· 6 years ago · Jan 05, 2020, 07:58 AM
1#######################################################################################################################################
2======================================================================================================================================
3Hostname www.owlertonstadium.co.uk ISP Ukfast.net Limited
4Continent Europe Flag
5GB
6Country United Kingdom Country Code GB
7Region Unknown Local time 05 Jan 2020 06:38 GMT
8City Unknown Postal Code Unknown
9IP Address 194.39.164.140 Latitude 51.496
10 Longitude -0.122
11=======================================================================================================================================
12#######################################################################################################################################
13> www.owlertonstadium.co.uk
14Server: 38.132.106.139
15Address: 38.132.106.139#53
16
17Non-authoritative answer:
18www.owlertonstadium.co.uk canonical name = owlertonstadium.co.uk.
19Name: owlertonstadium.co.uk
20Address: 194.39.164.140
21>
22#######################################################################################################################################
23
24 Domain name:
25 owlertonstadium.co.uk
26
27 Data validation:
28 Nominet was able to match the registrant's name and address against a 3rd party data source on 10-Dec-2012
29
30 Registrar:
31 34SP.com Limited [Tag = 34SP]
32 URL: http://www.34sp.com
33
34 Relevant dates:
35 Registered on: 12-Jul-2001
36 Expiry date: 12-Jul-2021
37 Last updated: 11-Jul-2019
38
39 Registration status:
40 Registered until expiry date.
41
42 Name servers:
43 ns.34sp.com
44 ns2.34sp.com
45
46 WHOIS lookup made at 06:40:40 05-Jan-2020
47
48######################################################################################################################################
49[+] Target : www.owlertonstadium.co.uk
50
51[+] IP Address : 194.39.164.140
52
53[+] Headers :
54
55[+] Server : nginx
56[+] Date : Sun, 05 Jan 2020 06:56:12 GMT
57[+] Content-Type : text/html; charset=UTF-8
58[+] Transfer-Encoding : chunked
59[+] Connection : keep-alive
60[+] X-Powered-By : PHP/7.0.33, PleskLin
61[+] Last-Modified : Sat, 04 Jan 2020 22:39:06 GMT
62[+] Vary : Accept-Encoding
63[+] Content-Encoding : gzip
64[+] Cache-Control : max-age=0
65[+] Expires : Sun, 05 Jan 2020 06:56:12 GMT
66
67[+] SSL Certificate Information :
68
69[+] commonName : owlertonstadium.co.uk
70[+] countryName : US
71[+] organizationName : Let's Encrypt
72[+] commonName : Let's Encrypt Authority X3
73[+] Version : 3
74[+] Serial Number : 037C0770C9F1FD50F5B1D1DAB81AAA26490B
75[+] Not Before : Nov 23 14:49:15 2019 GMT
76[+] Not After : Feb 21 14:49:15 2020 GMT
77[+] OCSP : ('http://ocsp.int-x3.letsencrypt.org',)
78[+] subject Alt Name : (('DNS', 'owlertonstadium.co.uk'), ('DNS', 'www.owlertonstadium.co.uk'))
79[+] CA Issuers : ('http://cert.int-x3.letsencrypt.org/',)
80
81[+] Whois Lookup :
82
83[+] NIR : None
84[+] ASN Registry : ripencc
85[+] ASN : 61323
86[+] ASN CIDR : 194.39.164.0/22
87[+] ASN Country Code : GB
88[+] ASN Date : 2018-07-26
89[+] ASN Description : SECARMA, GB
90[+] cidr : 194.39.164.0/24
91[+] name : UK-ECLOUDHYB-1
92[+] handle : NL202-RIPE
93[+] range : 194.39.164.0 - 194.39.164.255
94[+] description : None
95[+] country : GB
96[+] state : None
97[+] city : None
98[+] address : UKFast Campus
99Manchester
100M15 5QJ
101[+] postal_code : None
102[+] emails : None
103[+] created : 2019-06-10T09:02:55Z
104[+] updated : 2019-06-10T09:02:55Z
105
106[+] Crawling Target...
107
108[+] Looking for robots.txt........[ Found ]
109[+] Extracting robots Links.......[ 2 ]
110[+] Looking for sitemap.xml.......[ Found ]
111[+] Extracting sitemap Links......[ 9 ]
112[+] Extracting CSS Links..........[ 20 ]
113[+] Extracting Javascript Links...[ 2 ]
114[+] Extracting Internal Links.....[ 44 ]
115[+] Extracting External Links.....[ 10 ]
116[+] Extracting Images.............[ 20 ]
117
118[+] Total Links Extracted : 107
119
120[+] Dumping Links in /opt/FinalRecon/dumps/www.owlertonstadium.co.uk.dump
121[+] Completed!
122######################################################################################################################################
123[i] Scanning Site: https://www.owlertonstadium.co.uk
124
125
126
127B A S I C I N F O
128====================
129
130
131[+] Site Title: Home - Owlerton Stadium
132[+] IP address: 194.39.164.140
133[+] Web Server: nginx
134[+] CMS: WordPress
135[+] Cloudflare: Not Detected
136[+] Robots File: Found
137
138-------------[ contents ]----------------
139User-agent: *
140Disallow: /wp-admin/
141Allow: /wp-admin/admin-ajax.php
142
143-----------[end of contents]-------------
144
145
146
147W H O I S L O O K U P
148========================
149
150
151 Domain name:
152 owlertonstadium.co.uk
153
154 Data validation:
155 Nominet was able to match the registrant's name and address against a 3rd party data source on 10-Dec-2012
156
157 Registrar:
158 34SP.com Limited [Tag = 34SP]
159 URL: http://www.34sp.com
160
161 Relevant dates:
162 Registered on: 12-Jul-2001
163 Expiry date: 12-Jul-2021
164 Last updated: 11-Jul-2019
165
166 Registration status:
167 Registered until expiry date.
168
169 Name servers:
170 ns.34sp.com
171 ns2.34sp.com
172
173 WHOIS lookup made at 06:56:31 05-Jan-2020
174
175--
176
177
178
179
180G E O I P L O O K U P
181=========================
182
183[i] IP Address: 194.39.164.140
184[i] Country: United Kingdom
185[i] State:
186[i] City:
187[i] Latitude: 51.4964
188[i] Longitude: -0.1224
189
190
191
192
193H T T P H E A D E R S
194=======================
195
196
197[i] HTTP/1.1 200 OK
198[i] Server: nginx
199[i] Date: Sun, 05 Jan 2020 06:56:32 GMT
200[i] Content-Type: text/html; charset=UTF-8
201[i] Connection: close
202[i] Vary: Accept-Encoding
203[i] X-Powered-By: PHP/7.0.33
204[i] Last-Modified: Sat, 04 Jan 2020 22:39:06 GMT
205[i] Vary: Accept-Encoding
206[i] Cache-Control: max-age=0
207[i] Expires: Sun, 05 Jan 2020 06:56:32 GMT
208[i] X-Powered-By: PleskLin
209
210
211
212
213D N S L O O K U P
214===================
215
216owlertonstadium.co.uk. 3599 IN SOA ns.34sp.com. hostmaster.34sp.com. 2019072913 3600 3600 604800 3600
217owlertonstadium.co.uk. 3599 IN TXT "201904300835466bji5anddmsbdy4shgpiq5niqp7ggby5sc35znmnleqhclsa4p"
218owlertonstadium.co.uk. 3599 IN TXT "MS=ms23007649"
219owlertonstadium.co.uk. 3599 IN TXT "v=spf1 include:spf.protection.outlook.com include:securenetgate9.com -all"
220owlertonstadium.co.uk. 3599 IN MX 0 owlertonstadium-co-uk.mail.protection.outlook.com.
221owlertonstadium.co.uk. 3599 IN A 194.39.164.140
222owlertonstadium.co.uk. 3599 IN NS ns.34sp.com.
223owlertonstadium.co.uk. 3599 IN NS ns2.34sp.com.
224
225
226
227
228S U B N E T C A L C U L A T I O N
229====================================
230
231Address = 194.39.164.140
232Network = 194.39.164.140 / 32
233Netmask = 255.255.255.255
234Broadcast = not needed on Point-to-Point links
235Wildcard Mask = 0.0.0.0
236Hosts Bits = 0
237Max. Hosts = 1 (2^0 - 0)
238Host Range = { 194.39.164.140 - 194.39.164.140 }
239
240
241
242N M A P P O R T S C A N
243============================
244
245Starting Nmap 7.70 ( https://nmap.org ) at 2020-01-05 06:56 UTC
246Nmap scan report for owlertonstadium.co.uk (194.39.164.140)
247Host is up (0.079s latency).
248rDNS record for 194.39.164.140: 194.39.164.140.srvlist.ukfast.net
249
250PORT STATE SERVICE
25121/tcp open ftp
25222/tcp filtered ssh
25323/tcp filtered telnet
25480/tcp open http
255110/tcp open pop3
256143/tcp filtered imap
257443/tcp open https
2583389/tcp filtered ms-wbt-server
259
260Nmap done: 1 IP address (1 host up) scanned in 1.82 seconds
261
262
263
264S U B - D O M A I N F I N D E R
265==================================
266
267
268[i] Total Subdomains Found : 4
269
270[+] Subdomain: owa.owlertonstadium.co.uk
271[-] IP: 46.183.13.53
272
273[+] Subdomain: marketing.owlertonstadium.co.uk
274[-] IP: 159.69.44.203
275
276[+] Subdomain: mail.owlertonstadium.co.uk
277[-] IP: 46.183.13.250
278
279[+] Subdomain: privatesmtp.owlertonstadium.co.uk
280[-] IP: 80.82.119.103
281######################################################################################################################################
282[+] Starting At 2020-01-05 01:57:20.216398
283[+] Collecting Information On: https://www.owlertonstadium.co.uk/
284[#] Status: 200
285--------------------------------------------------
286[#] Web Server Detected: nginx
287[#] X-Powered-By: PHP/7.0.33, PleskLin
288[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
289- Server: nginx
290- Date: Sun, 05 Jan 2020 06:57:18 GMT
291- Content-Type: text/html; charset=UTF-8
292- Transfer-Encoding: chunked
293- Connection: keep-alive
294- X-Powered-By: PHP/7.0.33, PleskLin
295- Last-Modified: Sat, 04 Jan 2020 22:39:06 GMT
296- Vary: Accept-Encoding
297- Content-Encoding: gzip
298- Cache-Control: max-age=0
299- Expires: Sun, 05 Jan 2020 06:57:18 GMT
300--------------------------------------------------
301[#] Finding Location..!
302[#] status: success
303[#] country: United Kingdom
304[#] countryCode: GB
305[#] region: ENG
306[#] regionName: England
307[#] city: London
308[#] zip: W1B
309[#] lat: 51.5074
310[#] lon: -0.127758
311[#] timezone: Europe/London
312[#] isp: Secarma Group Limited
313[#] org: Ecloudhyb
314[#] as: AS61323 SECARMA GROUP LIMITED
315[#] query: 194.39.164.140
316--------------------------------------------------
317[x] Didn't Detect WAF Presence on: https://www.owlertonstadium.co.uk/
318--------------------------------------------------
319[#] Starting Reverse DNS
320[-] Failed ! Fail
321--------------------------------------------------
322[!] Scanning Open Port
323[#] 21/tcp open ftp
324[#] 80/tcp open http
325[#] 110/tcp open pop3
326[#] 443/tcp open https
327[#] 465/tcp open smtps
328[#] 587/tcp open submission
329[#] 993/tcp open imaps
330[#] 2020/tcp open xinupageserver
331[#] 8443/tcp open https-alt
332--------------------------------------------------
333[+] Getting SSL Info
334{'OCSP': ('http://ocsp.int-x3.letsencrypt.org',),
335 'caIssuers': ('http://cert.int-x3.letsencrypt.org/',),
336 'issuer': ((('countryName', 'US'),),
337 (('organizationName', "Let's Encrypt"),),
338 (('commonName', "Let's Encrypt Authority X3"),)),
339 'notAfter': 'Feb 21 14:49:15 2020 GMT',
340 'notBefore': 'Nov 23 14:49:15 2019 GMT',
341 'serialNumber': '037C0770C9F1FD50F5B1D1DAB81AAA26490B',
342 'subject': ((('commonName', 'owlertonstadium.co.uk'),),),
343 'subjectAltName': (('DNS', 'owlertonstadium.co.uk'),
344 ('DNS', 'www.owlertonstadium.co.uk')),
345 'version': 3}
346-----BEGIN CERTIFICATE-----
347MIIFejCCBGKgAwIBAgISA+KWCKjgFFl2UOXKfu3iIaTMMA0GCSqGSIb3DQEBCwUA
348MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
349ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTEyMDkxMDE2MjdaFw0y
350MDAzMDgxMDE2MjdaMB8xHTAbBgNVBAMTFG91dGhvdXNlLW1lZGlhLmNvLnVrMIIB
351IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdLrFrzNax5CtdTWKAEz80Ga
352wDTzKefK5mZZygs5TZ2eZ15BBQGcUJvDk5FXDkHqh4lry3pRHAgJcKjC1uzyM23q
353CtZ32BQPrxRxmNv/gH9UQeBNtbIcuGNyNZHFHGlWvl5ve92ttW92v2v0DyMUGMCb
354hOTyp0/LobfCNUaWlshovKuOPTyncb6fDW5iZ2yd3UMYkL9VPoUlDZNPoYOIPSlL
355Bk72aSo0L8NZDoCnWtSqd40scEe8GBxsXVQBrdBLUl4iIaXlGqdAtMYQqkapDRdq
356DeBP0sPrk6gU9UbGV1rSZb7Ypja72cxNXbPAX3te4RrFuUJxWMi2R7TrVLIPkwID
357AQABo4ICgzCCAn8wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
358BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQQbgtYns5cu6DQOpbT
359tw7y2bVXvjAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEF
360BQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5j
361cnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5j
362cnlwdC5vcmcvMDcGA1UdEQQwMC6CFioub3V0aG91c2UtbWVkaWEuY28udWuCFG91
363dGhvdXNlLW1lZGlhLmNvLnVrMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQB
364gt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3Jn
365MIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAb1N2rDHwMRnYmQCkURX/dxUcEdkC
366wQApBo2yCJo32RMAAAFu6l/zVQAABAMASDBGAiEA+lBnITZyLQ5pi3/M2RrKlejv
367xK/TbV1IBYoEWH2zd9wCIQDm74uIqLo4bZHlFfZ36QC7uZ7Ypvlya2QRknIfcLuH
3689wB3AAe3XBvlfWj/8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABbupf820AAAQD
369AEgwRgIhAIh9qpkJz4YqppxHiMec1e9TwQE16/sbrzIE7XGhoUn5AiEAkR+CBSnj
370BYCuec4NyVoPwJnwa2tJn1SJuV1OY6RZXxYwDQYJKoZIhvcNAQELBQADggEBAIA9
371JEJAA/50d/dF7mqR+GAXxQykNSJPd59LessPx7fUpNXV4P/1/+6TtDS0gEyyKCJh
3729A7irrwyXb4WxQ3ZnGGsa9AGdquGAY/iZAmzB81ffXCpkeF48sVuzmYKpSRBOatx
373eDbxYOqClUDV/swgYqnTYBPUyNQaOfCn/UlNio+K5dDOSxSc7SzDXbUwESf9JLap
3742cyn2GsM+2BdmRPJJgJlD9qSvKgWy2rqsjxiToQEbOm0G3Z/CkP4T7i6N0VFMcRv
375vxc1klsxqHwvVpzjog+Dbe2b7pPwX/1jASeVUKiAPjnpDZJqi2mRvE9yyvYDRvzb
376HqMigb3Xy5T1TJWrg5k=
377-----END CERTIFICATE-----
378
379--------------------------------------------------
380[+] Collecting Information Disclosure!
381[#] Detecting sitemap.xml file
382[!] sitemap.xml File Found: https://www.owlertonstadium.co.uk/sitemap_index.xml
383[#] Detecting robots.txt file
384[!] robots.txt File Found: https://www.owlertonstadium.co.uk//robots.txt
385[#] Detecting GNU Mailman
386[-] GNU Mailman App Not Detected!?
387--------------------------------------------------
388[+] Crawling Url Parameter On: https://www.owlertonstadium.co.uk/
389--------------------------------------------------
390[#] Searching Html Form !
