fusion News Cross-Site Scripting High - No
5004 AspDotNetStoreFront Cross-Site Scripting High - No
5007 e107: Cross-site Scripting in clock_menu.php Critical - No
5009 e107: Cross-Site Scripting in feature called Submit News Critical Pass Yes
5014 e107: Cross-Site Scripting in feature called Email Article To A Friend
Critical Pass Yes
4991 Coppermine Photo Gallery Cross-Site Scripting High - No
4988 Sambar 'show.asp' Cross-Site Scripting Medium - No
4989 Sambar 'showerperf.asp' Cross-Site Scripting Medium - No
4983 Sambar 'dumpenv.pl' Cross-Site Scripting Medium - No
4986 Network Query Tool Cross-Site Scripting High - No
4977 NewsPHP Cross-Site Scripting High - No
4978 TurboTraffic Cross-Site Scripting High - No
5049 Cross-Site Scripting in PostNuke 0.726 Phoenix High - No
5053 CuteNews 'show_archives.php' Cross-Site Scripting High - No
5041 Cross-Site Scripting in phProfession Module For PostNuke High - No
5042 Invision Power Board 'c' Cross-Site Scripting High - No
5054 CuteNews 'show_news.php' Cross-Site Scripting High - No
5055 CuteNews 'example1.php' Cross-Site Scripting High - No
5056 CuteNews 'example2.php' Cross-Site Scripting High - No
5060 Multiple Vulnerabilities in PowerPortal High - No
5064 VP-ASP Shopping Cart Multiple Vulnerabilities Critical - No
5063 Multiple vulnerabilities in JAWS High - No
5061 Multiple Vulnerabilities in phpMyChat Critical - No
5062 Multiple Vulnerabilities in Invision Power Board v1.3.1 Final Critical - No
5032 Moodle Cross-Site Scripting High - No
5035 Cross-Site Scripting in PostNuke Phoenix High - No
5036 Cross-Site Scripting in PostNuke Phoenix High - No
5043 Invision Power Board 'UserName' Cross-Site Scripting High - No
5044 Invision Power Board 'f' Cross-Site Scripting High - No
5025 XMB Cross-Site Scripting in today.php High - No
5026 XMB Cross-Site Scripting in misc.php High - No
5023 XMB Cross-Site Scripting in post.php High - No
5024 XMB Cross-Site Scripting in forumdisplay.php High - No
5017 XMB Cross-Site Scripting in phpinfo.php High - No
5018 XMB Cross-Site Scripting in xmb.php High - No
5021 XMB Cross-Site Scripting in stats.php High - No
5019 XMB Cross-Site Scripting in stats.php High - No
5020 XMB Cross-Site Scripting in stats.php High - No
5297 ASPPortal SQL Injection and Cross-Site Scripting Critical - No
Report Date: 12/12/2017 65
Cross-site Scripting Severity Pass/Fail Tested
5312 Book Review Cross-Site Scripting and Path Disclosure Medium - No
5247 Nuke Bookmarks Permit SQL Injection, Cross-Site Scripting, and Path Disclosure
Critical - No
5266 phpMyAdmin Cross-Site Scripting High - No
5367 Phorum 'search.php' HTTP Response Splitting High - No
5355 ASP Nuke Cross-Site Scripting Vulnerability Critical - No
5384 SqWebMail HTTP Response Splitting High - No
5475 Land Down Under SQL Injection and Cross-Site Scripting Critical - No
5471 Jakarta Tomcat Manager Cross-Site Scripting High Pass Yes
5466 Oracle Reports 10g Cross-Site Scripting Medium - No
5501 ISA Server Cross-Site Scripting Low - No
5508 Silent Storm Privillege Escalation and Cross-Site Scripting High - No
5500 Oracle Reports Server Cross-Site Scripting High Pass Yes
5491 Looking Glass Arbitrary Command Execution Critical Pass Yes
5442 Web Content Management Administrative Access Critical Pass Yes
5434 Comersus Cross-Site Scripting Vulnerability Critical - No
5437 MySQL Eventum SQL Injection and Cross-Site Scripting Critical - No
5428 phpMyAdmin config.inc.php Cross-Site Scripting Medium - No
5402 Keene Digital Media Server Administrative Access High - No
10572 SMEweb bb.php Cross-Site Scripting Medium Pass Yes
10573 DocuShare Cross-Site Scripting Medium Pass Yes
10575 SamTodo index.php Cross-Site Scripting Medium Pass Yes
10577 Maian Cart header.php Cross-Site Scripting Medium Pass Yes
10567 Mini CWB connector.php Cross-Site Scripting Medium Pass Yes