391[+] Html Form Discovered
392[#] action: /
393[#] class: None
394[#] id: gform_5
395[#] method: post
396--------------------------------------------------
397[!] Found 15 dom parameter
398[#] https://www.owlertonstadium.co.uk/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.owlertonstadium.co.uk%2F&format=xml
399[#] https://www.owlertonstadium.co.uk//#
400[#] https://www.owlertonstadium.co.uk//#
401[#] https://www.owlertonstadium.co.uk//#
402[#] https://www.owlertonstadium.co.uk//#
403[#] https://www.owlertonstadium.co.uk//#
404[#] https://www.owlertonstadium.co.uk//#
405[#] https://www.owlertonstadium.co.uk//#
406[#] https://www.owlertonstadium.co.uk//#
407[#] https://www.owlertonstadium.co.uk//#
408[#] https://www.owlertonstadium.co.uk//#
409[#] https://www.owlertonstadium.co.uk//#
410[#] https://www.owlertonstadium.co.uk//#
411[#] https://www.owlertonstadium.co.uk/#racetimes
412[#] https://www.youtube.com/watch?v=E-GNZCJyi5s&has_verified=1
413--------------------------------------------------
414[!] 3 Internal Dynamic Parameter Discovered
415[+] https://www.owlertonstadium.co.uk/xmlrpc.php?rsd
416[+] https://www.owlertonstadium.co.uk/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.owlertonstadium.co.uk%2F
417[+] https://www.owlertonstadium.co.uk/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.owlertonstadium.co.uk%2F&format=xml
418--------------------------------------------------
419[!] 5 External Dynamic Parameter Discovered
420[#] https://www.instagram.com/owlertonstadium/?hl=en
421[#] https://www.youtube.com/watch?v=E-GNZCJyi5s&has_verified=1
422[#] https://www.instagram.com/owlertonstadium/?hl=en
423[#] https://fonts.googleapis.com/css?family=Rubik:400%7COpen+Sans:400%2C300%7CRoboto:400
424[#] https://fonts.googleapis.com/css?family=Rubik:400%7COpen+Sans:400%2C300%7CRoboto:400
425--------------------------------------------------
426[!] 160 Internal links Discovered
427[+] https://www.owlertonstadium.co.uk/xmlrpc.php
428[+] https://www.owlertonstadium.co.uk/
429[+] https://www.owlertonstadium.co.uk/feed/
430[+] https://www.owlertonstadium.co.uk/wp-includes/wlwmanifest.xml
431[+] https://www.owlertonstadium.co.uk/wp-content/uploads/2019/07/cropped-logo2-32x32.png
432[+] https://www.owlertonstadium.co.uk/wp-content/uploads/2019/07/cropped-logo2-192x192.png
433[+] https://www.owlertonstadium.co.uk/wp-content/uploads/2019/07/cropped-logo2-180x180.png
434[+] https://www.owlertonstadium.co.uk/contact
435[+] https://www.owlertonstadium.co.uk//mailto:enquiries@owlertonstadium.co.uk
436[+] https://www.owlertonstadium.co.uk//tel:0114 234 3074
437[+] https://www.owlertonstadium.co.uk/
438[+] https://www.owlertonstadium.co.uk/executive-boxes/
439[+] https://www.owlertonstadium.co.uk/vip-experience/
440[+] https://www.owlertonstadium.co.uk/restaurant/
441[+] https://www.owlertonstadium.co.uk/bars/
442[+] https://www.owlertonstadium.co.uk/restaurant/
443[+] https://www.owlertonstadium.co.uk/executive-boxes/
444[+] https://www.owlertonstadium.co.uk/vip-experience/
445[+] https://www.owlertonstadium.co.uk/bars/
446[+] https://www.owlertonstadium.co.uk/snack-bar/
447[+] https://www.owlertonstadium.co.uk/packages/
448[+] https://www.owlertonstadium.co.uk/results-calendar/
449[+] https://www.owlertonstadium.co.uk/results-calendar/
450[+] https://www.owlertonstadium.co.uk/how-to-bet/
451[+] https://www.owlertonstadium.co.uk/greyhound-welfare/
452[+] https://www.owlertonstadium.co.uk/results-calendar/schedule/
453[+] https://www.owlertonstadium.co.uk/fab-free-tuesday/
454[+] https://www.owlertonstadium.co.uk/birthdays/
455[+] https://www.owlertonstadium.co.uk/stag-and-hen-parties/
456[+] https://www.owlertonstadium.co.uk/venue-hire/
457[+] https://www.owlertonstadium.co.uk/stock-car-racing/
458[+] https://www.owlertonstadium.co.uk/speedway/
459[+] https://www.owlertonstadium.co.uk/owlerton-blog/
460[+] https://www.owlertonstadium.co.uk/bookings/
461[+] https://www.owlertonstadium.co.uk/
462[+] https://www.owlertonstadium.co.uk/executive-boxes/
463[+] https://www.owlertonstadium.co.uk/vip-experience/
464[+] https://www.owlertonstadium.co.uk/restaurant/
465[+] https://www.owlertonstadium.co.uk/bars/
466[+] https://www.owlertonstadium.co.uk/restaurant/
467[+] https://www.owlertonstadium.co.uk/executive-boxes/
468[+] https://www.owlertonstadium.co.uk/vip-experience/
469[+] https://www.owlertonstadium.co.uk/bars/
470[+] https://www.owlertonstadium.co.uk/snack-bar/
471[+] https://www.owlertonstadium.co.uk/packages/
472[+] https://www.owlertonstadium.co.uk/results-calendar/
473[+] https://www.owlertonstadium.co.uk/results-calendar/
474[+] https://www.owlertonstadium.co.uk/how-to-bet/
475[+] https://www.owlertonstadium.co.uk/greyhound-welfare/
476[+] https://www.owlertonstadium.co.uk/results-calendar/schedule/
477[+] https://www.owlertonstadium.co.uk/fab-free-tuesday/
478[+] https://www.owlertonstadium.co.uk/birthdays/
479[+] https://www.owlertonstadium.co.uk/stag-and-hen-parties/
480[+] https://www.owlertonstadium.co.uk/venue-hire/
481[+] https://www.owlertonstadium.co.uk/stock-car-racing/
482[+] https://www.owlertonstadium.co.uk/speedway/
483[+] https://www.owlertonstadium.co.uk/owlerton-blog/
484[+] https://www.owlertonstadium.co.uk/bookings/
485[+] https://www.owlertonstadium.co.uk/
486[+] https://www.owlertonstadium.co.uk/executive-boxes/
487[+] https://www.owlertonstadium.co.uk/vip-experience/
488[+] https://www.owlertonstadium.co.uk/restaurant/
489[+] https://www.owlertonstadium.co.uk/bars/
490[+] https://www.owlertonstadium.co.uk/restaurant/
491[+] https://www.owlertonstadium.co.uk/executive-boxes/
492[+] https://www.owlertonstadium.co.uk/vip-experience/
493[+] https://www.owlertonstadium.co.uk/bars/
494[+] https://www.owlertonstadium.co.uk/snack-bar/
495[+] https://www.owlertonstadium.co.uk/packages/
496[+] https://www.owlertonstadium.co.uk/results-calendar/
497[+] https://www.owlertonstadium.co.uk/results-calendar/
498[+] https://www.owlertonstadium.co.uk/how-to-bet/
499[+] https://www.owlertonstadium.co.uk/greyhound-welfare/
500[+] https://www.owlertonstadium.co.uk/results-calendar/schedule/
501[+] https://www.owlertonstadium.co.uk/fab-free-tuesday/
502[+] https://www.owlertonstadium.co.uk/birthdays/
503[+] https://www.owlertonstadium.co.uk/stag-and-hen-parties/
504[+] https://www.owlertonstadium.co.uk/venue-hire/
505[+] https://www.owlertonstadium.co.uk/stock-car-racing/
506[+] https://www.owlertonstadium.co.uk/speedway/
507[+] https://www.owlertonstadium.co.uk/owlerton-blog/
508[+] https://www.owlertonstadium.co.uk/bookings/
509[+] https://www.owlertonstadium.co.uk/
510[+] https://www.owlertonstadium.co.uk/executive-boxes/
511[+] https://www.owlertonstadium.co.uk/vip-experience/
512[+] https://www.owlertonstadium.co.uk/restaurant/
513[+] https://www.owlertonstadium.co.uk/bars/
514[+] https://www.owlertonstadium.co.uk/restaurant/
515[+] https://www.owlertonstadium.co.uk/executive-boxes/
516[+] https://www.owlertonstadium.co.uk/vip-experience/
517[+] https://www.owlertonstadium.co.uk/bars/
518[+] https://www.owlertonstadium.co.uk/snack-bar/
519[+] https://www.owlertonstadium.co.uk/packages/
520[+] https://www.owlertonstadium.co.uk/results-calendar/
521[+] https://www.owlertonstadium.co.uk/results-calendar/
522[+] https://www.owlertonstadium.co.uk/how-to-bet/
523[+] https://www.owlertonstadium.co.uk/greyhound-welfare/
524[+] https://www.owlertonstadium.co.uk/results-calendar/schedule/
525[+] https://www.owlertonstadium.co.uk/fab-free-tuesday/
526[+] https://www.owlertonstadium.co.uk/birthdays/
527[+] https://www.owlertonstadium.co.uk/stag-and-hen-parties/
528[+] https://www.owlertonstadium.co.uk/venue-hire/
529[+] https://www.owlertonstadium.co.uk/stock-car-racing/
530[+] https://www.owlertonstadium.co.uk/speedway/
531[+] https://www.owlertonstadium.co.uk/owlerton-blog/
532[+] https://www.owlertonstadium.co.uk/all-packages/
533[+] https://www.owlertonstadium.co.uk/fab-free-tuesday/
534[+] https://www.owlertonstadium.co.uk/bookings/
535[+] https://www.owlertonstadium.co.uk/fab-free-tuesday/
536[+] https://www.owlertonstadium.co.uk/bookings/
537[+] https://www.owlertonstadium.co.uk/birthdays/
538[+] https://www.owlertonstadium.co.uk/fab-free-tuesday/
539[+] https://www.owlertonstadium.co.uk/offers-and-packages/
540[+] https://www.owlertonstadium.co.uk/results-calendar/
541[+] https://www.owlertonstadium.co.uk/restaurant/
542[+] https://www.owlertonstadium.co.uk/restaurant/
543[+] https://www.owlertonstadium.co.uk/bookings/
544[+] https://www.owlertonstadium.co.uk/bookings/
545[+] https://www.owlertonstadium.co.uk/bookings/
546[+] https://www.owlertonstadium.co.uk/bookings/
547[+] https://www.owlertonstadium.co.uk/bookings/
548[+] https://www.owlertonstadium.co.uk/bookings/
549[+] https://www.owlertonstadium.co.uk/bars/
550[+] https://www.owlertonstadium.co.uk/how-to-bet/
551[+] https://www.owlertonstadium.co.uk/all-packages/
552[+] https://www.owlertonstadium.co.uk/how-to-bet/
553[+] https://www.owlertonstadium.co.uk/all-packages/
554[+] https://www.owlertonstadium.co.uk/all-packages/
555[+] https://www.owlertonstadium.co.uk/restaurant/
556[+] https://www.owlertonstadium.co.uk/owlerton-blog/
557[+] https://www.owlertonstadium.co.uk/birthday-party-venues-in-sheffield/
558[+] https://www.owlertonstadium.co.uk/category/blog/
559[+] https://www.owlertonstadium.co.uk/birthday-party-venues-in-sheffield/
560[+] https://www.owlertonstadium.co.uk/birthday-party-venues-in-sheffield/
561[+] https://www.owlertonstadium.co.uk/looking-for-bars-in-sheffield/
562[+] https://www.owlertonstadium.co.uk/category/blog/
563[+] https://www.owlertonstadium.co.uk/looking-for-bars-in-sheffield/
564[+] https://www.owlertonstadium.co.uk/looking-for-bars-in-sheffield/
565[+] https://www.owlertonstadium.co.uk/christmas-parties-in-sheffield/
566[+] https://www.owlertonstadium.co.uk/category/news/
567[+] https://www.owlertonstadium.co.uk/christmas-parties-in-sheffield/
568[+] https://www.owlertonstadium.co.uk/christmas-parties-in-sheffield/
569[+] https://www.owlertonstadium.co.uk//mailto:enquiries@owlertonstadium.co.uk
570[+] https://www.owlertonstadium.co.uk//tel:0114 234 3074
571[+] https://www.owlertonstadium.co.uk/our-team/
572[+] https://www.owlertonstadium.co.uk/owlerton-blog/
573[+] https://www.owlertonstadium.co.uk/faq
574[+] https://www.owlertonstadium.co.uk/fundraising
575[+] https://www.owlertonstadium.co.uk/sponsorship/
576[+] https://www.owlertonstadium.co.uk/stock-car-racing/
577[+] https://www.owlertonstadium.co.uk/venue-hire/
578[+] https://www.owlertonstadium.co.uk/corporate-hospitality/
579[+] https://www.owlertonstadium.co.uk/advertising/
580[+] https://www.owlertonstadium.co.uk/careers/
581[+] https://www.owlertonstadium.co.uk/partnerships/
582[+] https://www.owlertonstadium.co.uk/responsible-gambling/
583[+] https://www.owlertonstadium.co.uk/privacy-policy/
584[+] https://www.owlertonstadium.co.uk/cookie-policy/
585[+] https://www.owlertonstadium.co.uk/terms/
586[+] https://owlertonstadium.co.uk/bookings
587--------------------------------------------------
588[!] 10 External links Discovered
589[#] https://twitter.com/OwlertonStadium
590[#] https://www.facebook.com/OwlertonGreyhoundStadium
591[#] https://www.youtube.com/user/owlertonstadium1
592[#] https://www.facebook.com/OwlertonGreyhoundStadium
593[#] https://twitter.com/OwlertonStadium
594[#] https://www.youtube.com/user/owlertonstadium1
595[#] https://www.begambleaware.org/
596[#] http://www.sheffield-speedway.com/
597[#] https://www.greyhoundtrustsheffield.com
598[#] http://tickets.owlertongreyhoundracingstadium.co.uk/mi-eventmaster/html/em/website/cart.pl
599--------------------------------------------------
600[#] Mapping Subdomain..
601[!] Found 5 Subdomain
602- owlertonstadium.co.uk
603- owa.owlertonstadium.co.uk
604- marketing.owlertonstadium.co.uk
605- mail.owlertonstadium.co.uk
606- privatesmtp.owlertonstadium.co.uk
607--------------------------------------------------
608[!] Done At 2020-01-05 01:57:43.431068
609#######################################################################################################################################
610Trying "owlertonstadium.co.uk"
611;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43573
612;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 4
613
614;; QUESTION SECTION:
615;owlertonstadium.co.uk. IN ANY
616
617;; ANSWER SECTION:
618owlertonstadium.co.uk. 3600 IN TXT "MS=ms23007649"
619owlertonstadium.co.uk. 3600 IN TXT "v=spf1 include:spf.protection.outlook.com include:securenetgate9.com -all"
620owlertonstadium.co.uk. 3600 IN TXT "201904300835466bji5anddmsbdy4shgpiq5niqp7ggby5sc35znmnleqhclsa4p"
621owlertonstadium.co.uk. 3600 IN MX 0 owlertonstadium-co-uk.mail.protection.outlook.com.
622owlertonstadium.co.uk. 3600 IN A 194.39.164.140
623owlertonstadium.co.uk. 3600 IN SOA ns.34sp.com. hostmaster.34sp.com. 2019072913 3600 3600 604800 3600
624owlertonstadium.co.uk. 3600 IN NS ns.34sp.com.
625owlertonstadium.co.uk. 3600 IN NS ns2.34sp.com.
626
627;; ADDITIONAL SECTION:
628ns2.34sp.com. 30707 IN AAAA 2a02:170:20:1::34
629ns.34sp.com. 30707 IN AAAA 2a00:1ee0:1:10::5052:706c
630ns2.34sp.com. 30707 IN A 89.21.0.52
631ns.34sp.com. 30707 IN A 80.82.112.108
632
633Received 484 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 131 ms
634######################################################################################################################################
635
636; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace owlertonstadium.co.uk any
637;; global options: +cmd
638. 80046 IN NS j.root-servers.net.
639. 80046 IN NS c.root-servers.net.
640. 80046 IN NS d.root-servers.net.
641. 80046 IN NS b.root-servers.net.
642. 80046 IN NS i.root-servers.net.
643. 80046 IN NS g.root-servers.net.
644. 80046 IN NS m.root-servers.net.
645. 80046 IN NS h.root-servers.net.
646. 80046 IN NS f.root-servers.net.
647. 80046 IN NS k.root-servers.net.
648. 80046 IN NS l.root-servers.net.
649. 80046 IN NS a.root-servers.net.
650. 80046 IN NS e.root-servers.net.
651. 80046 IN RRSIG NS 8 0 518400 20200117200000 20200104190000 33853 . kMi2mZzQjbKFx893b4YE9E45mUx9+GF+PtH7CC8ggigx3Z6Oo2jf70IL gYE9g+UcUF7XU240hRvzAgA4n1gkCQXlrQ1zhtFnHkk4QbsX7/v+N1dB viDPyJB37Q91OFdGv5jKPeWNkfqVdAu4hD/RiDU3PXM7C+pzx/CdXe4n 310Nqi9kTwhu+5mz70mHWctbSJmvsUjFkFQsJgK3Hh875atllBhWToTc s0r0E7q4wFIjAa8e9dNsvjP6YxLAQrORCJJYibTV1BQAEqMX/k/mN0Q4 yZMQ7yc01qUYyVwXzF2VVEby0eznxTBLTTaLOZXYQ4W6hI/uHIOHyDuV hb8Rpg==
652;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 118 ms
653
654uk. 172800 IN NS dns1.nic.uk.
655uk. 172800 IN NS dns4.nic.uk.
656uk. 172800 IN NS nsa.nic.uk.
657uk. 172800 IN NS nsd.nic.uk.
658uk. 172800 IN NS nsc.nic.uk.
659uk. 172800 IN NS nsb.nic.uk.
660uk. 172800 IN NS dns3.nic.uk.
661uk. 172800 IN NS dns2.nic.uk.
662uk. 86400 IN DS 43876 8 2 A107ED2AC1BD14D924173BC7E827A1153582072394F9272BA37E2353 BC659603
663uk. 86400 IN RRSIG DS 8 1 86400 20200118050000 20200105040000 33853 . eFGBZ+0ahKRsvut9FyobxEv1EPCWztB+l1JbrCrWzXdPg1I4EAu5kcCr K7eozRrOMWqkVpzBDAd2qeoFHj9ta4NdgC+8pPBPtezNmfpBXOawQhXW TdNHq9PfgX8Fm7YD13LN/gp5K0cja1s75PfZtKWRhShIMgh1/09heCg5 rA/bSY316NPaM6/VguSW3D/DtsB7VFMa4zX3RzBrGPgDmkbl1IlsHDuF QS4q3r9rYIC+kBC7NjiYFvJf62z700tQxXJugjI0DDi4FRH/FTFcps2h XTSG6CQ16TzykR4+y68RgkzTXdoyPXGekLrFGeS4D4s+xsF9C7vF4rO4 FCuQHg==
664;; Received 805 bytes from 2001:503:ba3e::2:30#53(a.root-servers.net) in 49 ms
665
666owlertonstadium.co.uk. 172800 IN NS ns.34sp.com.
667owlertonstadium.co.uk. 172800 IN NS ns2.34sp.com.
668g9f1kiihm8m9vhjk7lrvetbqceogjiqp.co.uk. 10800 IN NSEC3 1 1 0 - G9HKV8PHGJ1NMH94L9RMIQM0J64UCIPK NS SOA RRSIG DNSKEY NSEC3PARAM TYPE65534
669g9f1kiihm8m9vhjk7lrvetbqceogjiqp.co.uk. 10800 IN RRSIG NSEC3 8 3 10800 20200205163637 20200101160526 33621 co.uk. NIc15uO0dUvuUTCLQ4te9yYNRvnA7zXCatXC154bHeexd+xYqXJnKNC3 RPHrn0MSGgJbgXp8BJiGXeDyVZvRph91vTfUw7PHchyk/DHAkxGS7hHy XgWPefHR+s2X1471G8q3I9moxEIy/0jdbRry7UleLsmWnhjPL4e3iqrA xKk=
670p2vvctaj2qg0rjbuvehq99883phcpltr.co.uk. 10800 IN NSEC3 1 1 0 - P31A6RJ5Q960QG17CA1HLMQD6LR9TPVG NS DS RRSIG
671p2vvctaj2qg0rjbuvehq99883phcpltr.co.uk. 10800 IN RRSIG NSEC3 8 3 10800 20200207084539 20200103080415 33621 co.uk. K28BB1PhVn2vRGju8q5vKT5kR5hjIH/f7woZmTOle1zx8d0t1qnQ1FuF EsZV53uGoy6f7DIye8WRMUTj5QA2B36mJrGkUurK/xJeiL+232oMuDOt KIcKswnmo4L7ION5VNnk1f1qG68MgJo1HzWTGDNFHvRK8uF1LdF19YjS X14=
672;; Received 616 bytes from 213.248.216.1#53(dns1.nic.uk) in 194 ms
673
674owlertonstadium.co.uk. 3600 IN SOA ns.34sp.com. hostmaster.34sp.com. 2019072913 3600 3600 604800 3600
675owlertonstadium.co.uk. 3600 IN NS ns2.34sp.com.
676owlertonstadium.co.uk. 3600 IN NS ns.34sp.com.
677owlertonstadium.co.uk. 3600 IN A 194.39.164.140
678owlertonstadium.co.uk. 3600 IN MX 0 owlertonstadium-co-uk.mail.protection.outlook.com.
679owlertonstadium.co.uk. 3600 IN TXT "v=spf1 include:spf.protection.outlook.com include:securenetgate9.com -all"
680owlertonstadium.co.uk. 3600 IN TXT "MS=ms23007649"
681owlertonstadium.co.uk. 3600 IN TXT "201904300835466bji5anddmsbdy4shgpiq5niqp7ggby5sc35znmnleqhclsa4p"
682;; Received 495 bytes from 2a00:1ee0:1:10::5052:706c#53(ns.34sp.com) in 106 ms
683######################################################################################################################################
684[*] Performing General Enumeration of Domain: owlertonstadium.co.uk
685[!] Wildcard resolution is enabled on this domain
686[!] It is resolving to 46.183.13.53
687[!] All queries will resolve to this address!!
688[-] DNSSEC is not configured for owlertonstadium.co.uk
689[*] SOA ns.34sp.com 80.82.112.108
690[*] NS ns.34sp.com 80.82.112.108
691[*] Bind Version for 80.82.112.108 9.9.4-RedHat-9.9.4-51.el7
692[*] NS ns.34sp.com 2a00:1ee0:1:10::5052:706c
693[*] Bind Version for 2a00:1ee0:1:10::5052:706c 9.9.4-RedHat-9.9.4-51.el7
694[*] NS ns2.34sp.com 89.21.0.52
695[*] Bind Version for 89.21.0.52 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
696[*] NS ns2.34sp.com 2a02:170:20:1::34
697[*] Bind Version for 2a02:170:20:1::34 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
698[*] MX owlertonstadium-co-uk.mail.protection.outlook.com 104.47.20.36
699[*] MX owlertonstadium-co-uk.mail.protection.outlook.com 104.47.21.36
700[*] A owlertonstadium.co.uk 194.39.164.140
701[*] TXT owlertonstadium.co.uk MS=ms23007649
702[*] TXT owlertonstadium.co.uk 201904300835466bji5anddmsbdy4shgpiq5niqp7ggby5sc35znmnleqhclsa4p
703[*] TXT owlertonstadium.co.uk v=spf1 include:spf.protection.outlook.com include:securenetgate9.com -all
704[*] Enumerating SRV Records
705[*] SRV _sip._tls.owlertonstadium.co.uk sipdir.online.lync.com 52.112.65.27 443 1
706[*] SRV _sip._tls.owlertonstadium.co.uk sipdir.online.lync.com 2603:1037:0:e::f 443 1
707[*] SRV _sipfederationtls._tcp.owlertonstadium.co.uk sipfed.online.lync.com 52.112.66.97 5061 1
708[*] SRV _sipfederationtls._tcp.owlertonstadium.co.uk sipfed.online.lync.com 2603:1037:0:9::b 5061 1
709[+] 4 Records Found
710#####################################################################################################################################
711[*] Processing domain owlertonstadium.co.uk
712[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
713[+] Getting nameservers
71480.82.112.108 - ns.34sp.com
71589.21.0.52 - ns2.34sp.com
716[-] Zone transfer failed
717
718[+] TXT records found
719"MS=ms23007649"
720"201904300835466bji5anddmsbdy4shgpiq5niqp7ggby5sc35znmnleqhclsa4p"
721"v=spf1 include:spf.protection.outlook.com include:securenetgate9.com -all"
722
723[+] MX records found, added to target list
7240 owlertonstadium-co-uk.mail.protection.outlook.com.
725
726[+] Wildcard domain found - 46.183.13.53
727[*] Scanning owlertonstadium.co.uk for A records
728194.39.164.140 - owlertonstadium.co.uk
729178.238.139.19 - app.owlertonstadium.co.uk
73040.97.120.72 - autodiscover.owlertonstadium.co.uk
73140.97.121.8 - autodiscover.owlertonstadium.co.uk
73240.97.120.56 - autodiscover.owlertonstadium.co.uk
73340.97.121.24 - autodiscover.owlertonstadium.co.uk
73440.97.120.40 - autodiscover.owlertonstadium.co.uk
73540.97.120.152 - autodiscover.owlertonstadium.co.uk
73640.97.120.248 - autodiscover.owlertonstadium.co.uk
73740.97.212.24 - autodiscover.owlertonstadium.co.uk
73846.183.13.242 - autoconfig.owlertonstadium.co.uk
73913.82.96.212 - enterpriseenrollment.owlertonstadium.co.uk
74023.101.163.232 - enterpriseregistration.owlertonstadium.co.uk
741194.39.164.140 - ftp.owlertonstadium.co.uk
74246.183.13.250 - mail.owlertonstadium.co.uk
74352.112.65.78 - lyncdiscover.owlertonstadium.co.uk
744159.69.44.203 - marketing.owlertonstadium.co.ukmeet.owlertonstadium.co.uk
74540.126.2.1 - msoid.owlertonstadium.co.uk
74640.126.2.2 - msoid.owlertonstadium.co.uk
74740.126.2.34 - msoid.owlertonstadium.co.uk
74840.126.2.36 - msoid.owlertonstadium.co.uk
74940.126.2.0 - msoid.owlertonstadium.co.uk
75040.126.2.33 - msoid.owlertonstadium.co.uk
75140.126.2.38 - msoid.owlertonstadium.co.uk
75240.126.2.39 - msoid.owlertonstadium.co.uk
75352.112.64.11 - sip.owlertonstadium.co.uk
75446.183.12.6 - smtp.owlertonstadium.co.uk
75546.183.13.250 - webmail.owlertonstadium.co.uk
756194.39.164.140 - www.owlertonstadium.co.uk
757#######################################################################################################################################
758 AVAILABLE PLUGINS
759 -----------------
760
761 RobotPlugin
762 EarlyDataPlugin
763 CertificateInfoPlugin
764 OpenSslCcsInjectionPlugin
765 SessionResumptionPlugin
766 SessionRenegotiationPlugin
767 HeartbleedPlugin
768 CompressionPlugin
769 FallbackScsvPlugin
770 OpenSslCipherSuitesPlugin
771 HttpHeadersPlugin
772
773
774
775 CHECKING HOST(S) AVAILABILITY
776 -----------------------------
777
778 194.39.164.140:443 => 194.39.164.140
779
780
781
782
783 SCAN RESULTS FOR 194.39.164.140:443 - 194.39.164.140
784 ----------------------------------------------------
785
786 * SSLV3 Cipher Suites:
787 Server rejected all cipher suites.
788
789 * OpenSSL CCS Injection:
790 OK - Not vulnerable to OpenSSL CCS injection
791
792 * SSLV2 Cipher Suites:
793 Server rejected all cipher suites.
794
795 * TLSV1_1 Cipher Suites:
796 Forward Secrecy OK - Supported
797 RC4 OK - Not Supported
798
799 Preferred:
800 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
801 Accepted:
802 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
803 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
804 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
805 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
806 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
807 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
808
809 * TLSV1 Cipher Suites:
810 Forward Secrecy OK - Supported
811 RC4 OK - Not Supported
812
813 Preferred:
814 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
815 Accepted:
816 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
817 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
818 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
819 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
820 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
821 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
822
823 * TLS 1.2 Session Resumption Support:
824 With Session IDs: NOT SUPPORTED (0 successful, 5 failed, 0 errors, 5 total attempts).
825 With TLS Tickets: OK - Supported
826
827 * Certificate Information:
828 Content
829 SHA1 Fingerprint: 880c6cbce151a68a3f3915249a5b211f851e7c9d
830 Common Name: outhouse-media.co.uk
831 Issuer: Let's Encrypt Authority X3
832 Serial Number: 338440101882353658012152717228708439631052
833 Not Before: 2019-12-09 10:16:27
834 Not After: 2020-03-08 10:16:27
835 Signature Algorithm: sha256
836 Public Key Algorithm: RSA
837 Key Size: 2048
838 Exponent: 65537 (0x10001)
839 DNS Subject Alternative Names: ['*.outhouse-media.co.uk', 'outhouse-media.co.uk']
840
841 Trust
842 Hostname Validation: FAILED - Certificate does NOT match 194.39.164.140
843 Android CA Store (9.0.0_r9): OK - Certificate is trusted
844 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
845 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
846 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
847 Windows CA Store (2019-05-27): OK - Certificate is trusted
848 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
849 Received Chain: outhouse-media.co.uk --> Let's Encrypt Authority X3
850 Verified Chain: outhouse-media.co.uk --> Let's Encrypt Authority X3 --> DST Root CA X3
851 Received Chain Contains Anchor: OK - Anchor certificate not sent
852 Received Chain Order: OK - Order is valid
853 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
854
855 Extensions
856 OCSP Must-Staple: NOT SUPPORTED - Extension not found
857 Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
858
859 OCSP Stapling
860 NOT SUPPORTED - Server did not send back an OCSP response
861
862 * Deflate Compression:
863 OK - Compression disabled
864
865 * Session Renegotiation:
866 Client-initiated Renegotiation: OK - Rejected
867 Secure Renegotiation: OK - Supported
868
869 * TLSV1_3 Cipher Suites:
870 Server rejected all cipher suites.
871
872 * OpenSSL Heartbleed:
873 OK - Not vulnerable to Heartbleed
874
875 * Downgrade Attacks:
876 TLS_FALLBACK_SCSV: OK - Supported
877
878 * TLSV1_2 Cipher Suites:
879 Forward Secrecy OK - Supported
880 RC4 OK - Not Supported
881
882 Preferred:
883 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
884 Accepted:
885 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
886 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
887 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
888 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
889 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
890 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
891 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
892 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
893 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
894 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
895 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
896 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
897 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
898 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 301 Moved Permanently - https://www.outhouse-media.co.uk/
899
900 * ROBOT Attack:
901 OK - Not vulnerable
902
903
904 SCAN COMPLETED IN 26.04 S
905 -------------------------
906######################################################################################################################################
907
908Domains still to check: 1
909 Checking if the hostname owlertonstadium.co.uk. given is in fact a domain...
910
911Analyzing domain: owlertonstadium.co.uk.
912 Checking NameServers using system default resolver...
913 IP: 80.82.112.108 (United Kingdom)
914 HostName: ns.34sp.com Type: NS
915 IP: 89.21.0.52 (United Kingdom)
916 HostName: ns2.34sp.com Type: NS
917 HostName: ns2.34sp.com Type: PTR
918
919 Checking MailServers using system default resolver...
920 IP: 104.47.20.36 (United Kingdom)
921 HostName: owlertonstadium-co-uk.mail.protection.outlook.com Type: MX
922 HostName: mail-cwlgbr010036.inbound.protection.outlook.com Type: PTR
923 IP: 104.47.21.36 (United Kingdom)
924 HostName: owlertonstadium-co-uk.mail.protection.outlook.com Type: MX
925 HostName: mail-lo2gbr010036.inbound.protection.outlook.com Type: PTR
926 WARNING!! This domain has wildcards activated for hostnames resolution. We are checking "www" anyway, but perhaps it doesn't exists!
927
928 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
929 No zone transfer found on nameserver 80.82.112.108
930 No zone transfer found on nameserver 89.21.0.52
931
932 Checking SPF record...
933
934 Checking SPF record...
935 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 40.92.0.0/15, but only the network IP
936 New IP found: 40.92.0.0
937 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 40.107.0.0/16, but only the network IP
938 New IP found: 40.107.0.0
939 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 52.100.0.0/14, but only the network IP
940 New IP found: 52.100.0.0
941 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 104.47.0.0/17, but only the network IP
942 New IP found: 104.47.0.0
943 There are no IPv4 addresses in the SPF. Maybe IPv6.
944 There are no IPv4 addresses in the SPF. Maybe IPv6.
945
946 Checking SPF record...
947 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 66.220.9.192/26, but only the network IP
948 New IP found: 66.220.9.192
949 New hostname found: in25grid
950
951 Checking 2 most common hostnames using system default resolver...
952 IP: 194.39.164.140 (United Kingdom)
953 HostName: www.owlertonstadium.co.uk. Type: A
954 IP: 46.183.13.53 (United Kingdom)
955 HostName: in25grid.owlertonstadium.co.uk. Type: A
956
957 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
958 Checking netblock 52.100.0.0
959 Checking netblock 66.220.9.0
960 Checking netblock 80.82.112.0
961 Checking netblock 194.39.164.0
962 Checking netblock 104.47.21.0
963 Checking netblock 104.47.0.0
964 Checking netblock 89.21.0.0
965 Checking netblock 40.107.0.0
966 Checking netblock 46.183.13.0
967 Checking netblock 40.92.0.0
968 Checking netblock 104.47.20.0
969
970 Searching for owlertonstadium.co.uk. emails in Google
971 enquiries@owlertonstadium.co.uk;
972 enquiries@owlertonstadium.co.uk�
973 marketing@owlertonstadium.co.uk.
974 enquiries@owlertonstadium.co.uk
975 enquiries@owlertonstadium.co.uk.
976 marketing@owlertonstadium.co.uk�
977 kerrieoxley@owlertonstadium.co.uk.
978
979 Checking 11 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
980 Host 52.100.0.0 is up (reset ttl 64)
981 Host 66.220.9.192 is up (reset ttl 64)
982 Host 80.82.112.108 is up (reset ttl 64)
983 Host 194.39.164.140 is up (reset ttl 64)
984 Host 104.47.21.36 is up (reset ttl 64)
985 Host 104.47.0.0 is up (reset ttl 64)
986 Host 89.21.0.52 is up (reset ttl 64)
987 Host 40.107.0.0 is up (reset ttl 64)
988 Host 46.183.13.53 is up (reset ttl 64)
989 Host 40.92.0.0 is up (reset ttl 64)
990 Host 104.47.20.36 is up (reset ttl 64)
991
992 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
993 Scanning ip 52.100.0.0 ():
994 Scanning ip 66.220.9.192 ():
995 Scanning ip 80.82.112.108 (ns.34sp.com):
996 53/tcp open domain syn-ack ttl 53 ISC BIND 9.9.4 (RedHat Enterprise Linux 7)
997 | dns-nsid:
998 |_ bind.version: 9.9.4-RedHat-9.9.4-51.el7
999 OS Info: Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
1000 Scanning ip 194.39.164.140 (www.owlertonstadium.co.uk.):
1001 21/tcp open ftp syn-ack ttl 54 ProFTPD
1002 |_ssl-date: TLS randomness does not represent time
1003 | tls-alpn:
1004 |_ ftp
1005 | tls-nextprotoneg:
1006 |_ ftp
1007 80/tcp open http syn-ack ttl 54 nginx
1008 |_http-favicon: Unknown favicon MD5: D41D8CD98F00B204E9800998ECF8427E
1009 | http-methods:
1010 |_ Supported Methods: GET HEAD POST OPTIONS
1011 |_http-title: Did not follow redirect to https://www.outhouse-media.co.uk/
1012 |_https-redirect: ERROR: Script execution failed (use -d to debug)
1013 110/tcp open pop3 syn-ack ttl 54 Courier pop3d
1014 |_pop3-capabilities: PIPELINING UIDL APOP TOP IMPLEMENTATION(Courier Mail Server) USER SASL(LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256 PLAIN) LOGIN-DELAY(10) STLS
1015 |_ssl-date: TLS randomness does not represent time
1016 443/tcp open ssl/http syn-ack ttl 54 nginx
1017 |_http-favicon: Unknown favicon MD5: D41D8CD98F00B204E9800998ECF8427E
1018 | http-methods:
1019 |_ Supported Methods: GET HEAD
1020 |_http-title: Did not follow redirect to https://www.outhouse-media.co.uk/
1021 | ssl-cert: Subject: commonName=outhouse-media.co.uk
1022 | Subject Alternative Name: DNS:*.outhouse-media.co.uk, DNS:outhouse-media.co.uk
1023 | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
1024 | Public Key type: rsa
1025 | Public Key bits: 2048
1026 | Signature Algorithm: sha256WithRSAEncryption
1027 | Not valid before: 2019-12-09T10:16:27
1028 | Not valid after: 2020-03-08T10:16:27
1029 | MD5: 4807 07c4 8654 ad71 5d34 85c4 10c8 f2ca
1030 |_SHA-1: 880c 6cbc e151 a68a 3f39 1524 9a5b 211f 851e 7c9d
1031 |_ssl-date: TLS randomness does not represent time
1032 | tls-alpn:
1033 |_ http/1.1
1034 | tls-nextprotoneg:
1035 |_ http/1.1
1036 465/tcp open ssl/smtps? syn-ack ttl 54
1037 |_smtp-commands: Couldn't establish connection on port 465
1038 |_ssl-date: TLS randomness does not represent time
1039 587/tcp open smtp syn-ack ttl 54 Postfix smtpd
1040 |_smtp-commands: mail.outhouse-media.co.uk, PIPELINING, SIZE 1536000000, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1041 |_ssl-date: TLS randomness does not represent time
1042 993/tcp open ssl/imaps? syn-ack ttl 54
1043 |_ssl-date: TLS randomness does not represent time
1044 8443/tcp open ssl/http syn-ack ttl 54 sw-cp-server httpd (Plesk Onyx 17.8.11)
1045 | http-methods:
1046 |_ Supported Methods: GET HEAD POST
1047 | http-robots.txt: 1 disallowed entry
1048 |_/
1049 |_http-server-header: sw-cp-server
1050 |_http-title: Plesk Onyx 17.8.11
1051 | ssl-cert: Subject: commonName=194.39.164.140.srvlist.ukfast.net
1052 | Subject Alternative Name: DNS:194.39.164.140.srvlist.ukfast.net
1053 | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
1054 | Public Key type: rsa
1055 | Public Key bits: 2048
1056 | Signature Algorithm: sha256WithRSAEncryption
1057 | Not valid before: 2019-11-19T14:49:12
1058 | Not valid after: 2020-02-17T14:49:12
1059 | MD5: b62b 901f b2b7 34e8 7a0f a633 886f 9d4e
1060 |_SHA-1: 313b 90ac 08e6 581f 25cb d2fc 4e05 2b67 721f 43c9
1061 |_ssl-date: TLS randomness does not represent time
1062 | tls-alpn:
1063 |_ http/1.1
1064 | tls-nextprotoneg:
1065 |_ http/1.1
1066 Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (91%)
1067 OS Info: Service Info: Hosts: localhost.localdomain, mail.outhouse-media.co.uk
1068 Scanning ip 104.47.21.36 (mail-lo2gbr010036.inbound.protection.outlook.com (PTR)):
1069 Scanning ip 104.47.0.0 ():
1070 Scanning ip 89.21.0.52 (ns2.34sp.com (PTR)):
1071 22/tcp open ssh syn-ack ttl 54 OpenSSH 5.3 (protocol 2.0)
1072 | ssh-hostkey:
1073 | 1024 51:11:54:7b:c3:b8:0d:85:21:3c:6a:c8:a9:9a:b4:2c (DSA)
1074 |_ 2048 f5:f6:73:eb:9e:52:8f:e0:9e:c1:96:54:e4:17:94:ca (RSA)
1075 53/tcp open domain syn-ack ttl 54 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
1076 | dns-nsid:
1077 |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
1078 OS Info: Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
1079 Scanning ip 40.107.0.0 ():
1080 Scanning ip 46.183.13.53 (in25grid.owlertonstadium.co.uk.):
1081 21/tcp open ftp syn-ack ttl 53 vsftpd 2.2.2
1082 22/tcp open ssh syn-ack ttl 53 OpenSSH 5.3 (protocol 2.0)
1083 80/tcp open http? syn-ack ttl 53
1084 443/tcp open https? syn-ack ttl 53
1085 3306/tcp open mysql syn-ack ttl 53 MySQL 5.6.37-log
1086 OS Info: Service Info: OS: Unix
1087 Scanning ip 40.92.0.0 ():
1088 Scanning ip 104.47.20.36 (mail-cwlgbr010036.inbound.protection.outlook.com (PTR)):
1089 WebCrawling domain's web servers... up to 50 max links.
1090
1091 + URL to crawl: http://www.owlertonstadium.co.uk.
1092 + Date: 2020-01-05
1093
1094 + Crawling URL: http://www.owlertonstadium.co.uk.:
1095 + Links:
1096 + Crawling http://www.owlertonstadium.co.uk.
1097 + Crawling http://www.owlertonstadium.co.uk./
1098 + Searching for directories...
1099 - Found: http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/
1100 - Found: http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/wp-content/
1101 - Found: http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/wp-content/uploads/
1102 - Found: http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/wp-content/uploads/2019/
1103 - Found: http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/wp-content/uploads/2019/09/
1104 - Found: http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/wp-content/uploads/2019/12/
1105 + Searching open folders...