10570 Campus Bulletin Board book.asp Cross-Site Scripting Medium Pass Yes
10565 Real-Estate-Website location.asp Cross-Site Scripting Medium Pass Yes
10566 doITLive showmedia.asp Cross-Site Scripting Medium Pass Yes
10593 Wordpress edit-post-rows.php Cross-Site Scripting Medium Pass Yes
10594 Web Wiz Rich Text Editor "email" Cross-Site Scripting Medium Pass Yes
10580 vBulletin memberlist.php Cross-Site Scripting Medium Pass Yes
10581 eSyndiCat register.php Multiple Cross-Site Scripting Medium Pass Yes
10578 Maian Cart footer.php Cross-Site Scripting Medium Pass Yes
10579 vBTube vbtube.php Cross-Site Scripting Medium Pass Yes
10560 Academic Web Tools Multiple Cross-Site Scripting Medium Pass Yes
10561 Vulnerable Flash Engine Allowed Best Practices - No
10558 yBlog search.php Cross-Site Scripting Medium Pass Yes
10559 Contenido index.php Cross-Site Scripting Medium Pass Yes
10555 Control Panel XE users.asp Cross-Site Scripting Medium Pass Yes
10556 Form Processor XE Cross-Site Scripting Medium Pass Yes
10553 BlogPHP index.php Cross-Site Scripting Medium Pass Yes
10554 PHP Address Book index.php Cross-Site Scripting Medium Pass Yes
10546 PHPEasyData last_records.php Cross-Site Scripting Medium Pass Yes
Report Date: 12/12/2017 66
Cross-site Scripting Severity Pass/Fail Tested
10547 OpenDocMan out.php Cross-Site Scripting Medium Pass Yes
10545 PHPEasyData annuaire.php Cross-Site Scripting Medium Pass Yes
10548 Lyris ListManager search Cross-Site Scripting Medium Pass Yes
10549 OpUtils MainLayout.do Cross-Site Scripting Medium Pass Yes
10550 SyndeoCMS index.php Cross-Site Scripting Medium Pass Yes
10552 Tornado Knowledge Retrieval searcher.exe Cross-Site Scripting Medium Pass Yes
10631 Openfire login.jsp Cross-Site Scripting Medium Pass Yes
10627 RSA WebID IISWebAgentIF.dll Cross-Site Scripting Medium Pass Yes
10632 Xampp ming.php Cross-Site Scripting Medium Pass Yes
10633 MRBS search.php Cross-Site Scripting Medium Pass Yes
10625 Maian Cart index.php Cross Site Scripting Medium Pass Yes
10626 Maian Weblog index.php Cross Site Scripting Medium Pass Yes
10630 Apache Tomcat sendError() Cross Site Scripting Medium - No
10615 Sun Java System Access Manager Cross-Site Scripting Medium Pass Yes
10616 Liferay Portal login Cross-Site Scripting Medium Pass Yes
10621 Xoops PopnupBlog module index.php Cross-Site Scripting Medium Pass Yes
10622 Photo Cart index.php Cross-Site Scripting Medium Pass Yes
10619 Benja CMS admin_edit_topmenu.php Cross-Site Scripting Medium Pass Yes
10620 Benja CMS admin_edit_submenu.php Cross-Site Scripting Medium Pass Yes
10617 Vanilla people.php Cross-Site Scripting Medium Pass Yes
10618 Benja CMS admin_new_submenu.php Cross-Site Scripting Medium Pass Yes
10614 Mambo connector.php Cross-Site Scripting Medium Pass Yes
10612 Pluck CMS themeinstall.php Cross-Site Scripting Medium Pass Yes
10613 Mambo index.php Multiple Cross-Site Scripting Medium Pass Yes
10610 Pluck CMS header.php Cross-Site Scripting Medium Pass Yes
10611 Pluck CMS header2.php Cross-Site Scripting Medium Pass Yes
10608 ActualAnalyzer view.php Cross-Site Scripting Medium Pass Yes
10609 AWStats Reflected Cross-Site Scripting High Pass Yes
10606 PhpLinkExchange index.php Cross-Site Scripting Low Pass Yes
10607 Flex CMS inc-core-admin-editor-previouscolorsjs.php Cross-Site Scripting
Medium Pass Yes
10603 Crafty Syntax Live Help livehelp_js.php Cross-Site Scripting Medium Pass Yes
10605 iCalendar index.php Cross-Site Scripting Low Pass Yes
10601 Owl Intranet Engine register.php Cross-Site Scripting Medium Pass Yes
10602 Apache HTTPD mod_proxy_ftp Wildcard XSS High Pass Yes
10597 Sun Java System Web Server advanced.jsp Cross-Site Scripting Medium Pass Yes
10599 Urchin session.cgi Cross-Site Scripting Medium Pass Yes
10458 KwsPHP ConcoursPhoto Module index.php Cross-Site Scripting Medium Pass Yes
10459 Swiki Multiple Cross-Site Scripting Medium Pass Yes