1106 - http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/ (404 Not Found)
1107 - http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/wp-content/ (404 Not Found)
1108 - http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/wp-content/uploads/ (404 Not Found)
1109 - http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/wp-content/uploads/2019/ (404 Not Found)
1110 - http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/wp-content/uploads/2019/09/ (404 Not Found)
1111 - http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/wp-content/uploads/2019/12/ (404 Not Found)
1112 + Crawl finished successfully.
1113----------------------------------------------------------------------
1114Summary of http://http://www.owlertonstadium.co.uk.
1115----------------------------------------------------------------------
1116+ Links crawled:
1117 - http://www.owlertonstadium.co.uk.
1118 - http://www.owlertonstadium.co.uk./
1119 Total links crawled: 2
1120
1121+ Links to files found:
1122 - http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/wp-content/uploads/2019/09/banner1-1.jpg
1123 - http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/wp-content/uploads/2019/09/banner2.jpg
1124 - http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/wp-content/uploads/2019/09/fab_free_tues.png
1125 - http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/wp-content/uploads/2019/09/logo_large.png
1126 - http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/wp-content/uploads/2019/12/Owlerton-2020-Prices-Website-Header-BG.jpg
1127 - http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/wp-content/uploads/2019/12/Owlerton-2020-Website-Header-Text.png
1128 Total links to files: 6
1129
1130+ Externals links found:
1131 - http://tickets.owlertongreyhoundracingstadium.co.uk/mi-eventmaster/html/em/website/cart.pl
1132 - http://www.sheffield-speedway.com/
1133 - https://fonts.googleapis.com/css?family=Rubik:400%7COpen+Sans:400%2C300%7CRoboto:400
1134 - https://maps.google.com/maps/api/js?libraries=places&
1135 - https://owlertonstadium.co.uk/bookings
1136 - https://twitter.com/OwlertonStadium
1137 - https://www.begambleaware.org/
1138 - https://www.facebook.com/OwlertonGreyhoundStadium
1139 - https://www.greyhoundtrustsheffield.com
1140 - https://www.instagram.com/owlertonstadium/?hl=en
1141 - https://www.owlertonstadium.co.uk/
1142 - https://www.owlertonstadium.co.uk/advertising/
1143 - https://www.owlertonstadium.co.uk/all-packages/
1144 - https://www.owlertonstadium.co.uk/bars/
1145 - https://www.owlertonstadium.co.uk/birthday-party-venues-in-sheffield/
1146 - https://www.owlertonstadium.co.uk/birthdays/
1147 - https://www.owlertonstadium.co.uk/bookings/
1148 - https://www.owlertonstadium.co.uk/careers/
1149 - https://www.owlertonstadium.co.uk/category/blog/
1150 - https://www.owlertonstadium.co.uk/category/news/
1151 - https://www.owlertonstadium.co.uk/christmas-parties-in-sheffield/
1152 - https://www.owlertonstadium.co.uk/contact
1153 - https://www.owlertonstadium.co.uk/cookie-policy/
1154 - https://www.owlertonstadium.co.uk/corporate-hospitality/
1155 - https://www.owlertonstadium.co.uk/executive-boxes/
1156 - https://www.owlertonstadium.co.uk/fab-free-tuesday/
1157 - https://www.owlertonstadium.co.uk/faq
1158 - https://www.owlertonstadium.co.uk/feed/
1159 - https://www.owlertonstadium.co.uk/fundraising
1160 - https://www.owlertonstadium.co.uk/greyhound-welfare/
1161 - https://www.owlertonstadium.co.uk/how-to-bet/
1162 - https://www.owlertonstadium.co.uk/looking-for-bars-in-sheffield/
1163 - https://www.owlertonstadium.co.uk/offers-and-packages/
1164 - https://www.owlertonstadium.co.uk/our-team/
1165 - https://www.owlertonstadium.co.uk/owlerton-blog/
1166 - https://www.owlertonstadium.co.uk/packages/
1167 - https://www.owlertonstadium.co.uk/partnerships/
1168 - https://www.owlertonstadium.co.uk/privacy-policy/
1169 - https://www.owlertonstadium.co.uk/responsible-gambling/
1170 - https://www.owlertonstadium.co.uk/restaurant/
1171 - https://www.owlertonstadium.co.uk/results-calendar/
1172 - https://www.owlertonstadium.co.uk/results-calendar/schedule/
1173 - https://www.owlertonstadium.co.uk/snack-bar/
1174 - https://www.owlertonstadium.co.uk/speedway/
1175 - https://www.owlertonstadium.co.uk/sponsorship/
1176 - https://www.owlertonstadium.co.uk/stag-and-hen-parties/
1177 - https://www.owlertonstadium.co.uk/stock-car-racing/
1178 - https://www.owlertonstadium.co.uk/terms/
1179 - https://www.owlertonstadium.co.uk/venue-hire/
1180 - https://www.owlertonstadium.co.uk/vip-experience/
1181 - https://www.owlertonstadium.co.uk/wp-content/cache/busting/1/wp-content/plugins/genesisexpo-core/public/css/wgl-core-public-1.2.1.css
1182 - https://www.owlertonstadium.co.uk/wp-content/cache/busting/1/wp-content/plugins/gravityforms/css/browsers.min-2.3.2.css
1183 - https://www.owlertonstadium.co.uk/wp-content/cache/busting/1/wp-content/plugins/gravityforms/css/formreset.min-2.3.2.css
1184 - https://www.owlertonstadium.co.uk/wp-content/cache/busting/1/wp-content/plugins/gravityforms/css/formsmain.min-2.3.2.css
1185 - https://www.owlertonstadium.co.uk/wp-content/cache/busting/1/wp-content/plugins/gravityforms/css/readyclass.min-2.3.2.css
1186 - https://www.owlertonstadium.co.uk/wp-content/cache/busting/1/wp-content/plugins/js_composer/assets/css/js_composer.min-6.0.3.css
1187 - https://www.owlertonstadium.co.uk/wp-content/cache/busting/1/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min-6.0.3.css
1188 - https://www.owlertonstadium.co.uk/wp-content/cache/busting/1/wp-includes/js/jquery/jquery-1.12.4-wp.js
1189 - https://www.owlertonstadium.co.uk/wp-content/cache/min/1/bad88bfeb528aac10a2d065a680ab0ef.js
1190 - https://www.owlertonstadium.co.uk/wp-content/cache/min/1/wp-content/plugins/calendarize-it/css/last_minute_fixes-cead6f702ced51a26850cbca1f2f9d32.css
1191 - https://www.owlertonstadium.co.uk/wp-content/cache/min/1/wp-content/plugins/calendarize-it/css/print-21212dac958485d6a19d7b3bc9216eda.css
1192 - https://www.owlertonstadium.co.uk/wp-content/cache/min/1/wp-content/plugins/calendarize-it/frontend-b4abd5ebfcf547dc470769fdcec99b48.css
1193 - https://www.owlertonstadium.co.uk/wp-content/cache/min/1/wp-content/plugins/calendarize-it/style-c6b4f5307590ad87e457bc58dac9c9a2.css
1194 - https://www.owlertonstadium.co.uk/wp-content/cache/min/1/wp-content/plugins/contact-form-7/includes/css/styles-ae669af7c9e68e51bae683dcd7e43c47.css
1195 - https://www.owlertonstadium.co.uk/wp-content/cache/min/1/wp-content/plugins/revslider/public/assets/css/rs6-cf711ce1a4cee6f6a052dbed931f793f.css
1196 - https://www.owlertonstadium.co.uk/wp-content/cache/min/1/wp-content/plugins/revslider/public/assets/fonts/font-awesome/css/font-awesome-d00537af78bde97078706c6322b39064.css
1197 - https://www.owlertonstadium.co.uk/wp-content/cache/min/1/wp-content/themes/genesisexpo/fonts/flaticon/flaticon-e23ef772a5c8e41e7b1618412a29e449.css
1198 - https://www.owlertonstadium.co.uk/wp-content/cache/min/1/wp-content/uploads/pum/pum-site-styles-e15addcb8eb9bd2a2b759606a003d195.css
1199 - https://www.owlertonstadium.co.uk/wp-content/plugins/js_composer/assets/css/vc_lte_ie9.min.css?ver=6.0.3
1200 - https://www.owlertonstadium.co.uk/wp-content/themes/genesisexpo/css/main.min.css
1201 - https://www.owlertonstadium.co.uk/wp-content/themes/genesisexpo/js/swipebox/css/swipebox.min.css
1202 - https://www.owlertonstadium.co.uk/wp-content/themes/genesisexpo/style.css
1203 - https://www.owlertonstadium.co.uk/wp-content/uploads/2018/10/bgambleaware-300x39.png
1204 - https://www.owlertonstadium.co.uk/wp-content/uploads/2018/10/new_logo2.png
1205 - https://www.owlertonstadium.co.uk/wp-content/uploads/2019/07/cropped-logo2-180x180.png
1206 - https://www.owlertonstadium.co.uk/wp-content/uploads/2019/07/cropped-logo2-192x192.png
1207 - https://www.owlertonstadium.co.uk/wp-content/uploads/2019/07/cropped-logo2-32x32.png
1208 - https://www.owlertonstadium.co.uk/wp-content/uploads/2019/07/event1-268x268.png
1209 - https://www.owlertonstadium.co.uk/wp-content/uploads/2019/07/plate4.png
1210 - https://www.owlertonstadium.co.uk/wp-content/uploads/2019/08/gallery1-570x570.jpg
1211 - https://www.owlertonstadium.co.uk/wp-content/uploads/2019/08/gallery1.jpg
1212 - https://www.owlertonstadium.co.uk/wp-content/uploads/2019/08/gallery2-570x570.jpg
1213 - https://www.owlertonstadium.co.uk/wp-content/uploads/2019/08/gallery2.jpg
1214 - https://www.owlertonstadium.co.uk/wp-content/uploads/2019/08/gallery3-570x570.jpg
1215 - https://www.owlertonstadium.co.uk/wp-content/uploads/2019/08/gallery3.jpg
1216 - https://www.owlertonstadium.co.uk/wp-content/uploads/2019/08/gallery4-570x570.jpg
1217 - https://www.owlertonstadium.co.uk/wp-content/uploads/2019/08/gallery4.jpg
1218 - https://www.owlertonstadium.co.uk/wp-content/uploads/2019/08/logo7.png
1219 - https://www.owlertonstadium.co.uk/wp-content/uploads/2019/09/new_logo1.png
1220 - https://www.owlertonstadium.co.uk/wp-content/uploads/2019/09/owlerton_xmas-740x460-740x460.gif
1221 - https://www.owlertonstadium.co.uk/wp-content/uploads/2019/12/birthday-party-venues-sheffield-740x460-740x460.jpg
1222 - https://www.owlertonstadium.co.uk/wp-content/uploads/2019/12/christmas-party-drinks-740x460.jpg
1223 - https://www.owlertonstadium.co.uk/wp-includes/css/dist/block-library/style.min.css
1224 - https://www.owlertonstadium.co.uk/wp-includes/wlwmanifest.xml
1225 - https://www.owlertonstadium.co.uk/wp-json/
1226 - https://www.owlertonstadium.co.uk/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.owlertonstadium.co.uk%2F
1227 - https://www.owlertonstadium.co.uk/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.owlertonstadium.co.uk%2F&
1228 - https://www.owlertonstadium.co.uk/xmlrpc.php
1229 - https://www.owlertonstadium.co.uk/xmlrpc.php?rsd
1230 - https://www.youtube.com/user/owlertonstadium1
1231 - https://www.youtube.com/watch?v=E-GNZCJyi5s&
1232 - tel:0114 234 3074
1233 Total external links: 102
1234
1235+ Email addresses found:
1236 Total email address found: 0
1237
1238+ Directories found:
1239 - http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/ (404 Not Found)
1240 - http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/wp-content/ (404 Not Found)
1241 - http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/wp-content/uploads/ (404 Not Found)
1242 - http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/wp-content/uploads/2019/ (404 Not Found)
1243 - http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/wp-content/uploads/2019/09/ (404 Not Found)
1244 - http://www.owlertonstadium.co.uk./www.owlertonstadium.co.uk/wp-content/uploads/2019/12/ (404 Not Found)
1245 Total directories: 6
1246
1247+ Directory indexing found:
1248 Total directories with indexing: 0
1249
1250----------------------------------------------------------------------
1251
1252
1253 + URL to crawl: https://www.owlertonstadium.co.uk.
1254 + Date: 2020-01-05
1255
1256 + Crawling URL: https://www.owlertonstadium.co.uk.:
1257 + Links:
1258 + Crawling https://www.owlertonstadium.co.uk.
1259 + Searching for directories...
1260 + Searching open folders...
1261
1262
1263 + URL to crawl: https://www.owlertonstadium.co.uk.:8443
1264 + Date: 2020-01-05
1265
1266 + Crawling URL: https://www.owlertonstadium.co.uk.:8443:
1267 + Links:
1268 + Crawling https://www.owlertonstadium.co.uk.:8443
1269 + Searching for directories...
1270 + Searching open folders...
1271
1272--Finished--
1273Summary information for domain owlertonstadium.co.uk.
1274-----------------------------------------
1275 Domain Specific Information:
1276 Email: enquiries@owlertonstadium.co.uk;
1277 Email: enquiries@owlertonstadium.co.uk�
1278 Email: marketing@owlertonstadium.co.uk.
1279 Email: enquiries@owlertonstadium.co.uk
1280 Email: enquiries@owlertonstadium.co.uk.
1281 Email: marketing@owlertonstadium.co.uk�
1282 Email: kerrieoxley@owlertonstadium.co.uk.
1283
1284 Domain Ips Information:
1285 IP: 52.100.0.0
1286 Type: SPF
1287 Is Active: True (reset ttl 64)
1288 IP: 66.220.9.192
1289 Type: SPF
1290 Is Active: True (reset ttl 64)
1291 IP: 80.82.112.108
1292 HostName: ns.34sp.com Type: NS
1293 Country: United Kingdom
1294 Is Active: True (reset ttl 64)
1295 Port: 53/tcp open domain syn-ack ttl 53 ISC BIND 9.9.4 (RedHat Enterprise Linux 7)
1296 Script Info: | dns-nsid:
1297 Script Info: |_ bind.version: 9.9.4-RedHat-9.9.4-51.el7
1298 Os Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
1299 IP: 194.39.164.140
1300 HostName: www.owlertonstadium.co.uk. Type: A
1301 Country: United Kingdom
1302 Is Active: True (reset ttl 64)
1303 Port: 21/tcp open ftp syn-ack ttl 54 ProFTPD
1304 Script Info: |_ssl-date: TLS randomness does not represent time
1305 Script Info: | tls-alpn:
1306 Script Info: |_ ftp
1307 Script Info: | tls-nextprotoneg:
1308 Script Info: |_ ftp
1309 Port: 80/tcp open http syn-ack ttl 54 nginx
1310 Script Info: |_http-favicon: Unknown favicon MD5: D41D8CD98F00B204E9800998ECF8427E
1311 Script Info: | http-methods:
1312 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1313 Script Info: |_http-title: Did not follow redirect to https://www.outhouse-media.co.uk/
1314 Script Info: |_https-redirect: ERROR: Script execution failed (use -d to debug)
1315 Port: 110/tcp open pop3 syn-ack ttl 54 Courier pop3d
1316 Script Info: |_pop3-capabilities: PIPELINING UIDL APOP TOP IMPLEMENTATION(Courier Mail Server) USER SASL(LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256 PLAIN) LOGIN-DELAY(10) STLS
1317 Script Info: |_ssl-date: TLS randomness does not represent time
1318 Port: 443/tcp open ssl/http syn-ack ttl 54 nginx
1319 Script Info: |_http-favicon: Unknown favicon MD5: D41D8CD98F00B204E9800998ECF8427E
1320 Script Info: | http-methods:
1321 Script Info: |_ Supported Methods: GET HEAD
1322 Script Info: |_http-title: Did not follow redirect to https://www.outhouse-media.co.uk/
1323 Script Info: | ssl-cert: Subject: commonName=outhouse-media.co.uk
1324 Script Info: | Subject Alternative Name: DNS:*.outhouse-media.co.uk, DNS:outhouse-media.co.uk
1325 Script Info: | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
1326 Script Info: | Public Key type: rsa
1327 Script Info: | Public Key bits: 2048
1328 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1329 Script Info: | Not valid before: 2019-12-09T10:16:27
1330 Script Info: | Not valid after: 2020-03-08T10:16:27
1331 Script Info: | MD5: 4807 07c4 8654 ad71 5d34 85c4 10c8 f2ca
1332 Script Info: |_SHA-1: 880c 6cbc e151 a68a 3f39 1524 9a5b 211f 851e 7c9d
1333 Script Info: |_ssl-date: TLS randomness does not represent time
1334 Script Info: | tls-alpn:
1335 Script Info: |_ http/1.1
1336 Script Info: | tls-nextprotoneg:
1337 Script Info: |_ http/1.1
1338 Port: 465/tcp open ssl/smtps? syn-ack ttl 54
1339 Script Info: |_smtp-commands: Couldn't establish connection on port 465
1340 Script Info: |_ssl-date: TLS randomness does not represent time
1341 Port: 587/tcp open smtp syn-ack ttl 54 Postfix smtpd
1342 Script Info: |_smtp-commands: mail.outhouse-media.co.uk, PIPELINING, SIZE 1536000000, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1343 Script Info: |_ssl-date: TLS randomness does not represent time
1344 Port: 993/tcp open ssl/imaps? syn-ack ttl 54
1345 Script Info: |_ssl-date: TLS randomness does not represent time
1346 Port: 8443/tcp open ssl/http syn-ack ttl 54 sw-cp-server httpd (Plesk Onyx 17.8.11)
1347 Script Info: | http-methods:
1348 Script Info: |_ Supported Methods: GET HEAD POST
1349 Script Info: | http-robots.txt: 1 disallowed entry
1350 Script Info: |_/
1351 Script Info: |_http-server-header: sw-cp-server
1352 Script Info: |_http-title: Plesk Onyx 17.8.11
1353 Script Info: | ssl-cert: Subject: commonName=194.39.164.140.srvlist.ukfast.net
1354 Script Info: | Subject Alternative Name: DNS:194.39.164.140.srvlist.ukfast.net
1355 Script Info: | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
1356 Script Info: | Public Key type: rsa
1357 Script Info: | Public Key bits: 2048
1358 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1359 Script Info: | Not valid before: 2019-11-19T14:49:12
1360 Script Info: | Not valid after: 2020-02-17T14:49:12
1361 Script Info: | MD5: b62b 901f b2b7 34e8 7a0f a633 886f 9d4e
1362 Script Info: |_SHA-1: 313b 90ac 08e6 581f 25cb d2fc 4e05 2b67 721f 43c9
1363 Script Info: |_ssl-date: TLS randomness does not represent time
1364 Script Info: | tls-alpn:
1365 Script Info: |_ http/1.1
1366 Script Info: | tls-nextprotoneg:
1367 Script Info: |_ http/1.1
1368 Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (91%)
1369 Os Info: Hosts: localhost.localdomain, mail.outhouse-media.co.uk
1370 IP: 104.47.21.36
1371 HostName: owlertonstadium-co-uk.mail.protection.outlook.com Type: MX
1372 HostName: mail-lo2gbr010036.inbound.protection.outlook.com Type: PTR
1373 Country: United Kingdom
1374 Is Active: True (reset ttl 64)
1375 IP: 104.47.0.0
1376 Type: SPF
1377 Is Active: True (reset ttl 64)
1378 IP: 89.21.0.52
1379 HostName: ns2.34sp.com Type: NS
1380 HostName: ns2.34sp.com Type: PTR
1381 Country: United Kingdom
1382 Is Active: True (reset ttl 64)
1383 Port: 22/tcp open ssh syn-ack ttl 54 OpenSSH 5.3 (protocol 2.0)
1384 Script Info: | ssh-hostkey:
1385 Script Info: | 1024 51:11:54:7b:c3:b8:0d:85:21:3c:6a:c8:a9:9a:b4:2c (DSA)
1386 Script Info: |_ 2048 f5:f6:73:eb:9e:52:8f:e0:9e:c1:96:54:e4:17:94:ca (RSA)
1387 Port: 53/tcp open domain syn-ack ttl 54 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
1388 Script Info: | dns-nsid:
1389 Script Info: |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
1390 Os Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
1391 IP: 40.107.0.0
1392 Type: SPF
1393 Is Active: True (reset ttl 64)
1394 IP: 46.183.13.53
1395 HostName: in25grid.owlertonstadium.co.uk. Type: A
1396 Country: United Kingdom
1397 Is Active: True (reset ttl 64)
1398 Port: 21/tcp open ftp syn-ack ttl 53 vsftpd 2.2.2
1399 Port: 22/tcp open ssh syn-ack ttl 53 OpenSSH 5.3 (protocol 2.0)
1400 Port: 80/tcp open http? syn-ack ttl 53
1401 Port: 443/tcp open https? syn-ack ttl 53
1402 Port: 3306/tcp open mysql syn-ack ttl 53 MySQL 5.6.37-log
1403 Os Info: OS: Unix
1404 IP: 40.92.0.0
1405 Type: SPF
1406 Is Active: True (reset ttl 64)
1407 IP: 104.47.20.36
1408 HostName: owlertonstadium-co-uk.mail.protection.outlook.com Type: MX
1409 HostName: mail-cwlgbr010036.inbound.protection.outlook.com Type: PTR
1410 Country: United Kingdom
1411 Is Active: True (reset ttl 64)
1412
1413--------------End Summary --------------
1414-----------------------------------------
1415######################################################################################################################################
1416traceroute to www.owlertonstadium.co.uk (194.39.164.140), 30 hops max, 60 byte packets
1417 1 10.249.204.1 (10.249.204.1) 33.070 ms 63.417 ms 93.448 ms
1418 2 104.245.145.177 (104.245.145.177) 93.542 ms 93.529 ms 93.516 ms
1419 3 te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9) 93.434 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113) 93.345 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9) 93.387 ms
1420 4 te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41) 93.334 ms be3260.ccr22.ymq01.atlas.cogentco.com (154.54.42.90) 93.403 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37) 93.362 ms
1421 5 te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153) 93.239 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141) 93.200 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165) 169.238 ms
1422 6 be2191.ccr21.man01.atlas.cogentco.com (130.117.49.50) 169.233 ms be3259.ccr21.ymq01.atlas.cogentco.com (154.54.41.206) 40.730 ms 38.717 ms
1423 7 be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161) 147.188 ms 149.094 ms be3771.rcr51.b048531-0.man01.atlas.cogentco.com (130.117.49.174) 149.182 ms
1424 8 be2191.ccr21.man01.atlas.cogentco.com (130.117.49.50) 149.222 ms be2190.ccr21.man01.atlas.cogentco.com (130.117.1.102) 177.111 ms 149.125 ms
1425 9 78.24.91.7.srvlist.ukfast.net (78.24.91.7) 149.037 ms 148.976 ms be3771.rcr51.b048531-0.man01.atlas.cogentco.com (130.117.49.174) 176.951 ms
142610 149.11.71.210 (149.11.71.210) 148.949 ms 78.24.91.83.srvlist.ukfast.net (78.24.91.83) 148.967 ms 149.11.71.210 (149.11.71.210) 148.853 ms
142711 78.24.91.7.srvlist.ukfast.net (78.24.91.7) 148.879 ms 148.883 ms *
142812 78.24.91.81.srvlist.ukfast.net (78.24.91.81) 158.765 ms * *
1429######################################################################################################################################
1430----- owlertonstadium.co.uk -----
1431
1432
1433Host's addresses:
1434__________________
1435
1436owlertonstadium.co.uk. 2396 IN A 194.39.164.140
1437
1438
1439Wildcard detection using: ozblkrfzdqkv
1440_______________________________________
1441
1442ozblkrfzdqkv.owlertonstadium.co.uk. 3600 IN A 46.183.13.53
1443
1444
1445!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1446
1447 Wildcards detected, all subdomains will point to the same IP address
1448 Omitting results containing 46.183.13.53.
1449 Maybe you are using OpenDNS servers.
1450
1451!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1452
1453
1454Name Servers:
1455______________
1456
1457ns.34sp.com. 84245 IN A 80.82.112.108
1458ns2.34sp.com. 84245 IN A 89.21.0.52
1459
1460
1461Mail (MX) Servers:
1462___________________
1463
1464owlertonstadium-co-uk.mail.protection.outlook.com. 10 IN A 104.47.20.36
1465owlertonstadium-co-uk.mail.protection.outlook.com. 10 IN A 104.47.21.36
1466
1467
1468
1469
1470Scraping owlertonstadium.co.uk subdomains from Google:
1471_______________________________________________________
1472
1473
1474 ---- Google search page: 1 ----
1475
1476
1477
1478Google Results:
1479________________
1480
1481 perhaps Google is blocking our queries.
1482 Check manually.
1483
1484
1485Brute forcing with /usr/share/dnsenum/dns.txt:
1486_______________________________________________
1487
1488ftp.owlertonstadium.co.uk. 2376 IN CNAME owlertonstadium.co.uk.
1489owlertonstadium.co.uk. 2376 IN A 194.39.164.140
1490mail.owlertonstadium.co.uk. 2370 IN A 46.183.13.250
1491marketing.owlertonstadium.co.uk. 3270 IN A 159.69.44.203
1492smtp.owlertonstadium.co.uk. 3260 IN CNAME smtp.34sp.com.
1493smtp.34sp.com. 860 IN A 46.183.12.6
1494webmail.owlertonstadium.co.uk. 2356 IN A 46.183.13.250
1495www.owlertonstadium.co.uk. 1870 IN CNAME owlertonstadium.co.uk.
1496owlertonstadium.co.uk. 1870 IN A 194.39.164.140
1497
1498
1499Launching Whois Queries:
1500_________________________
1501
1502 whois ip result: 46.183.13.0 -> 46.183.12.0/22
1503 whois ip result: 159.69.44.0 -> 159.69.0.0/16
1504 whois ip result: 194.39.164.0 -> 194.39.164.0/24
1505
1506
1507owlertonstadium.co.uk_____________________
1508
1509 159.69.0.0/16
1510 194.39.164.0/24
1511 46.183.12.0/22
1512######################################################################################################################################
1513Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 01:58 EST
1514Nmap scan report for 194.39.164.140.srvlist.ukfast.net (194.39.164.140)
1515Host is up (0.11s latency).
1516Not shown: 463 filtered ports, 4 closed ports
1517Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1518PORT STATE SERVICE VERSION
151921/tcp open ftp ProFTPD
1520| ssl-cert: Subject: commonName=194.39.164.140.srvlist.ukfast.net
1521| Subject Alternative Name: DNS:194.39.164.140.srvlist.ukfast.net
1522| Not valid before: 2019-11-19T14:49:12
1523|_Not valid after: 2020-02-17T14:49:12
1524|_ssl-date: TLS randomness does not represent time
1525| tls-alpn:
1526|_ ftp
1527| tls-nextprotoneg:
1528|_ ftp
152980/tcp open http nginx
1530|_http-title: Did not follow redirect to https://www.outhouse-media.co.uk/
1531|_https-redirect: ERROR: Script execution failed (use -d to debug)
1532110/tcp open pop3 Courier pop3d
1533|_pop3-capabilities: LOGIN-DELAY(10) IMPLEMENTATION(Courier Mail Server) PIPELINING USER TOP STLS APOP UIDL SASL(LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256 PLAIN)
1534|_ssl-date: TLS randomness does not represent time
1535443/tcp open ssl/http nginx
1536|_http-title: Did not follow redirect to https://www.outhouse-media.co.uk/
1537| ssl-cert: Subject: commonName=outhouse-media.co.uk
1538| Subject Alternative Name: DNS:*.outhouse-media.co.uk, DNS:outhouse-media.co.uk
1539| Not valid before: 2019-12-09T10:16:27
1540|_Not valid after: 2020-03-08T10:16:27
1541|_ssl-date: TLS randomness does not represent time
1542| tls-alpn:
1543|_ http/1.1
1544| tls-nextprotoneg:
1545|_ http/1.1
1546465/tcp open ssl/smtps?
1547|_smtp-commands: Couldn't establish connection on port 465
1548|_ssl-date: TLS randomness does not represent time
1549587/tcp open smtp Postfix smtpd
1550|_smtp-commands: mail.outhouse-media.co.uk, PIPELINING, SIZE 1536000000, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1551|_ssl-date: TLS randomness does not represent time
1552993/tcp open ssl/imaps?
1553|_ssl-date: TLS randomness does not represent time
15548443/tcp open ssl/http sw-cp-server httpd (Plesk Onyx 17.8.11)
1555| http-robots.txt: 1 disallowed entry
1556|_/
1557|_http-server-header: sw-cp-server
1558|_http-title: Plesk Onyx 17.8.11
1559| ssl-cert: Subject: commonName=194.39.164.140.srvlist.ukfast.net
1560| Subject Alternative Name: DNS:194.39.164.140.srvlist.ukfast.net
1561| Not valid before: 2019-11-19T14:49:12
1562|_Not valid after: 2020-02-17T14:49:12
1563|_ssl-date: TLS randomness does not represent time
1564| tls-alpn:
1565|_ http/1.1
1566| tls-nextprotoneg:
1567|_ http/1.1
15688880/tcp open http sw-cp-server httpd (Plesk Onyx 17.8.11)
1569|_http-favicon: Parallels Plesk
1570| http-robots.txt: 1 disallowed entry
1571|_/
1572|_http-server-header: sw-cp-server
1573|_http-title: Plesk Onyx 17.8.11
1574Device type: general purpose
1575Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (91%)
1576OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
1577Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (91%), Linux 3.10 - 3.12 (86%), Linux 3.10 (86%), Linux 3.10 - 3.16 (86%), Linux 3.10 - 4.11 (85%), Linux 4.0 (85%), Linux 4.9 (85%), Linux 4.4 (85%)
1578No exact OS matches for host (test conditions non-ideal).
1579Network Distance: 11 hops
1580Service Info: Hosts: localhost.localdomain, mail.outhouse-media.co.uk
1581
1582TRACEROUTE (using port 443/tcp)
1583HOP RTT ADDRESS
15841 59.53 ms 10.249.204.1
15852 91.38 ms 104.245.145.177
15863 91.45 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
15874 91.44 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
15885 162.16 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
15896 162.21 ms be2191.ccr21.man01.atlas.cogentco.com (130.117.49.50)
15907 162.24 ms be3771.rcr51.b048531-0.man01.atlas.cogentco.com (130.117.49.174)
15918 162.28 ms be2190.ccr21.man01.atlas.cogentco.com (130.117.1.102)
15929 162.27 ms be3771.rcr51.b048531-0.man01.atlas.cogentco.com (130.117.49.174)
159310 132.10 ms 78.24.91.83.srvlist.ukfast.net (78.24.91.83)
159411 130.99 ms 194.39.164.140.srvlist.ukfast.net (194.39.164.140)
1595######################################################################################################################################
1596Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 02:02 EST
1597Nmap scan report for 194.39.164.140.srvlist.ukfast.net (194.39.164.140)
1598Host is up (0.059s latency).
1599Not shown: 15 filtered ports, 1 closed port
1600Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1601PORT STATE SERVICE VERSION
160253/udp open|filtered domain
160367/udp open|filtered dhcps
160468/udp open|filtered dhcpc
160569/udp open|filtered tftp
160688/udp open|filtered kerberos-sec
1607123/udp open|filtered ntp
1608139/udp open|filtered netbios-ssn
1609161/udp open|filtered snmp
1610162/udp open|filtered snmptrap
1611389/udp open|filtered ldap
1612520/udp open|filtered route
16132049/udp open|filtered nfs
1614Too many fingerprints match this host to give specific OS details
1615
1616TRACEROUTE (using port 138/udp)
1617HOP RTT ADDRESS
16181 30.06 ms 10.249.204.1
16192 ... 3
16204 30.19 ms 10.249.204.1
16215 91.21 ms 10.249.204.1
16226 91.21 ms 10.249.204.1
16237 91.21 ms 10.249.204.1
16248 91.19 ms 10.249.204.1
16259 61.22 ms 10.249.204.1
162610 30.98 ms 10.249.204.1
162711 ... 18
162819 30.16 ms 10.249.204.1
162920 30.57 ms 10.249.204.1
163021 ... 27
163128 31.00 ms 10.249.204.1
163229 ...
163330 29.67 ms 10.249.204.1
1634#######################################################################################################################################
1635Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 02:06 EST
1636NSE: [ftp-brute] usernames: Time limit 3m00s exceeded.
1637NSE: [ftp-brute] usernames: Time limit 3m00s exceeded.
1638NSE: [ftp-brute] passwords: Time limit 3m00s exceeded.
1639Nmap scan report for 194.39.164.140.srvlist.ukfast.net (194.39.164.140)
1640Host is up (0.13s latency).
1641
1642PORT STATE SERVICE VERSION
164321/tcp open ftp ProFTPD
1644| ftp-brute:
1645| Accounts: No valid accounts found
1646|_ Statistics: Performed 5106 guesses in 180 seconds, average tps: 29.2
1647Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1648Device type: general purpose
1649Running (JUST GUESSING): Linux 3.X|4.X (90%)
1650OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.0
1651Aggressive OS guesses: Linux 3.10 - 3.16 (90%), Linux 4.0 (90%), Linux 4.4 (89%), Linux 3.10 (88%), Linux 3.10 - 3.12 (87%), Linux 4.9 (87%)
1652No exact OS matches for host (test conditions non-ideal).
1653Network Distance: 11 hops
1654
1655TRACEROUTE (using port 21/tcp)
1656HOP RTT ADDRESS
16571 61.83 ms 10.249.204.1
16582 91.35 ms 104.245.145.177
16593 91.39 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
16604 91.41 ms be3260.ccr22.ymq01.atlas.cogentco.com (154.54.42.90)
16615 151.85 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
16626 91.44 ms be3259.ccr21.ymq01.atlas.cogentco.com (154.54.41.206)
16637 151.97 ms be3771.rcr51.b048531-0.man01.atlas.cogentco.com (130.117.49.174)
16648 151.93 ms be2190.ccr21.man01.atlas.cogentco.com (130.117.1.102)
16659 151.93 ms 78.24.91.7.srvlist.ukfast.net (78.24.91.7)
166610 152.07 ms 78.24.91.83.srvlist.ukfast.net (78.24.91.83)
166711 110.45 ms 194.39.164.140.srvlist.ukfast.net (194.39.164.140)
1668#######################################################################################################################################
1669Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 02:10 EST
1670Nmap scan report for 194.39.164.140.srvlist.ukfast.net (194.39.164.140)
1671Host is up.
1672
1673PORT STATE SERVICE VERSION
167467/tcp filtered dhcps
167567/udp open|filtered dhcps
1676|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
1677Too many fingerprints match this host to give specific OS details
1678
1679TRACEROUTE (using proto 1/icmp)
1680HOP RTT ADDRESS
16811 60.94 ms 10.249.204.1
16822 90.86 ms 104.245.145.177
16833 90.93 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
16844 90.96 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
16855 90.93 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169)
16866 90.99 ms be3260.ccr22.ymq01.atlas.cogentco.com (154.54.42.90)
16877 150.86 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
16888 150.90 ms be2191.ccr21.man01.atlas.cogentco.com (130.117.49.50)
16899 150.90 ms be3771.rcr51.b048531-0.man01.atlas.cogentco.com (130.117.49.174)
169010 120.87 ms 149.11.71.210
169111 110.29 ms 78.24.91.7.srvlist.ukfast.net (78.24.91.7)
169212 138.49 ms 78.24.91.83.srvlist.ukfast.net (78.24.91.83)
169313 ... 30
1694#######################################################################################################################################
1695Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 02:12 EST
1696Nmap scan report for 194.39.164.140.srvlist.ukfast.net (194.39.164.140)
1697Host is up.
1698
1699PORT STATE SERVICE VERSION
170068/tcp filtered dhcpc
170168/udp open|filtered dhcpc
1702Too many fingerprints match this host to give specific OS details
1703
1704TRACEROUTE (using proto 1/icmp)
1705HOP RTT ADDRESS
17061 60.85 ms 10.249.204.1
17072 90.59 ms 104.245.145.177
17083 90.64 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
17094 90.63 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
17105 90.58 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169)
17116 90.68 ms be3260.ccr22.ymq01.atlas.cogentco.com (154.54.42.90)
17127 150.80 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
17138 150.87 ms be2191.ccr21.man01.atlas.cogentco.com (130.117.49.50)
17149 150.86 ms be3771.rcr51.b048531-0.man01.atlas.cogentco.com (130.117.49.174)
171510 120.77 ms 149.11.71.210
171611 128.34 ms 78.24.91.7.srvlist.ukfast.net (78.24.91.7)
171712 138.21 ms 78.24.91.83.srvlist.ukfast.net (78.24.91.83)
171813 ... 30
1719#######################################################################################################################################
1720Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 02:14 EST
1721Nmap scan report for 194.39.164.140.srvlist.ukfast.net (194.39.164.140)
1722Host is up.
1723
1724PORT STATE SERVICE VERSION
172569/tcp filtered tftp
172669/udp open|filtered tftp
1727Too many fingerprints match this host to give specific OS details
1728
1729TRACEROUTE (using proto 1/icmp)
1730HOP RTT ADDRESS
17311 60.28 ms 10.249.204.1
17322 90.24 ms 104.245.145.177
17333 90.30 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
17344 90.31 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
17355 90.31 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169)
17366 90.35 ms be3260.ccr22.ymq01.atlas.cogentco.com (154.54.42.90)
17377 162.16 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
17388 162.19 ms be2191.ccr21.man01.atlas.cogentco.com (130.117.49.50)
17399 162.22 ms be3771.rcr51.b048531-0.man01.atlas.cogentco.com (130.117.49.174)
174010 162.22 ms 149.11.71.210
174111 131.14 ms 78.24.91.7.srvlist.ukfast.net (78.24.91.7)
174212 155.76 ms 78.24.91.83.srvlist.ukfast.net (78.24.91.83)
174313 ... 30
1744######################################################################################################################################
1745http://194.39.164.140 [301 Moved Permanently] Country[GERMANY][DE], HTTPServer[nginx], IP[194.39.164.140], PHP[7.0.33,], Plesk[Lin], RedirectLocation[https://www.outhouse-media.co.uk/], UncommonHeaders[x-redirect-by,ms-author-via,x-cache-status], WebDAV, X-Powered-By[PHP/7.0.33, PleskLin], nginx
1746https://www.outhouse-media.co.uk/ [200 OK] Country[GERMANY][DE], HTML5, HTTPServer[nginx], IP[194.39.164.140], JQuery, MetaGenerator[Powered by WPBakery Page Builder - drag and drop page builder for WordPress.,WordPress 5.3.2], Open-Graph-Protocol[website], PHP[7.0.33,], Plesk[Lin], PoweredBy[WPBakery], Script[application/ld+json,text/javascript], Title[Website Design Worksop / Outhouse Media / Web Design Professionals], UncommonHeaders[ms-author-via,x-cache-status], WebDAV, WordPress[5.3.2], Wordpress-Contact-Form[7.5.1.6], X-Powered-By[PHP/7.0.33, PleskLin], nginx
1747#######################################################################################################################################
1748
1749wig - WebApp Information Gatherer
1750
1751
1752Scanning https://www.outhouse-media.co.uk...