10454 PerlMailer Cross-Site Scripting Medium Pass Yes
10455 PortalApp Multiple Cross-Site Scripting Medium Pass Yes
10452 NetFlow Analyzer Cross-Site Scripting Medium Pass Yes
Report Date: 12/12/2017 67
Cross-site Scripting Severity Pass/Fail Tested
10453 OpManager Cross-Site Scripting Medium Pass Yes
10450 ServiceDesk Plus Cross-Site Scripting Medium Pass Yes
10451 Applications Manager Cross-Site Scripting Medium Pass Yes
10475 Omnistar Live kb.php Cross-Site Scripting Medium Pass Yes
10476 AlstraSoft Template Seller Pro fullview.php Cross-Site Scripting Medium Pass Yes
10473 cpCommerce calendar.php Cross-Site Scripting Medium Pass Yes
10474 Php-Stats whois.php Cross-Site Scripting Medium Pass Yes
10469 LiveCart Multiple Cross-Site Scripting Vulnerabilities Medium Pass Yes
10471 CandyPress utilities_ConfigHelp.asp Cross-Site Scripting Medium Pass Yes
10464 Simple Gallery index.php Cross-Site Scripting Medium Pass Yes
10465 ManageEngine Firewall Analyzer mindex.do Cross-Site Scripting
Medium Pass Yes
10499 i.List search.php Cross-Site Scripting Medium Pass Yes
10500 cpLinks search.php Cross-Site Scripting Medium Pass Yes
10496 vlBook Cross-Site Scripting Medium Pass Yes
10498 LabWiki Cross-Site Scripting Medium Pass Yes
10488 Advanced Electron Forums index.php Cross-Site Scripting Medium Pass Yes
10489 BolinOS gBPassword.php Cross-Site Scripting Medium Pass Yes
10494 NextAge Cart index.php Cross-Site Scripting Medium Pass Yes
10495 MusicBox Cross-Site Scripting Medium Pass Yes
10486 ContRay search.cgi Cross-Site Scripting Medium Pass Yes
10487 OSI Affiliate login.php Cross-Site Scripting Medium Pass Yes
10483 BolinOS gBImageViewer.php Cross-Site Scripting Medium Pass Yes
10484 BolinOS gBLoginPage.php Cross-Site Scripting Medium Pass Yes
10460 MegaBBS upload.asp Cross-Site Scripting Medium Pass Yes
10480 Acidcat CMS admin_colors_swatch.asp Cross-Site Scripting Medium Pass Yes
10481 BusinessObjects XI logon.object Cross-Site Scripting Medium Pass Yes
10528 Tomcat Host Manager Cross-Site Scripting Medium Pass Yes
10529 Netrix products.php Cross-Site Scripting Medium Pass Yes
10524 Quate CMS Multiple Cross-Site Scripting Medium Pass Yes
10525 phpFreeForum Multiple Cross Site Scripting Vulnerabilities Medium Pass Yes
10522 Calcium Web Calendar Calcium40.pl Cross-Site Scripting Medium Pass Yes
10523 AppServ index.php Cross-Site Scripting Medium Pass Yes
10519 CMS Faethon search.php Cross-Site Scripting Medium Pass Yes
10520 Zomplog category.php Cross Site Scripting Medium Pass Yes
10538 PHP Image Gallery index.php Cross-Site Scripting Medium Pass Yes
10540 Realm CMS compact.asp Cross-Site Scripting Low Pass Yes
10536 SchoolCenter URL "admin" Cross-Site Scripting Medium Pass Yes
10537 Calendarix Cross-Site Scripting Medium Pass Yes
10533 DotNetNuke Default.aspx Cross-Site Scripting Medium Pass Yes
10535 SchoolCenter URL "components" Cross-Site Scripting Medium Pass Yes
10531 Itech Classifieds viewcat.php Cross-Site Scripting Medium Pass Yes
Report Date: 12/12/2017 68
Cross-site Scripting Severity Pass/Fail Tested
10532 phpInstantGallery Cross-Site Scripting Medium Pass Yes
10517 MJGuest guestbook.php Cross-Site Scripting Medium Pass Yes
10518 BMForum Multiple Cross-Site Scripting Medium Pass Yes
10515 WordPress Footnotes Plugin admin_panel.php 'post_footnotes' Cross-Site Scripting
Medium Pass Yes
10516 Mantis return_dynamic_filters.php Cross-Site Scripting Medium Pass Yes
10513 phpVID search_results.php Cross-Site Scripting Medium Pass Yes
10514 Build A Niche Store search.php Cross-Site Scripting Medium Pass Yes
10511 WordPress Footnotes Plugin admin_panel.php 'pre_footnotes' Cross-Site Scripting
Medium Pass Yes
10503 Snitz Forums 2000 setup.asp Cross-Site Scripting Medium Pass Yes
10504 Sphider search.php Cross-Site Scripting Medium Pass Yes
10501 BolinOS gBselectorContents.php Cross-Site Scripting Medium Pass Yes
10502 BolinOS gBLoginPage.php POST parameter "formlogin" Cross-Site Scripting
Medium Pass Yes
10508 Maian Support footer.php Cross-Site Scripting Medium Pass Yes
10510 WordPress Footnotes Plugin admin_panel.php 'style_rules' Cross-Site Scripting
Medium Pass Yes
10507 Tux CMS Multiple Cross-Site Scripting Medium Pass Yes
10328 ITechBids item_id Cross-Site Scripting Medium Pass Yes
10330 ITechClassifieds CatID Cross-Site Scripting Medium Pass Yes
10326 MySpace Scripts Poll Creator index.php Cross-Site Scripting Medium Pass Yes
10319 QontentOne Search Cross-Site Scripting Medium Pass Yes
10338 Apache Tomcat CookieExample Cross-Site Scripting Medium Pass Yes
10339 rwAuction Pro Cross-Site Scripting Low Pass Yes
10336 WordPress Footnotes Plugin admin_panel.php 'priority' Cross-Site Scripting
Medium Pass Yes
10337 Apache Tomcat SendMailServlet Example Cross-Site Scripting Medium Pass Yes
10355 WordPress Search Unleashed Plugin Possible Cross-Site Scripting
Medium Pass Yes
10356 Sift Unity search.cgi Cross-Site Scripting Medium Pass Yes
10357 Crafty Syntax Live Help lostsheep.php Cross-Site Scripting Medium Pass Yes
10340 PHPSlideshow "directory" Cross Site Scripting Medium Pass Yes
10331 eTicket index.php Cross-Site Scripting High Pass Yes
10350 Jinzora Media Jukebox Multiple Cross -Site Scripting Medium Pass Yes
10277 SiteMinder Web Agent Smpwservices.fcc Cross-Site Scripting High Pass Yes
10276 F5 FirePass SSL VPN Cross-Site Scripting High Pass Yes
10293 Acrobat Connect SWF Possible Cross-Site Scripting Medium Pass Yes
10289 Apache mod_status Refresh Cross-Site-Scripting Medium - No
10290 InfoSoft FusionCharts/PowerCharts Possible Remote SWF Inclusion
Medium Pass Yes
10291 Dreamweaver SWF Possible Cross-Site Scripting Medium Pass Yes
10292 Camtasia Studio Possible Remote SWF Inclusion Medium Pass Yes
10309 Uniwin eCart Cross-Site Scripting Medium Pass Yes
10314 Coppermine Photo Gallery showdoc.php Cross-Site Scripting Medium Pass Yes
Report Date: 12/12/2017 69
Cross-site Scripting Severity Pass/Fail Tested
10304 AmpJuke Search Cross-Site Scripting Medium Pass Yes
10305 Nucleus CMS Cross-Site Scripting Medium Pass Yes
10320 BlogPHP Cross-Site Scripting Low Pass Yes
10325 Domain Trader catalog.php Cross-Site Scripting Medium Pass Yes
10303 webSPELL Who Is Online Cross-Site Scripting Medium Pass Yes
10399 access2asp Cross-Site Scripting Medium Pass Yes
10400 FMDeluxe Cross-Site Scripting Medium Pass Yes
10407 PHP iCalendar week.php Cross-Site Scripting Medium Pass Yes
10408 PHP iCalendar year.php Cross-Site Scripting Medium Pass Yes
10401 Savvy Content Manager searchresults.cfm Cross-Site Scripting Medium Pass Yes
10406 Mambo MOStlyCE connector.php Cross-Site Scripting Medium Pass Yes
10360 Cacti graph.php Cross-Site Scripting Medium Pass Yes
10361 Cacti graph_view.php Cross-Site Scripting Medium Pass Yes
10369 Crafty Syntax Live Help user_questions.php Cross-Site Scripting
Medium Pass Yes
10371 Crafty Syntax Live Help leavemessage.php Cross-Site Scripting Medium Pass Yes
10367 Matt's Whois Cross-Site Scripting Medium Pass Yes
10368 Crafty Syntax Live Help livehelp.php Cross-Site Scripting Medium Pass Yes
10447 ProjectPier index.php Cross-Site Scripting Medium Pass Yes
10448 SupportCenter Plus Cross-Site Scripting Medium Pass Yes
10449 EventLog Analyzer Cross-Site Scripting Medium Pass Yes
10444 EasyNews index.php Cross-Site Scripting Medium Pass Yes
10441 Blackboard Academic Suite 'viewCatalog' Cross-Site Scripting Medium Pass Yes
10442 DigiDomain Multiple Cross-Site Scripting Medium Pass Yes
10432 Falt4 CMS index.php 'handler' Parameter Cross-Site Scripting Medium Pass Yes
10433 Photo Cart 4.1 Multiple Cross-Site Scripting Medium Pass Yes
10430 EasyCalendar calendar_backend.php Cross-Site Scripting Medium Pass Yes
10431 Simple Forum forum.php 'date_show' Parameter Cross-Site Scripting