1753_________________________________________ SITE INFO _________________________________________
1754IP Title
1755194.39.164.140 Website Design Worksop / Outhouse Media / Web Design Professionals
1756
1757__________________________________________ VERSION __________________________________________
1758Name Versions Type
1759WordPress 5.3.2 CMS
1760Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
1761 2.4.9
1762PHP 7.0.33 Platform
1763nginx Platform
1764jQuery 3.2.1 JavaScript
1765
1766________________________________________ INTERESTING ________________________________________
1767URL Note Type
1768/readme.html Readme file Interesting
1769/login/ Login Page Interesting
1770
1771___________________________________________ TOOLS ___________________________________________
1772Name Link Software
1773wpscan https://github.com/wpscanteam/wpscan WordPress
1774CMSmap https://github.com/Dionach/CMSmap WordPress
1775
1776_____________________________________________________________________________________________
1777Time: 80.6 sec Urls: 514 Fingerprints: 40401
1778######################################################################################################################################
1779HTTP/1.1 301 Moved Permanently
1780Server: nginx
1781Date: Sun, 05 Jan 2020 07:20:35 GMT
1782Content-Type: text/html; charset=UTF-8
1783Content-Length: 0
1784Connection: keep-alive
1785X-Powered-By: PHP/7.0.33
1786X-Redirect-By: WordPress
1787Location: https://www.outhouse-media.co.uk/
1788Cache-Control: max-age=0
1789Expires: Sun, 05 Jan 2020 07:20:35 GMT
1790MS-Author-Via: DAV
1791Vary: Accept-Encoding
1792X-Cache-Status: MISS
1793X-Powered-By: PleskLin
1794
1795HTTP/1.1 301 Moved Permanently
1796Server: nginx
1797Date: Sun, 05 Jan 2020 07:20:35 GMT
1798Content-Type: text/html; charset=UTF-8
1799Content-Length: 0
1800Connection: keep-alive
1801X-Powered-By: PHP/7.0.33
1802X-Redirect-By: WordPress
1803Location: https://www.outhouse-media.co.uk/
1804Cache-Control: max-age=0
1805Expires: Sun, 05 Jan 2020 07:20:35 GMT
1806MS-Author-Via: DAV
1807Vary: Accept-Encoding
1808X-Cache-Status: MISS
1809X-Powered-By: PleskLin
1810
1811HTTP/1.1 200 OK
1812Server: nginx
1813Date: Sun, 05 Jan 2020 07:20:36 GMT
1814Content-Type: text/html; charset=UTF-8
1815Connection: keep-alive
1816Vary: Accept-Encoding
1817X-Powered-By: PHP/7.0.33
1818Last-Modified: Sat, 04 Jan 2020 18:28:48 GMT
1819Vary: Accept-Encoding
1820Cache-Control: max-age=0
1821Expires: Sun, 05 Jan 2020 07:20:36 GMT
1822MS-Author-Via: DAV
1823X-Cache-Status: MISS
1824X-Powered-By: PleskLin
1825#######################################################################################################################################
1826Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 02:20 EST
1827Nmap scan report for 194.39.164.140.srvlist.ukfast.net (194.39.164.140)
1828Host is up (0.12s latency).
1829
1830PORT STATE SERVICE VERSION
1831110/tcp open pop3 Courier pop3d
1832| pop3-brute:
1833| Accounts: No valid accounts found
1834| Statistics: Performed 53 guesses in 14 seconds, average tps: 3.8
1835|_ ERROR: Failed to connect.
1836|_pop3-capabilities: APOP SASL(LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256 PLAIN) PIPELINING IMPLEMENTATION(Courier Mail Server) UIDL LOGIN-DELAY(10) TOP STLS USER
1837Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1838Device type: general purpose
1839Running (JUST GUESSING): Linux 3.X|4.X (90%)
1840OS CPE: cpe:/o:linux:linux_kernel:3.10 cpe:/o:linux:linux_kernel:4.0
1841Aggressive OS guesses: Linux 3.10 (90%), Linux 3.10 - 3.16 (90%), Linux 4.0 (90%), Linux 3.10 - 3.12 (89%), Linux 4.4 (89%), Linux 4.9 (89%)
1842No exact OS matches for host (test conditions non-ideal).
1843Network Distance: 11 hops
1844Service Info: Host: localhost.localdomain
1845
1846TRACEROUTE (using port 110/tcp)
1847HOP RTT ADDRESS
18481 60.60 ms 10.249.204.1
18492 90.29 ms 104.245.145.177
18503 90.32 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)
18514 90.35 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
18525 150.48 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
18536 90.37 ms be3260.ccr22.ymq01.atlas.cogentco.com (154.54.42.90)
18547 150.55 ms be3771.rcr51.b048531-0.man01.atlas.cogentco.com (130.117.49.174)
18558 150.53 ms 149.11.71.210
18569 150.56 ms be3771.rcr51.b048531-0.man01.atlas.cogentco.com (130.117.49.174)
185710 120.35 ms 78.24.91.83.srvlist.ukfast.net (78.24.91.83)
185811 121.46 ms 194.39.164.140.srvlist.ukfast.net (194.39.164.140)
1859#######################################################################################################################################
1860Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 02:21 EST
1861Nmap scan report for 194.39.164.140.srvlist.ukfast.net (194.39.164.140)
1862Host is up.
1863
1864PORT STATE SERVICE VERSION
1865123/tcp filtered ntp
1866123/udp open|filtered ntp
1867Too many fingerprints match this host to give specific OS details
1868
1869TRACEROUTE (using proto 1/icmp)
1870HOP RTT ADDRESS
18711 51.62 ms 10.249.204.1
18722 91.97 ms 104.245.145.177
18733 92.01 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
18744 92.01 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
18755 92.01 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169)
18766 92.03 ms be3260.ccr22.ymq01.atlas.cogentco.com (154.54.42.90)
18777 131.37 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
18788 131.41 ms be2191.ccr21.man01.atlas.cogentco.com (130.117.49.50)
18799 131.42 ms be3771.rcr51.b048531-0.man01.atlas.cogentco.com (130.117.49.174)
188010 131.44 ms 149.11.71.210
188111 109.28 ms 78.24.91.7.srvlist.ukfast.net (78.24.91.7)
188212 109.23 ms 78.24.91.83.srvlist.ukfast.net (78.24.91.83)
188313 ... 30
1884#######################################################################################################################################
1885https://194.39.164.140/ [301 Moved Permanently] Country[GERMANY][DE], HTTPServer[nginx], IP[194.39.164.140], PHP[7.0.33,], Plesk[Lin], RedirectLocation[https://www.outhouse-media.co.uk/], UncommonHeaders[x-redirect-by,ms-author-via,x-cache-status], WebDAV, X-Powered-By[PHP/7.0.33, PleskLin], nginx
1886https://www.outhouse-media.co.uk/ [200 OK] Country[GERMANY][DE], HTML5, HTTPServer[nginx], IP[194.39.164.140], JQuery, MetaGenerator[Powered by WPBakery Page Builder - drag and drop page builder for WordPress.,WordPress 5.3.2], Open-Graph-Protocol[website], PHP[7.0.33,], Plesk[Lin], PoweredBy[WPBakery], Script[application/ld+json,text/javascript], Title[Website Design Worksop / Outhouse Media / Web Design Professionals], UncommonHeaders[ms-author-via,x-cache-status], WebDAV, WordPress[5.3.2], Wordpress-Contact-Form[7.5.1.6], X-Powered-By[PHP/7.0.33, PleskLin], nginx
1887#######################################################################################################################################
1888Version: 1.11.13-static
1889OpenSSL 1.0.2-chacha (1.0.2g-dev)
1890
1891Connected to 194.39.164.140
1892
1893Testing SSL server 194.39.164.140 on port 443 using SNI name 194.39.164.140
1894
1895 TLS Fallback SCSV:
1896Server supports TLS Fallback SCSV
1897
1898 TLS renegotiation:
1899Secure session renegotiation supported
1900
1901 TLS Compression:
1902Compression disabled
1903
1904 Heartbleed:
1905TLS 1.2 not vulnerable to heartbleed
1906TLS 1.1 not vulnerable to heartbleed
1907TLS 1.0 not vulnerable to heartbleed
1908
1909 Supported Server Cipher(s):
1910Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
1911Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
1912Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1913Accepted TLSv1.2 256 bits AES256-GCM-SHA384
1914Accepted TLSv1.2 256 bits AES256-SHA256
1915Accepted TLSv1.2 256 bits AES256-SHA
1916Accepted TLSv1.2 256 bits CAMELLIA256-SHA
1917Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
1918Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
1919Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1920Accepted TLSv1.2 128 bits AES128-GCM-SHA256
1921Accepted TLSv1.2 128 bits AES128-SHA256
1922Accepted TLSv1.2 128 bits AES128-SHA
1923Accepted TLSv1.2 128 bits CAMELLIA128-SHA
1924Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1925Accepted TLSv1.1 256 bits AES256-SHA
1926Accepted TLSv1.1 256 bits CAMELLIA256-SHA
1927Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1928Accepted TLSv1.1 128 bits AES128-SHA
1929Accepted TLSv1.1 128 bits CAMELLIA128-SHA
1930Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1931Accepted TLSv1.0 256 bits AES256-SHA
1932Accepted TLSv1.0 256 bits CAMELLIA256-SHA
1933Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1934Accepted TLSv1.0 128 bits AES128-SHA
1935Accepted TLSv1.0 128 bits CAMELLIA128-SHA
1936
1937 SSL Certificate:
1938Signature Algorithm: sha256WithRSAEncryption
1939RSA Key Strength: 2048
1940
1941Subject: outhouse-media.co.uk
1942Altnames: DNS:*.outhouse-media.co.uk, DNS:outhouse-media.co.uk
1943Issuer: Let's Encrypt Authority X3
1944
1945Not valid before: Dec 9 10:16:27 2019 GMT
1946Not valid after: Mar 8 10:16:27 2020 GMT
1947modes/normal.sh: ligne 675 : [: == : opérateur unaire attendu
1948#######################################################################################################################################
1949-+--------------------------------------------------+----------+----------+
1950| App Name | URL to Application | Potential Exploit | Username | Password |
1951+------------+-----------------------------------------+--------------------------------------------------+----------+----------+
1952| phpMyAdmin | https://194.39.164.140:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
1953+------------+-----------------------------------------+--------------------------------------------------+----------+----------+
1954######################################################################################################################################
1955Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 02:30 EST
1956Warning: 194.39.164.140 giving up on port because retransmission cap hit (2).
1957Nmap scan report for 194.39.164.140.srvlist.ukfast.net (194.39.164.140)
1958Host is up (0.12s latency).
1959Not shown: 65419 filtered ports, 106 closed ports
1960PORT STATE SERVICE VERSION
196121/tcp open ftp ProFTPD
1962| ssl-cert: Subject: commonName=194.39.164.140.srvlist.ukfast.net
1963| Subject Alternative Name: DNS:194.39.164.140.srvlist.ukfast.net
1964| Not valid before: 2019-11-19T14:49:12
1965|_Not valid after: 2020-02-17T14:49:12
1966|_ssl-date: TLS randomness does not represent time
1967| tls-alpn:
1968|_ ftp
1969| tls-nextprotoneg:
1970|_ ftp
197180/tcp open http nginx
1972|_http-title: Did not follow redirect to https://www.outhouse-media.co.uk/
1973|_https-redirect: ERROR: Script execution failed (use -d to debug)
1974110/tcp open pop3 Courier pop3d
1975|_pop3-capabilities: PIPELINING TOP STLS SASL(LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256 PLAIN) IMPLEMENTATION(Courier Mail Server) APOP UIDL LOGIN-DELAY(10) USER
1976|_ssl-date: TLS randomness does not represent time
1977443/tcp open ssl/http nginx
1978|_http-title: Did not follow redirect to https://www.outhouse-media.co.uk/
1979| ssl-cert: Subject: commonName=outhouse-media.co.uk
1980| Subject Alternative Name: DNS:*.outhouse-media.co.uk, DNS:outhouse-media.co.uk
1981| Not valid before: 2019-12-09T10:16:27
1982|_Not valid after: 2020-03-08T10:16:27
1983|_ssl-date: TLS randomness does not represent time
1984| tls-alpn:
1985|_ http/1.1
1986| tls-nextprotoneg:
1987|_ http/1.1
1988465/tcp open ssl/smtps?
1989|_smtp-commands: Couldn't establish connection on port 465
1990|_ssl-date: TLS randomness does not represent time
1991587/tcp open smtp Postfix smtpd
1992|_smtp-commands: mail.outhouse-media.co.uk, PIPELINING, SIZE 1536000000, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1993|_ssl-date: TLS randomness does not represent time
1994993/tcp open ssl/imaps?
1995|_ssl-date: TLS randomness does not represent time
19962020/tcp open ssh OpenSSH 7.4 (protocol 2.0)
1997| ssh-hostkey:
1998| 2048 d7:49:7a:a9:37:9e:44:ec:e0:0a:0a:40:0f:c9:40:dd (RSA)
1999| 256 a1:a1:66:72:7f:af:ca:8c:20:17:6c:7e:db:aa:d9:01 (ECDSA)
2000|_ 256 17:38:90:91:8d:47:a8:8f:28:5f:b6:d3:26:82:7b:5b (ED25519)
20018443/tcp open ssl/https-alt sw-cp-server
2002| fingerprint-strings:
2003| RPCCheck:
2004| HTTP/1.1 400 Bad Request
2005| Server: sw-cp-server
2006| Date: Sun, 05 Jan 2020 07:34:12 GMT
2007| Content-Type: text/html
2008| Content-Length: 2685
2009| Connection: close
2010| ETag: "5965c92a-a7d"
2011| <!DOCTYPE html>
2012| <html lang="en">
2013| <head>
2014| <meta charset="utf-8">
2015| <meta http-equiv="x-ua-compatible" content="ie=edge">
2016| <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
2017| <title>400 Bad Request</title>
2018| <link rel="stylesheet" href="/error_docs/styles.css">
2019| </head>
2020| <body>
2021| <div class="page">
2022| <div class="main">
2023| <div class="error-description">
2024| <h1>Server Error</h1>
2025| <div class="error-code">400</div>
2026| <h2>Bad Request</h2>
2027| class="lead">Your browser sent a request that this server could not understand. Client sent malformed Host header.</p>
2028| <hr/>
2029| <p>If you think this is an error, please <
2030| RTSPRequest:
2031| <!DOCTYPE html>
2032| <html lang="en">
2033| <head>
2034| <meta charset="utf-8">
2035| <meta http-equiv="x-ua-compatible" content="ie=edge">
2036| <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
2037| <title>400 Bad Request</title>
2038| <link rel="stylesheet" href="/error_docs/styles.css">
2039| </head>
2040| <body>
2041| <div class="page">
2042| <div class="main">
2043| <div class="error-description">
2044| <h1>Server Error</h1>
2045| <div class="error-code">400</div>
2046| <h2>Bad Request</h2>
2047| class="lead">Your browser sent a request that this server could not understand. Client sent malformed Host header.</p>
2048| <hr/>
2049| <p>If you think this is an error, please <a href="https://www.plesk.com/bug-report/" target="_blank">let us know</a> so we can fix it!</p>
2050| <p>That's what you can do</p>
2051|_ <div class="help-actions">
2052| http-robots.txt: 1 disallowed entry
2053|_/
2054|_http-server-header: sw-cp-server
2055|_http-title: Plesk Onyx 17.8.11
2056| ssl-cert: Subject: commonName=194.39.164.140.srvlist.ukfast.net
2057| Subject Alternative Name: DNS:194.39.164.140.srvlist.ukfast.net
2058| Not valid before: 2019-11-19T14:49:12
2059|_Not valid after: 2020-02-17T14:49:12
2060|_ssl-date: TLS randomness does not represent time
2061| tls-alpn:
2062|_ http/1.1
2063| tls-nextprotoneg:
2064|_ http/1.1
20658880/tcp open http sw-cp-server httpd (Plesk Onyx 17.8.11)
2066|_http-favicon: Parallels Plesk
2067| http-robots.txt: 1 disallowed entry
2068|_/
2069|_http-server-header: sw-cp-server
2070|_http-title: Plesk Onyx 17.8.11
20711 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
2072SF-Port8443-TCP:V=7.80%T=SSL%I=7%D=1/5%Time=5E119176%P=x86_64-pc-linux-gnu
2073SF:%r(RTSPRequest,A7D,"<!DOCTYPE\x20html>\n<html\x20lang=\"en\">\n\x20\x20
2074SF:<head>\n\x20\x20\x20\x20<meta\x20charset=\"utf-8\">\n\x20\x20\x20\x20<m
2075SF:eta\x20http-equiv=\"x-ua-compatible\"\x20content=\"ie=edge\">\n\x20\x20
2076SF:\x20\x20<meta\x20name=\"viewport\"\x20content=\"width=device-width,\x20
2077SF:initial-scale=1,\x20shrink-to-fit=no\">\n\x20\x20\x20\x20<title>400\x20
2078SF:Bad\x20Request</title>\n\x20\x20\x20\x20<link\x20rel=\"stylesheet\"\x20
2079SF:href=\"/error_docs/styles\.css\">\n\x20\x20</head>\n\x20\x20<body>\n\x2
2080SF:0\x20\x20\x20<div\x20class=\"page\">\n\x20\x20\x20\x20\x20\x20<div\x20c
2081SF:lass=\"main\">\n\x20\x20\x20\x20\x20\x20\x20\x20<div\x20class=\"error-d
2082SF:escription\">\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20<h1>Server\x20Er
2083SF:ror</h1>\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20<div\x20class=\"error
2084SF:-code\">400</div>\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20<h2>Bad\x20R
2085SF:equest</h2>\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20<p\x20class=\"lead
2086SF:\">Your\x20browser\x20sent\x20a\x20request\x20that\x20this\x20server\x2
2087SF:0could\x20not\x20understand\.\x20Client\x20sent\x20malformed\x20Host\x2
2088SF:0header\.</p>\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20<hr/>\n\x20\x20\
2089SF:x20\x20\x20\x20\x20\x20\x20\x20<p>If\x20you\x20think\x20this\x20is\x20a
2090SF:n\x20error,\x20please\x20<a\x20href=\"https://www\.plesk\.com/bug-repor
2091SF:t/\"\x20target=\"_blank\">let\x20us\x20know</a>\x20so\x20we\x20can\x20f
2092SF:ix\x20it!</p>\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20<p>That's\x20wha
2093SF:t\x20you\x20can\x20do</p>\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20<div
2094SF:\x20class=\"help-actions\">\n\x20")%r(RPCCheck,B2C,"HTTP/1\.1\x20400\x2
2095SF:0Bad\x20Request\r\nServer:\x20sw-cp-server\r\nDate:\x20Sun,\x2005\x20Ja
2096SF:n\x202020\x2007:34:12\x20GMT\r\nContent-Type:\x20text/html\r\nContent-L
2097SF:ength:\x202685\r\nConnection:\x20close\r\nETag:\x20\"5965c92a-a7d\"\r\n
2098SF:\r\n<!DOCTYPE\x20html>\n<html\x20lang=\"en\">\n\x20\x20<head>\n\x20\x20
2099SF:\x20\x20<meta\x20charset=\"utf-8\">\n\x20\x20\x20\x20<meta\x20http-equi
2100SF:v=\"x-ua-compatible\"\x20content=\"ie=edge\">\n\x20\x20\x20\x20<meta\x2
2101SF:0name=\"viewport\"\x20content=\"width=device-width,\x20initial-scale=1,
2102SF:\x20shrink-to-fit=no\">\n\x20\x20\x20\x20<title>400\x20Bad\x20Request</
2103SF:title>\n\x20\x20\x20\x20<link\x20rel=\"stylesheet\"\x20href=\"/error_do
2104SF:cs/styles\.css\">\n\x20\x20</head>\n\x20\x20<body>\n\x20\x20\x20\x20<di
2105SF:v\x20class=\"page\">\n\x20\x20\x20\x20\x20\x20<div\x20class=\"main\">\n
2106SF:\x20\x20\x20\x20\x20\x20\x20\x20<div\x20class=\"error-description\">\n\
2107SF:x20\x20\x20\x20\x20\x20\x20\x20\x20\x20<h1>Server\x20Error</h1>\n\x20\x
2108SF:20\x20\x20\x20\x20\x20\x20\x20\x20<div\x20class=\"error-code\">400</div
2109SF:>\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20<h2>Bad\x20Request</h2>\n\x2
2110SF:0\x20\x20\x20\x20\x20\x20\x20\x20\x20<p\x20class=\"lead\">Your\x20brows
2111SF:er\x20sent\x20a\x20request\x20that\x20this\x20server\x20could\x20not\x2
2112SF:0understand\.\x20Client\x20sent\x20malformed\x20Host\x20header\.</p>\n\
2113SF:x20\x20\x20\x20\x20\x20\x20\x20\x20\x20<hr/>\n\x20\x20\x20\x20\x20\x20\
2114SF:x20\x20\x20\x20<p>If\x20you\x20think\x20this\x20is\x20an\x20error,\x20p
2115SF:lease\x20<");
2116Device type: general purpose|storage-misc
2117Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (92%), Synology DiskStation Manager 5.X (85%)
2118OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1
2119Aggressive OS guesses: Linux 3.10 - 3.16 (92%), Linux 3.10 - 3.12 (91%), Linux 4.4 (91%), Linux 3.10 (91%), Linux 4.9 (91%), Linux 4.0 (90%), Linux 2.6.32 (87%), Linux 2.6.39 (86%), Linux 2.6.35 (86%), Linux 3.1 - 3.2 (86%)
2120No exact OS matches for host (test conditions non-ideal).
2121Network Distance: 11 hops
2122Service Info: Hosts: localhost.localdomain, mail.outhouse-media.co.uk
2123
2124TRACEROUTE (using port 40098/tcp)
2125HOP RTT ADDRESS
21261 59.61 ms 10.249.204.1
21272 89.74 ms 104.245.145.177
21283 89.77 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
21294 89.79 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
21305 149.56 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
21316 89.81 ms be3259.ccr21.ymq01.atlas.cogentco.com (154.54.41.206)
21327 149.60 ms be3771.rcr51.b048531-0.man01.atlas.cogentco.com (130.117.49.174)
21338 149.62 ms be2190.ccr21.man01.atlas.cogentco.com (130.117.1.102)
21349 149.64 ms be3771.rcr51.b048531-0.man01.atlas.cogentco.com (130.117.49.174)
213510 119.75 ms 149.11.71.210
213611 118.86 ms 194.39.164.140.srvlist.ukfast.net (194.39.164.140)
2137######################################################################################################################################
2138Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 02:37 EST
2139Nmap scan report for 194.39.164.140.srvlist.ukfast.net (194.39.164.140)
2140Host is up (0.079s latency).
2141
2142PORT STATE SERVICE VERSION
214353/tcp filtered domain
214467/tcp filtered dhcps
214568/tcp filtered dhcpc
214669/tcp filtered tftp
214788/tcp filtered kerberos-sec
2148123/tcp filtered ntp
2149137/tcp filtered netbios-ns
2150138/tcp filtered netbios-dgm
2151139/tcp closed netbios-ssn
2152161/tcp filtered snmp
2153162/tcp filtered snmptrap
2154389/tcp filtered ldap
2155520/tcp filtered efs
21562049/tcp filtered nfs
215753/udp open|filtered domain
215867/udp open|filtered dhcps
215968/udp open|filtered dhcpc
216069/udp open|filtered tftp
216188/udp open|filtered kerberos-sec
2162123/udp open|filtered ntp
2163137/udp filtered netbios-ns
2164138/udp filtered netbios-dgm
2165139/udp open|filtered netbios-ssn
2166161/udp open|filtered snmp
2167162/udp open|filtered snmptrap
2168389/udp open|filtered ldap
2169520/udp open|filtered route
21702049/udp open|filtered nfs
2171Too many fingerprints match this host to give specific OS details
2172Network Distance: 2 hops
2173
2174TRACEROUTE (using port 139/tcp)
2175HOP RTT ADDRESS
21761 93.05 ms 10.249.204.1
21772 93.04 ms 194.39.164.140.srvlist.ukfast.net (194.39.164.140)
2178#######################################################################################################################################
2179Hosts
2180=====
2181
2182address mac name os_name os_flavor os_sp purpose info comments
2183------- --- ---- ------- --------- ----- ------- ---- --------
218480.82.79.116 no-reverse-dns-configured.com Linux 7.0 server
218587.247.240.207 crayford.servers.prgn.misp.co.uk Android 5.X device
218693.174.93.84 Linux 3.X server
2187163.247.52.17 www.mtt.cl Linux 2.6.X server
2188163.247.96.10 Linux 2.6.X server
2189170.246.172.178 host-170-246-172-178.anacondaweb.com Linux 2.6.X server
2190185.68.93.22 verbatim1981.example.com Unknown device
2191186.67.91.110 ipj10-110.poderjudicial.cl Linux 2.6.X server
2192194.18.73.2 www.sakerhetspolisen.se Linux 2.6.X server
2193194.39.164.140 194.39.164.140.srvlist.ukfast.net Linux 3.X server
2194200.35.157.77 srv77.talcaguia.cl Unknown device
2195201.131.38.40 Linux 2.6.X server
2196
2197Services
2198========
2199
2200host port proto name state info
2201---- ---- ----- ---- ----- ----
220280.82.79.116 21 tcp ftp open 220 (vsFTPd 3.0.2)\x0d\x0a
220380.82.79.116 22 tcp ssh open SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u6
220480.82.79.116 53 tcp domain open ISC BIND 9.8.4-rpz2+rl005.12-P1
220580.82.79.116 53 udp domain open ISC BIND 9.8.4-rpz2+rl005.12-P1
220680.82.79.116 67 tcp dhcps closed
220780.82.79.116 67 udp dhcps closed
220880.82.79.116 68 tcp dhcpc closed
220980.82.79.116 68 udp dhcpc closed
221080.82.79.116 69 tcp tftp closed
221180.82.79.116 69 udp tftp unknown
221280.82.79.116 88 tcp kerberos-sec closed
221380.82.79.116 88 udp kerberos-sec unknown
221480.82.79.116 123 tcp ntp closed
221580.82.79.116 123 udp ntp unknown
221680.82.79.116 137 tcp netbios-ns closed
221780.82.79.116 137 udp netbios-ns filtered
221880.82.79.116 138 tcp netbios-dgm closed
221980.82.79.116 138 udp netbios-dgm filtered
222080.82.79.116 139 tcp netbios-ssn closed
222180.82.79.116 139 udp netbios-ssn unknown
222280.82.79.116 161 tcp snmp closed
222380.82.79.116 161 udp snmp closed
222480.82.79.116 162 tcp snmptrap closed
222580.82.79.116 162 udp snmptrap closed
222680.82.79.116 389 tcp ldap closed
222780.82.79.116 389 udp ldap closed
222880.82.79.116 520 tcp efs closed
222980.82.79.116 520 udp route closed
223080.82.79.116 2049 tcp nfs closed
223180.82.79.116 2049 udp nfs unknown
223287.247.240.207 21 tcp ftp open ProFTPD
223387.247.240.207 22 tcp ssh open OpenSSH 7.4 protocol 2.0
223487.247.240.207 67 udp dhcps unknown
223587.247.240.207 68 udp dhcpc unknown
223687.247.240.207 69 udp tftp unknown
223787.247.240.207 80 tcp http open Apache httpd
223887.247.240.207 88 udp kerberos-sec unknown
223987.247.240.207 110 tcp pop3 open Dovecot pop3d
224087.247.240.207 123 udp ntp unknown
224187.247.240.207 139 udp netbios-ssn unknown
224287.247.240.207 143 tcp imap open Dovecot imapd
224387.247.240.207 161 udp snmp unknown
224487.247.240.207 162 udp snmptrap unknown
224587.247.240.207 389 udp ldap unknown
224687.247.240.207 443 tcp ssl/http open Apache httpd
224787.247.240.207 465 tcp ssl/smtp open Exim smtpd 4.92
224887.247.240.207 520 udp route unknown
224987.247.240.207 587 tcp smtp open Exim smtpd 4.92
225087.247.240.207 993 tcp ssl/imaps open
225187.247.240.207 995 tcp ssl/pop3s open
225287.247.240.207 2049 udp nfs unknown
225393.174.93.84 21 tcp ftp open vsftpd 3.0.2
225493.174.93.84 25 tcp smtp closed
225593.174.93.84 53 tcp domain filtered
225693.174.93.84 53 udp domain filtered
225793.174.93.84 67 tcp dhcps filtered
225893.174.93.84 67 udp dhcps filtered
225993.174.93.84 68 tcp dhcpc filtered
226093.174.93.84 68 udp dhcpc unknown
226193.174.93.84 69 tcp tftp filtered
226293.174.93.84 69 udp tftp unknown
226393.174.93.84 80 tcp http open Apache httpd 2.4.6 (CentOS) PHP/5.4.16
226493.174.93.84 88 tcp kerberos-sec filtered
226593.174.93.84 88 udp kerberos-sec unknown
226693.174.93.84 123 tcp ntp filtered
226793.174.93.84 123 udp ntp filtered
226893.174.93.84 137 tcp netbios-ns filtered
226993.174.93.84 137 udp netbios-ns filtered
227093.174.93.84 138 tcp netbios-dgm filtered
227193.174.93.84 138 udp netbios-dgm filtered
227293.174.93.84 139 tcp netbios-ssn closed
227393.174.93.84 139 udp netbios-ssn unknown
227493.174.93.84 161 tcp snmp filtered
227593.174.93.84 161 udp snmp unknown
227693.174.93.84 162 tcp snmptrap filtered
227793.174.93.84 162 udp snmptrap unknown
227893.174.93.84 389 tcp ldap filtered
227993.174.93.84 389 udp ldap filtered
228093.174.93.84 445 tcp microsoft-ds closed
228193.174.93.84 520 tcp efs filtered
228293.174.93.84 520 udp route unknown
228393.174.93.84 2049 tcp nfs filtered
228493.174.93.84 2049 udp nfs unknown
2285163.247.52.17 25 tcp smtp closed
2286163.247.52.17 53 tcp domain filtered
2287163.247.52.17 53 udp domain unknown
2288163.247.52.17 67 tcp dhcps filtered
2289163.247.52.17 67 udp dhcps unknown
2290163.247.52.17 68 tcp dhcpc filtered
2291163.247.52.17 68 udp dhcpc unknown
2292163.247.52.17 69 tcp tftp filtered
2293163.247.52.17 69 udp tftp unknown
2294163.247.52.17 80 tcp http open Apache httpd
2295163.247.52.17 88 tcp kerberos-sec filtered
2296163.247.52.17 88 udp kerberos-sec unknown
2297163.247.52.17 113 tcp ident closed
2298163.247.52.17 123 tcp ntp filtered
2299163.247.52.17 123 udp ntp unknown
2300163.247.52.17 137 tcp netbios-ns filtered
2301163.247.52.17 137 udp netbios-ns filtered
2302163.247.52.17 138 tcp netbios-dgm filtered
2303163.247.52.17 138 udp netbios-dgm filtered
2304163.247.52.17 139 tcp netbios-ssn closed
2305163.247.52.17 139 udp netbios-ssn unknown
2306163.247.52.17 161 tcp snmp filtered
2307163.247.52.17 161 udp snmp unknown
2308163.247.52.17 162 tcp snmptrap filtered
2309163.247.52.17 162 udp snmptrap unknown
2310163.247.52.17 389 tcp ldap filtered
2311163.247.52.17 389 udp ldap unknown
2312163.247.52.17 443 tcp ssl/https open
2313163.247.52.17 445 tcp microsoft-ds closed
2314163.247.52.17 520 tcp efs filtered
2315163.247.52.17 520 udp route unknown
2316163.247.52.17 2049 tcp nfs filtered
2317163.247.52.17 2049 udp nfs unknown
2318163.247.96.10 25 tcp smtp closed
2319163.247.96.10 53 tcp domain filtered
2320163.247.96.10 53 udp domain unknown
2321163.247.96.10 67 tcp dhcps filtered
2322163.247.96.10 67 udp dhcps unknown
2323163.247.96.10 68 tcp dhcpc filtered
2324163.247.96.10 68 udp dhcpc unknown
2325163.247.96.10 69 tcp tftp filtered
2326163.247.96.10 69 udp tftp unknown
2327163.247.96.10 80 tcp http open Apache httpd 2.2.22
2328163.247.96.10 88 tcp kerberos-sec filtered
2329163.247.96.10 88 udp kerberos-sec unknown
2330163.247.96.10 113 tcp ident closed
2331163.247.96.10 123 tcp ntp filtered
2332163.247.96.10 123 udp ntp unknown
2333163.247.96.10 137 tcp netbios-ns filtered
2334163.247.96.10 137 udp netbios-ns filtered
2335163.247.96.10 138 tcp netbios-dgm filtered
2336163.247.96.10 138 udp netbios-dgm filtered
2337163.247.96.10 139 tcp netbios-ssn closed
2338163.247.96.10 139 udp netbios-ssn unknown
2339163.247.96.10 161 tcp snmp filtered
2340163.247.96.10 161 udp snmp unknown
2341163.247.96.10 162 tcp snmptrap filtered
2342163.247.96.10 162 udp snmptrap unknown
2343163.247.96.10 389 tcp ldap filtered
2344163.247.96.10 389 udp ldap unknown
2345163.247.96.10 445 tcp microsoft-ds closed
2346163.247.96.10 465 tcp ssl/smtp open Exim smtpd 4.X
2347163.247.96.10 520 tcp efs filtered
2348163.247.96.10 520 udp route unknown
2349163.247.96.10 587 tcp smtp open Exim smtpd
2350163.247.96.10 2000 tcp cisco-sccp open
2351163.247.96.10 2049 tcp nfs filtered
2352163.247.96.10 2049 udp nfs unknown
2353163.247.96.10 4443 tcp http open Apache httpd
2354163.247.96.10 5060 tcp sip open
2355170.246.172.178 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 2 of 50 allowed.\x0d\x0a220-Local time is now 23:38. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
2356170.246.172.178 25 tcp smtp closed
2357170.246.172.178 53 tcp domain open PowerDNS Authoritative Server 4.1.10
2358170.246.172.178 53 udp domain open PowerDNS Authoritative Server 4.1.10
2359170.246.172.178 67 tcp dhcps filtered
2360170.246.172.178 67 udp dhcps unknown
2361170.246.172.178 68 tcp dhcpc filtered
2362170.246.172.178 68 udp dhcpc unknown
2363170.246.172.178 69 tcp tftp filtered
2364170.246.172.178 69 udp tftp unknown
2365170.246.172.178 88 tcp kerberos-sec filtered
2366170.246.172.178 88 udp kerberos-sec unknown
2367170.246.172.178 123 tcp ntp filtered
2368170.246.172.178 123 udp ntp unknown
2369170.246.172.178 137 tcp netbios-ns filtered
2370170.246.172.178 137 udp netbios-ns filtered
2371170.246.172.178 138 tcp netbios-dgm filtered
2372170.246.172.178 138 udp netbios-dgm filtered
2373170.246.172.178 139 tcp netbios-ssn closed
2374170.246.172.178 139 udp netbios-ssn unknown
2375170.246.172.178 161 tcp snmp filtered
2376170.246.172.178 161 udp snmp unknown
2377170.246.172.178 162 tcp snmptrap filtered
2378170.246.172.178 162 udp snmptrap unknown
2379170.246.172.178 389 tcp ldap filtered
2380170.246.172.178 389 udp ldap unknown
2381170.246.172.178 445 tcp microsoft-ds closed
2382170.246.172.178 520 tcp efs filtered
2383170.246.172.178 520 udp route unknown
2384170.246.172.178 2049 tcp nfs filtered
2385170.246.172.178 2049 udp nfs unknown
2386185.68.93.22 22 tcp ssh open SSH-2.0-OpenSSH_5.3
2387185.68.93.22 53 tcp domain closed
2388185.68.93.22 53 udp domain unknown
2389185.68.93.22 67 tcp dhcps closed
2390185.68.93.22 67 udp dhcps closed
2391185.68.93.22 68 tcp dhcpc closed
2392185.68.93.22 68 udp dhcpc closed
2393185.68.93.22 69 tcp tftp closed
2394185.68.93.22 69 udp tftp unknown
2395185.68.93.22 88 tcp kerberos-sec closed
2396185.68.93.22 88 udp kerberos-sec unknown
2397185.68.93.22 123 tcp ntp closed
2398185.68.93.22 123 udp ntp closed
2399185.68.93.22 137 tcp netbios-ns closed
2400185.68.93.22 137 udp netbios-ns filtered
2401185.68.93.22 138 tcp netbios-dgm closed
2402185.68.93.22 138 udp netbios-dgm filtered
2403185.68.93.22 139 tcp netbios-ssn closed
2404185.68.93.22 139 udp netbios-ssn closed
2405185.68.93.22 161 tcp snmp closed
2406185.68.93.22 161 udp snmp unknown
2407185.68.93.22 162 tcp snmptrap closed
2408185.68.93.22 162 udp snmptrap closed
2409185.68.93.22 389 tcp ldap closed
2410185.68.93.22 389 udp ldap unknown
2411185.68.93.22 520 tcp efs closed
2412185.68.93.22 520 udp route unknown
2413185.68.93.22 2049 tcp nfs closed
2414185.68.93.22 2049 udp nfs closed
2415186.67.91.110 25 tcp smtp closed
2416186.67.91.110 53 tcp domain filtered
2417186.67.91.110 53 udp domain unknown
2418186.67.91.110 67 tcp dhcps filtered
2419186.67.91.110 67 udp dhcps unknown
2420186.67.91.110 68 tcp dhcpc filtered
2421186.67.91.110 68 udp dhcpc unknown
2422186.67.91.110 69 tcp tftp filtered
2423186.67.91.110 69 udp tftp unknown
2424186.67.91.110 80 tcp http-proxy open F5 BIG-IP load balancer http proxy
2425186.67.91.110 88 tcp kerberos-sec filtered
2426186.67.91.110 88 udp kerberos-sec unknown
2427186.67.91.110 123 tcp ntp filtered
2428186.67.91.110 123 udp ntp unknown
2429186.67.91.110 137 tcp netbios-ns filtered
2430186.67.91.110 137 udp netbios-ns filtered
2431186.67.91.110 138 tcp netbios-dgm filtered
2432186.67.91.110 138 udp netbios-dgm filtered
2433186.67.91.110 139 tcp netbios-ssn closed
2434186.67.91.110 139 udp netbios-ssn unknown
2435186.67.91.110 161 tcp snmp filtered
2436186.67.91.110 161 udp snmp unknown
2437186.67.91.110 162 tcp snmptrap filtered
2438186.67.91.110 162 udp snmptrap unknown
2439186.67.91.110 389 tcp ldap filtered
2440186.67.91.110 389 udp ldap unknown
2441186.67.91.110 443 tcp ssl/https open
2442186.67.91.110 445 tcp microsoft-ds closed
2443186.67.91.110 520 tcp efs filtered
2444186.67.91.110 520 udp route unknown
2445186.67.91.110 2049 tcp nfs filtered
2446186.67.91.110 2049 udp nfs unknown
2447194.18.73.2 25 tcp smtp closed
2448194.18.73.2 53 tcp domain filtered
2449194.18.73.2 53 udp domain unknown
2450194.18.73.2 67 tcp dhcps filtered
2451194.18.73.2 67 udp dhcps unknown
2452194.18.73.2 68 tcp dhcpc filtered
2453194.18.73.2 68 udp dhcpc unknown
2454194.18.73.2 69 tcp tftp filtered
2455194.18.73.2 69 udp tftp unknown
2456194.18.73.2 80 tcp http-proxy open HAProxy http proxy 1.3.1 or later
2457194.18.73.2 88 tcp kerberos-sec filtered
2458194.18.73.2 88 udp kerberos-sec unknown
2459194.18.73.2 113 tcp ident closed
2460194.18.73.2 123 tcp ntp filtered
2461194.18.73.2 123 udp ntp unknown
2462194.18.73.2 137 tcp netbios-ns filtered
2463194.18.73.2 137 udp netbios-ns filtered
2464194.18.73.2 138 tcp netbios-dgm filtered
2465194.18.73.2 138 udp netbios-dgm filtered
2466194.18.73.2 139 tcp netbios-ssn closed
2467194.18.73.2 139 udp netbios-ssn unknown
2468194.18.73.2 161 tcp snmp filtered
2469194.18.73.2 161 udp snmp unknown
2470194.18.73.2 162 tcp snmptrap filtered
2471194.18.73.2 162 udp snmptrap unknown
2472194.18.73.2 389 tcp ldap filtered
2473194.18.73.2 389 udp ldap unknown
2474194.18.73.2 443 tcp ssl/http-proxy open HAProxy http proxy 1.3.1 or later
2475194.18.73.2 445 tcp microsoft-ds closed
2476194.18.73.2 520 tcp efs filtered
2477194.18.73.2 520 udp route closed
2478194.18.73.2 2049 tcp nfs filtered