Medium Pass Yes
10427 Jeebles Directory Cross-Site Scripting Medium Pass Yes
10429 phpAddressBook index.php Cross-Site Scripting Medium Pass Yes
10409 MyioSoft EasyGallery Multiple Cross-Site Scripting Medium Pass Yes
10424 sNews CMS Cross-Site Scripting Medium Pass Yes
10241 Flash Unrestricted Cross-Domain Access Medium Pass Yes
10187 Sun Java System Messenger Express 'error' Cross-Site Scripting
High - No
10195 Tomcat Snoop.jsp Example Cross-Site Scripting Medium - No
5652 Apache Expect Header Cross-site Scripting Vulnerability High Pass Yes
10044 HTML Tag Injection Medium Fail Yes
5606 PHP phpinfo() Conduct Cross-Site Scripting Vulnerability Medium Pass Yes
5607 Sire Cross-Site Scripting Medium - No
5608 NOCC Cross-Site Scripting Vulnerability Medium - No
5609 NOCC Cross-Site Scripting Vulnerability Medium - No
Report Date: 12/12/2017 70
Cross-site Scripting Severity Pass/Fail Tested
5610 NOCC Cross-Site Scripting Vulnerability Medium - No
5611 NOCC Cross-Site Scripting Vulnerability Medium - No
5649 Cross-Site Scripting Critical Fail Yes
5650 Cross-Site Scripting (User Interaction) Critical Fail Yes
5543 Encoded embedded email Cross-Site Scripting Critical Pass Yes
5523 IBM Lotus Domino Cross-Site Scripting Medium - No
5538 URL Encoded Embedded Email Cross-Site Scripting Medium Pass Yes
5591 Parameter Escape Cross-Site Scripting Critical Pass Yes
5604 Aweb's Banner Generator Cross-Site Scripting Vulnerability Medium - No
5600 Struts Cross-Site Scripting Vulnerability Medium Pass Yes
5601 phpMyAdmin index.php Cross-Site Scripting Medium - No
5602 ExplorerXP Cross-Site Scripting Vulnerability Medium - No
5603 Blank'N'Berg Cross-Site Scripting Vulnerability Medium - No
5580 DRZES HMS Input Validation Vulnerability Medium - No
5563 RSA ACE/Agent Cross-Site Scripting Medium - No
5574 Null Character Cross-Site Scripting Critical Pass Yes
SQL Injection Severity Pass/Fail Tested
5572 PHP-Nuke Search Module SQL Injection Critical Pass Yes
5565 gCards news.php SQL Injection Critical Pass Yes
5566 Novell ZENworks Patch Management Server SQL Injection Critical - No
5577 EnvolutionFR Multiple Input Validation Issues Medium Pass Yes
5582 ASP-DEv XM Forums SQL Injection Vulnerability Medium Pass Yes
5584 Edgewall Trac SQL Injection Vulnerability Critical - No
5593 PwsPHP SQL Injection Vulnerability Critical - No
5598 Clever Copy SQL Injection Vulnerability Critical Pass Yes
5540 My Little Forum SQL Injection Critical - No
5534 MX Kart and MX Shop SQL Injection Critical - No
5535 NooTopList SQL Injection Critical - No
5527 MidiCart ASP SQL Injection Critical - No
5528 MyBB misc.php 'fid' parameter SQL Injection Critical Pass Yes
5532 DeluxeBB SQL Injection Critical - No
5533 LiteCommerce SQL Injection Critical - No
5544 Utopia News Pro SQL Injection Critical Pass Yes
5547 Complete PHP Counter SQL Injection Critical - No
5542 phpMyFAQ SQL Injection, Arbitrary File Disclosure Critical - No
5561 Zomplog SQL Injection Critical - No
5605 betaparticle SQL Injection Vulnerability Critical - No
5672 Possible SQL Injection Critical - No
5658 SQL Injection (confirmed) Critical Pass Yes
5659 Blind SQL Injection (confirmed) Critical - No
10445 EasyNews index.php SQL Injection Critical Pass Yes
Report Date: 12/12/2017 71
SQL Injection Severity Pass/Fail Tested
10395 SQL Injection Confirmed (No Data Extraction) Critical Pass Yes
10372 Crafty Syntax Live Help is_xmlhttp.php SQL Injection Critical Pass Yes
10279 HacmeCasino SQL Injection Critical Pass Yes
10623 QuickPollScript code.php SQL Injection Critical Pass Yes
10589 Joomla DT Register SQL Injection High Pass Yes
5405 Ipswitch WhatsUp Professional Sql Injection Critical Pass Yes
5406 VP-ASP SQL Injection Vulnerability Critical - No
5407 Id Board SQL Injection Critical - No
5408 Fortibus CMS SQL Injection Critical Pass Yes
5410 Invision Community Blog SQL Injection Critical - No
5411 WoltLab Burning Board SQL Injection Critical Pass Yes
5414 (i)Site Database Disclosure and SQL Injection Critical - No
5415 MaxWebPortal SQL Injection Critical - No
5412 India Software Solution Shopping Cart SQL Injection Critical Pass Yes
5413 ZonGG SQL Injection Critical Pass Yes
5416 IkonBoard SQL Injection Vulnerability Critical Pass Yes
5417 Event Calendar SQL Injection Vulnerability Critical - No
5420 JiRo's Statistics System SQL Injection Critical Pass Yes
5421 ASP Virtual News Manager SQL Injection Critical Pass Yes
5431 ReviewPost SQL Injection Vulnerability Critical Pass Yes
5432 VBZoom Forum SQL Injection Vulnerability Critical - No
5426 CoolCafe SQL Injection Critical Pass Yes
5424 Active News Manager SQL Injection Critical Pass Yes
5425 Ocean12 Calendar Manager SQL Injection Critical Pass Yes
5422 NewsletterEz SQL Injection Critical Pass Yes
5423 ibProArcade SQL Injection Vulnerability Critical - No
5435 PHPList SQL Injection Critical - No
5437 MySQL Eventum SQL Injection and Cross-Site Scripting Critical - No
5440 Owl Intranet Engine SQL Injection Vulnerability Critical - No
5441 ChurchInfo SQL Injection and Path Disclosure Critical - No
5443 Ocean12 Mailing List Manager SQL Injection Critical Pass Yes
5444 ACNews SQL Injection Critical Pass Yes
5490 MyBB member.php 'fid' parameter SQL Injection Critical Pass Yes
5492 Open Bulletin Board SQL Injection Critical Pass Yes
5481 phpWebSite SQL Injection Critical - No
5482 ECW-Shop SQL Injection Critical - No
5483 PHPFreeNews SQL Injection Critical - No
5487 PhotoPost 5.0 SQL Injection Critical - No
5495 Land Down Under SQL Injection Critical - No
5521 Mall23 SQL Injection Critical - No
5509 Hosting Controller SQL Injection Critical - No
Report Date: 12/12/2017 72
SQL Injection Severity Pass/Fail Tested
5514 WEB//NEWS SQL Injection Critical Pass Yes
5468 Vladersoft Shopping Cart SQL Injection Critical - No
5469 PHP Topic Board SQL Injection Critical - No
5475 Land Down Under SQL Injection and Cross-Site Scripting Critical - No
5478 WoltLab Burning Board SQL Injection Critical - No
5464 PersianBlog SQL Injection Critical - No
5465 MidiCart SQL Injection Critical - No
5457 ESMI Studio Products SQL Injection Critical - No
5458 ASPApp SQL Injection Critical - No
5446 OpenBook SQL Injection Critical Pass Yes
5447 Gravity Board X Arbitrary Code Execution and SQL Injection Critical - No
5455 PortalAPP SQL Injection Critical - No
5456 Photopost PHP Pro Photo Gallery SQL Injection Critical - No
5381 PhotoPost Pro SQL Injection Critical - No
5378 Comersus SQL Injection Vulnerability Critical - No
5379 2BGal SQL Injection Vulnerability Critical - No
5375 SugarCRM SQL Injection Vulnerability Critical - No
5377 CartWIZ SQL Injection Vulnerability Critical - No
5371 getInternet SQL Injection Vulnerability Critical - No
5372 PHPKit SQL Injection Vulnerability Critical - No
5392 MyBB member.php 'uid' parameter SQL Injection Vulnerability Critical - No
5398 class-1 Forum SQL Injection Vulnerability Critical - No
5394 Dragonfly Commerce SQL Injection Vulnerability Critical - No
5387 phpWebSite SQL Injection in search.php Critical - No
5388 phpAuction SQL Injection and Authentication Bypass Critical - No
5386 LBE Web HelpDesk SQL Injection Critical - No
5361 Mambo 'com_content' SQL Injection Vulnerability Critical - No
5353 UBBThreads SQL Injection Vulnerability Critical - No
5349 Serendipity SQL Injection (exit.php) Critical - No
5350 Claroline SQL Injection Critical - No
5337 WordPress SQL Injection and Path Disclosure Critical - No
5338 CJUltra SQL Injection (out.php) Critical - No
5345 uBlog Reload SQL Injection Vulnerability Critical - No
5348 MaxWebPortal SQL Injection Critical - No
5333 PostNuke SQL Injection (readpmsg.php) Critical - No
5334 HelpCenter Live SQL Injection Critical - No
5331 CodeThat ShoppingCart SQL Injection Vulnerability Critical - No
5332 X-Cart SQL Injection Critical - No
5267 PostNuke SQL Injection in the News module Critical - No
5248 ESMI PayPal Storefront SQL Injection Vulnerability Critical - No
5261 Active Auction House Permits SQL Injection Critical - No
Report Date: 12/12/2017 73
SQL Injection Severity Pass/Fail Tested
5256 PortalApp SQL Injection Critical - No
5257 SiteEnable SQL Injection Critical - No
5254 Squirrelcart SQL Injection Critical - No
5255 Turnkey Websites Shopping Cart SQL Injection Critical - No
5281 CartWIZ Permit SQL Injection Critical - No
5283 Calendarix SQL Injection Critical - No
5277 phpBB Auction Module auction_rating.php SQL Injection Critical - No
5280 ASP Nuke Permits SQL Injection Critical - No
5274 OneWorldStore Permit SQL Injection Critical - No
5275 OneWorldStore Multiple SQL Injection Critical - No
5269 Invision Power Board Permits SQL Injection Critical - No
5270 zOOm Media Gallery Permits SQL Injection Critical - No
5315 enVivo!CMS SQL Injection Critical - No
5316 JGS Portal SQL Injection Critical - No
5317 ASP Inline Corporate Calendar SQL Injection Critical - No
5323 socialMPN SQL Injection Vulnerability Critical - No
5319 ProductCart SQL Injection Vulnerability Critical - No
5321 BK Forum SQL Injection Vulnerability Critical - No
5322 phpCOIN SQL Injection Vulnerability Critical - No
5308 PortailPHP SQL Injection High - No
5309 Net Portal Dynamic System (NPDS) SQL Injection Critical - No
5292 MyBB SQL Injection Critical - No
5297 ASPPortal SQL Injection and Cross-Site Scripting Critical - No
5284 MetaCart SQL Injection Critical - No
5022 XMB Forum SQL Injection in misc.php Critical - No
5038 SQL Injection in PHP-Nuke Video Gallery Module for PHP-Nuke Critical - No
5040 SQL Injection in phProfession Module For PostNuke Critical - No
5028 PhotoPost PHP 'comments.php' SQL Injection High - No
5029 PhotoPost PHP 'uploadphoto.php' SQL Injection High - No
5061 Multiple Vulnerabilities in phpMyChat Critical - No
5062 Multiple Vulnerabilities in Invision Power Board v1.3.1 Final Critical - No
5064 VP-ASP Shopping Cart Multiple Vulnerabilities Critical - No
5045 Invision Power Board 'functions.php' SQL Injection High - No
5048 SQL Injection in PostNuke 0.726 Phoenix Critical - No
5003 Zen Cart login.php SQL Injection Vulnerability Critical Pass Yes
5015 phpBB privmsg.php SQL Injection Critical - No
5016 Web Wiz Forum SQL Injection High - No
5006 Multiple SQL Injections in JPortal (print.php) Critical - No
4929 phpBugTracker SQL Injection High - No
5069 PHP-Nuke SQL Injection in Reviews module High - No
5078 AntiBoard SQL Injection Vulnerability Critical - No
Report Date: 12/12/2017 74
SQL Injection Severity Pass/Fail Tested
5082 MyBulletinBoard "uid" SQL Injection Vulnerability Critical - No
5122 SQL Injection in Megabbs Forum's Critical - No
5086 Comersus SQL Injection Vulnerability Critical Pass Yes
5114 aspWebAlbum SQL Injection High - No
5106 PostNuke Module SQL Injection Vulnerability Critical - No
5175 SQL Injection in PHP-Nuke Critical - No
5176 PhotoPost Pro SQL Injection in showgallery Critical - No
5177 PhotoPost Classifieds Multiple Vulnerabilities Critical - No
5180 SQL Injections in Ikonboard (keywords=) Critical - No
5178 2Bgal SQL Injection Vulnerability Critical - No
5179 SQL Injections in Ikonboard (st=) Critical - No
5167 OWL SQL Injection Critical - No
5164 MercuryBoard SQL Injection Critical - No
5165 SparkleBlog SQL Injection Critical - No
5156 b2evolution "title" SQL Injection Vulnerability Critical - No
5161 SQL Injection in SGallery (PHPNuke) Critical - No
5228 TYPO3 Permits SQL Injection Critical - No
5225 paFileDB SQL Injection Critical - No
5221 iG Shop SQL Injection Critical - No
5222 Woltab Burning Board SQL Injection & Path Disclosure Critical - No
5223 vBulletin PHP Code Injection via template Parameter Medium - No
5213 ProjectBB SQL Injection Critical - No
5244 Koobi SQL Injection Vulnerability Critical - No
5246 exoops SQL Injection Critical - No
5247 Nuke Bookmarks Permit SQL Injection, Cross-Site Scripting, and Path Disclosure
Critical - No
5250 MercuryBoard SQL Injection Vulnerability Critical - No
5253 MX Shop Lets Remote Users Inject SQL Commands Critical - No
5193 PHPNuke SQL Injection in search.php Critical - No
5194 PHPNuke SQL Injection in index.php Critical - No
5195 PHPNuke Critical SQL Injection Vulnerability Critical - No
5204 Centre Grants Administrative Access to Remote Users Critical - No
5197 phpBugTracker SQL Injection Vulnerability Critical - No
5200 Multiple SQL Injection Vulnerabilities in Kayako eSupport Critical - No
5209 Layton HelpBox Multiple SQL Injection Vulnerabilities Critical - No
5214 phpCOIN SQL Injection Critical - No
5215 paFAQ Input Validation Holes Permit SQL Injection Attacks Critical - No
5218 SGallery SQL Injection Critical - No
5220 PerlDesk SQL Injection Critical - No
3330 Demarc PureSecure Possible SQL Injection Critical - No
3334 Lokwa BB SQL Injection Critical - No
3335 GeekLog SQL Injection Critical - No
Report Date: 12/12/2017 75
SQL Injection Severity Pass/Fail Tested
3357 Pforum Possible SQL Injection Critical - No
3343 MyHelpdesk Input Validation Vulnerability Critical - No
3392 ezContent SQL Injection Critical - No
3390 PostNuke Cookie-based SQL Injection (article.php) Medium - No
3385 phpBB bb_memberlist.php SQL Injection Critical - No
3308 phpGroupWare Possible SQL Injection Critical - No
3272 VP-ASP shopadmin.asp Possible SQL Injection Critical - No
3531 Cafelog b2 Weblog Multiple Possible Vulnerabilties Critical Pass Yes
3537 FUDForum Multiple Vulnerabilities Critical Pass Yes
3527 L-Forum Multiple Vunerabilities Critical Pass Yes
3499 Informix Web Datablade Universal SQL Injection Critical Pass Yes
3482 Adobe Content Server SQL Injection Critical - No
3702 Bugzilla createaccount.cgi SQL Injection High - No
3701 SurfControl SuperScout Multiple Vulnerabilities High - No
4851 ChiliSoft ASP 401k Sample High - No
4417 Biztalk DTA SQL Injection High - No
4362 InstaBoard SQL Injection High - No
4343 paFileDB SQL Injection High - No
4321 PHPNuke modules.php SQL Injection High Pass Yes
4300 Immobilier agentadmin.php SQL Injection High - No
4269 PHP TopSites SQL Injection High Pass Yes
4273 GeekLog users.php Cross-Site Scripting High - No
4283 phpMyShop compte.php SQL Injection High - No
3805 IMP SQL Injection High - No
4241 IMP SQL Injection High Pass Yes
3790 Oracle Application Server PL/SQL Code Injection High Pass Yes
152 IIS JET Engine Database Arbitrary Code Execution High - No
2416 NCM Arbitrary SQL Command Execution High - No
2025 Postaci Arbitrary SQL Command Execution High - No
1969 Oracle Application Server XSQL Servlet Arbitrary Java Code Execution
High - No
10673 OpenX SQL Injection High Pass Yes
10723 WordPress ShiftThis NewsLetter Plugin SQL Injection Critical Pass Yes
10721 vBulletin admincalendar.php SQL Injection High Pass Yes
10722 SQL Query in Query String or Post Data Medium Pass Yes
10708 Joomla Com_blog SQL Injection High Pass Yes
10685 Wordpress Search Multibyte Character Set SQL Injection Critical Pass Yes
10835 Joomla guestBook Extension 'gbid' SQL Injection Critical Pass Yes
10890 IBM Rational ClearQuest main SQL Injection Critical Pass Yes
10961 Bugzilla Web Service Bug.search() SQL Injection High Pass Yes
10962 Blind SQL Injection (confirmed) Critical Pass Yes
11199 Blind SQL Injection (confirmed) Critical Pass Yes
Report Date: 12/12/2017 76
SQL Injection Severity Pass/Fail Tested
11208 Blind SQL Injection Aggressive Option Critical - No
10955 Campsite attachments.php 'article_id' Parameter SQL Injection Critical Pass Yes
11298 MongoDB PHP Request Injection Attack Critical - No
11299 Blind SQL Injection (Confirmed) Critical Fail Yes
Report Date: 12/12/2017 77