2479194.18.73.2 2049 udp nfs unknown
2480194.39.164.140 21 tcp ftp open ProFTPD
2481194.39.164.140 53 tcp domain filtered
2482194.39.164.140 53 udp domain unknown
2483194.39.164.140 67 tcp dhcps filtered
2484194.39.164.140 67 udp dhcps unknown
2485194.39.164.140 68 tcp dhcpc filtered
2486194.39.164.140 68 udp dhcpc unknown
2487194.39.164.140 69 tcp tftp filtered
2488194.39.164.140 69 udp tftp unknown
2489194.39.164.140 80 tcp http open nginx
2490194.39.164.140 88 tcp kerberos-sec filtered
2491194.39.164.140 88 udp kerberos-sec unknown
2492194.39.164.140 110 tcp pop3 open Courier pop3d
2493194.39.164.140 123 tcp ntp filtered
2494194.39.164.140 123 udp ntp unknown
2495194.39.164.140 137 tcp netbios-ns filtered
2496194.39.164.140 137 udp netbios-ns filtered
2497194.39.164.140 138 tcp netbios-dgm filtered
2498194.39.164.140 138 udp netbios-dgm filtered
2499194.39.164.140 139 tcp netbios-ssn closed
2500194.39.164.140 139 udp netbios-ssn unknown
2501194.39.164.140 161 tcp snmp filtered
2502194.39.164.140 161 udp snmp unknown
2503194.39.164.140 162 tcp snmptrap filtered
2504194.39.164.140 162 udp snmptrap unknown
2505194.39.164.140 389 tcp ldap filtered
2506194.39.164.140 389 udp ldap unknown
2507194.39.164.140 443 tcp ssl/http open nginx
2508194.39.164.140 465 tcp ssl/smtps open
2509194.39.164.140 520 tcp efs filtered
2510194.39.164.140 520 udp route unknown
2511194.39.164.140 587 tcp smtp open Postfix smtpd
2512194.39.164.140 993 tcp ssl/imaps open
2513194.39.164.140 2020 tcp ssh open OpenSSH 7.4 protocol 2.0
2514194.39.164.140 2049 tcp nfs filtered
2515194.39.164.140 2049 udp nfs unknown
2516194.39.164.140 8443 tcp ssl/https-alt open sw-cp-server
2517194.39.164.140 8880 tcp http open sw-cp-server httpd Plesk Onyx 17.8.11
2518200.35.157.77 53 tcp domain filtered
2519200.35.157.77 53 udp domain unknown
2520200.35.157.77 67 tcp dhcps filtered
2521200.35.157.77 67 udp dhcps unknown
2522200.35.157.77 68 tcp dhcpc filtered
2523200.35.157.77 68 udp dhcpc unknown
2524200.35.157.77 69 tcp tftp filtered
2525200.35.157.77 69 udp tftp unknown
2526200.35.157.77 88 tcp kerberos-sec filtered
2527200.35.157.77 88 udp kerberos-sec unknown
2528200.35.157.77 123 tcp ntp filtered
2529200.35.157.77 123 udp ntp unknown
2530200.35.157.77 137 tcp netbios-ns filtered
2531200.35.157.77 137 udp netbios-ns filtered
2532200.35.157.77 138 tcp netbios-dgm filtered
2533200.35.157.77 138 udp netbios-dgm filtered
2534200.35.157.77 139 tcp netbios-ssn closed
2535200.35.157.77 139 udp netbios-ssn unknown
2536200.35.157.77 161 tcp snmp filtered
2537200.35.157.77 161 udp snmp unknown
2538200.35.157.77 162 tcp snmptrap filtered
2539200.35.157.77 162 udp snmptrap unknown
2540200.35.157.77 389 tcp ldap filtered
2541200.35.157.77 389 udp ldap unknown
2542200.35.157.77 520 tcp efs filtered
2543200.35.157.77 520 udp route unknown
2544200.35.157.77 2049 tcp nfs filtered
2545200.35.157.77 2049 udp nfs unknown
2546201.131.38.40 25 tcp smtp closed
2547201.131.38.40 53 tcp domain filtered
2548201.131.38.40 53 udp domain unknown
2549201.131.38.40 67 tcp dhcps filtered
2550201.131.38.40 67 udp dhcps unknown
2551201.131.38.40 68 tcp dhcpc filtered
2552201.131.38.40 68 udp dhcpc unknown
2553201.131.38.40 69 tcp tftp filtered
2554201.131.38.40 69 udp tftp unknown
2555201.131.38.40 80 tcp http open Apache httpd
2556201.131.38.40 88 tcp kerberos-sec filtered
2557201.131.38.40 88 udp kerberos-sec unknown
2558201.131.38.40 123 tcp ntp filtered
2559201.131.38.40 123 udp ntp unknown
2560201.131.38.40 137 tcp netbios-ns filtered
2561201.131.38.40 137 udp netbios-ns filtered
2562201.131.38.40 138 tcp netbios-dgm filtered
2563201.131.38.40 138 udp netbios-dgm filtered
2564201.131.38.40 139 tcp netbios-ssn closed
2565201.131.38.40 139 udp netbios-ssn unknown
2566201.131.38.40 161 tcp snmp filtered
2567201.131.38.40 161 udp snmp unknown
2568201.131.38.40 162 tcp snmptrap filtered
2569201.131.38.40 162 udp snmptrap unknown
2570201.131.38.40 389 tcp ldap filtered
2571201.131.38.40 389 udp ldap unknown
2572201.131.38.40 443 tcp ssl/http open Apache httpd
2573201.131.38.40 445 tcp microsoft-ds closed
2574201.131.38.40 520 tcp efs filtered
2575201.131.38.40 520 udp route unknown
2576201.131.38.40 2049 tcp nfs filtered
2577201.131.38.40 2049 udp nfs unknown
2578######################################################################################################################################
2579Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 02:10 EST
2580Nmap scan report for 194.39.164.140.srvlist.ukfast.net (194.39.164.140)
2581Host is up (0.12s latency).
2582Not shown: 987 filtered ports
2583PORT STATE SERVICE VERSION
258420/tcp closed ftp-data
258521/tcp open ftp ProFTPD
2586| vulscan: VulDB - https://vuldb.com:
2587| [138380] ProFTPD 1.3.5b mod_copy Code Execution
2588| [81624] ProFTPD up to 1.3.5a/1.3.6rc1 mod_tls mod_tls.c weak encryption
2589| [75436] ProFTPD 1.3.4e/1.3.5 mod_copy File privilege escalation
2590| [10259] ProFTPD 1.3.4/1.3.5 mod_sftp/mod_sftp_pam kbdint.c resp_count denial of service
2591| [7244] ProFTPD up to 1.3.4 MKD/XMKD Command race condition
2592| [59589] ProFTPD up to 1.3.3 Use-After-Free memory corruption
2593| [4290] ProFTPD up to 1.3.3 mod_sftpd Big Payload denial of service
2594| [56304] ProFTPD up to 1.3.3 contrib/mod_sql.c) sql_prepare_where memory corruption
2595| [56042] GNU C Library up to 2.12.2 proftpd.gnu.c denial of service
2596| [56041] GNU C Library up to 2.12.2 proftpd.gnu.c denial of service
2597| [55410] ProFTPD 1.3.2/1.3.3 Telnet netio.c pr_netio_telnet_gets memory corruption
2598| [55403] ProFTPD 1.2.10/1.3.0/1.3.1/1.3.2/1.3.3 mod_site_misc Symlink directory traversal
2599| [55392] ProFTPD up to 1.3.2 pr_data_xfer denial of service
2600| [50631] ProFTPD 1.3.1/1.3.2/1.3.3 mod_tls unknown vulnerability
2601| [46500] ProFTPD 1.3.1 mod_sql_mysql sql injection
2602| [46499] ProFTPD 1.3.1/1.3.2/1.3.2 Rc2 mod_sql sql injection
2603| [44191] ProFTPD 1.3.1 FTP Command cross site request forgery
2604| [36309] ProFTPD 1.3.0 Rc1 mod_sql Plaintext unknown vulnerability
2605| [2747] ProFTPD 1.3.0/1.3.0a mod_ctrls pr_ctrls_recv_request memory corruption
2606| [33495] ProFTPD 1.3.0a Configuration File affected denial of service
2607| [2711] ProFTPD 1.3.0a mod_tls tls_x509_name_oneline memory corruption
2608| [2705] ProFTPD 1.3.0 main.c CommandBufferSize denial of service
2609|
2610| MITRE CVE - https://cve.mitre.org:
2611| [CVE-2012-6095] ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
2612| [CVE-2011-4130] Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
2613| [CVE-2011-1137] Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.
2614| [CVE-2010-4652] Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
2615| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
2616| [CVE-2010-4221] Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
2617| [CVE-2010-4052] Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
2618| [CVE-2010-4051] The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
2619| [CVE-2010-3867] Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.
2620| [CVE-2009-3639] The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
2621| [CVE-2009-0919] XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the "lampp" default password for the "nobody" account within the included ProFTPD installation, (2) a blank default password for the "root" account within the included MySQL installation, (3) a blank default password for the "pma" account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK, but this issue affects any product that is installed within the XAMPP environment, and should not be viewed as a vulnerability within that product. NOTE: DFLabs states that PTK is intended for use in a laboratory with "no contact from / to internet."
2622| [CVE-2009-0543] ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
2623| [CVE-2009-0542] SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
2624| [CVE-2008-7265] The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.
2625| [CVE-2008-4242] ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
2626| [CVE-2007-2165] The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.
2627| [CVE-2006-6563] Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
2628| [CVE-2006-6171] ** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability.
2629| [CVE-2006-6170] Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.
2630| [CVE-2006-5815] Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
2631| [CVE-2005-4816] Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
2632| [CVE-2005-2390] Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.
2633| [CVE-2005-0484] Format string vulnerability in gprostats for GProFTPD before 8.1.9 may allow remote attackers to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log.
2634| [CVE-2004-1602] ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
2635| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
2636| [CVE-2004-0432] ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
2637| [CVE-2004-0346] Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.
2638| [CVE-2003-0831] ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
2639| [CVE-2003-0500] SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
2640| [CVE-2001-1501] The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) "*/..", (2) "*/.*", or (3) ".*./*?/" sequences in the argument.
2641| [CVE-2001-1500] ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged.
2642| [CVE-2001-0456] postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
2643| [CVE-2001-0318] Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).
2644| [CVE-2001-0136] Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.
2645| [CVE-2001-0027] mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users.
2646| [CVE-2000-0574] FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.
2647| [CVE-1999-1475] ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.
2648| [CVE-1999-0911] Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
2649| [CVE-1999-0368] Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
2650|
2651| SecurityFocus - https://www.securityfocus.com/bid/:
2652| [97409] ProFTPD CVE-2017-7418 Local Security Bypass Vulnerability
2653| [89750] ProFTPD CVE-2001-1501 Denial-Of-Service Vulnerability
2654| [88575] ProFTPD CVE-2001-0027 Denial-Of-Service Vulnerability
2655| [84378] Proftpd CVE-2008-7265 Denial-Of-Service Vulnerability
2656| [84329] ProFTPD Out Of Bounds Multiple Memory Corruption Vulnerabilities
2657| [84327] ProFTPD CVE-2016-3125 Diffie Hellman Key Exchange Security Bypass Vulnerability
2658| [82756] ProFTPD CVE-2003-0500 SQL-Injection Vulnerability
2659| [82433] GProFTPD CVE-2005-0484 Remote Security Vulnerability
2660| [77684] ProFTPD Heap Buffer Overflow and Denial of Service Vulnerabilities
2661| [74238] ProFTPD CVE-2015-3306 Information Disclosure Vulnerabilities
2662| [62328] ProFTPD 'mod_sftp_pam' Remote Denial of Service Vulnerability
2663| [57172] ProFTPD Race Condition Local Privilege Escalation Vulnerability
2664| [50631] ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
2665| [46183] ProFTPD 'mod_sftp' Module Integer Overflow Vulnerability
2666| [45150] ProFTPD Backdoor Unauthorized Access Vulnerability
2667| [44933] ProFTPD 'mod_sql' Remote Heap Based Buffer Overflow Vulnerability
2668| [44562] ProFTPD Multiple Remote Vulnerabilities
2669| [36804] ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
2670| [33722] ProFTPD 'mod_sql' Username SQL Injection Vulnerability
2671| [33650] ProFTPD Character Encoding SQL Injection Vulnerability
2672| [23546] ProFTPD AUTH Multiple Authentication Module Security Bypass Vulnerability
2673| [21587] ProFTPD Controls Module Local Buffer Overflow Vulnerability
2674| [21326] ProFTPD MOD_TLS Remote Buffer Overflow Vulnerability
2675| [20992] ProFTPD SReplace Remote Buffer Overflow Vulnerability
2676| [16535] ProFTPD Mod_Radius Buffer Overflow Vulnerability
2677| [14381] ProFTPD Shutdown Message Format String Vulnerability
2678| [14380] ProFTPD SQLShowInfo SQL Output Format String Vulnerability
2679| [12588] GProFTPD GProstats Remote Format String Vulnerability
2680| [11430] ProFTPD Authentication Delay Username Enumeration Vulnerability
2681| [10252] ProFTPD CIDR Access Control Rule Bypass Vulnerability
2682| [9782] ProFTPD _xlate_ascii_write() Buffer Overrun Vulnerability
2683| [8679] ProFTPD ASCII File Transfer Buffer Overrun Vulnerability
2684| [7974] ProFTPD SQL Injection mod_sql Vulnerability
2685| [6781] ProFTPD 1.2.0rc2 log_pri() Format String Vulnerability
2686| [6341] ProFTPD STAT Command Denial Of Service Vulnerability
2687| [3310] ProFTPD Client Hostname Resolving Vulnerability
2688| [2366] ProFTPD USER Remote Denial of Service Vulnerability
2689| [2185] ProFTPD SIZE Remote Denial of Service Vulnerability
2690| [812] ProFTPD mod_sqlpw Vulnerability
2691| [650] ProFTPD snprintf Vulnerability
2692| [612] ProFTPD Remote Buffer Overflow
2693|
2694| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2695| [80980] ProFTPD FTP commands symlink
2696| [71226] ProFTPD pool code execution
2697| [65207] ProFTPD mod_sftp module denial of service
2698| [64495] ProFTPD sql_prepare_where() buffer overflow
2699| [63658] ProFTPD FTP server backdoor
2700| [63407] mod_sql module for ProFTPD buffer overflow
2701| [63155] ProFTPD pr_data_xfer denial of service
2702| [62909] ProFTPD mod_site_misc directory traversal
2703| [62908] ProFTPD pr_netio_telnet_gets() buffer overflow
2704| [53936] ProFTPD mod_tls SSL certificate security bypass
2705| [48951] ProFTPD mod_sql username percent SQL injection
2706| [48558] ProFTPD NLS support SQL injection protection bypass
2707| [45274] ProFTPD URL cross-site request forgery
2708| [33733] ProFTPD Auth API security bypass
2709| [31461] ProFTPD mod_radius buffer overflow
2710| [30906] ProFTPD Controls (mod_ctrls) module buffer overflow
2711| [30554] ProFTPD mod_tls module tls_x509_name_oneline() buffer overflow
2712| [30147] ProFTPD sreplace() buffer overflow
2713| [21530] ProFTPD mod_sql format string attack
2714| [21528] ProFTPD shutdown message format string attack
2715| [19410] GProFTPD file name format string attack
2716| [18453] ProFTPD SITE CHGRP command allows group ownership modification
2717| [17724] ProFTPD could allow an attacker to obtain valid accounts
2718| [16038] ProFTPD CIDR entry ACL bypass
2719| [15387] ProFTPD off-by-one _xlate_ascii_write function buffer overflow
2720| [12369] ProFTPD mod_sql SQL injection
2721| [12200] ProFTPD ASCII file newline buffer overflow
2722| [10932] ProFTPD long PASS command buffer overflow
2723| [8332] ProFTPD mod_sqlpw stores passwords in the wtmp log file
2724| [7818] ProFTPD ls "
2725| [7816] ProFTPD file globbing denial of service
2726| [7126] ProFTPD fails to resolve hostnames
2727| [6433] ProFTPD format string
2728| [6209] proFTPD /var symlink
2729| [6208] ProFTPD contains configuration error in postinst script when running as root
2730| [5801] proftpd memory leak when using SIZE or USER commands
2731| [5737] ProFTPD system using mod_sqlpw unauthorized access
2732|
2733| Exploit-DB - https://www.exploit-db.com:
2734| [23170] ProFTPD 1.2.7/1.2.8 ASCII File Transfer Buffer Overrun Vulnerability
2735| [22079] ProFTPD 1.2.x STAT Command Denial of Service Vulnerability
2736| [20690] wu-ftpd 2.4/2.5/2.6,Trolltech ftpd 1.2,ProFTPD 1.2,BeroFTPD 1.3.4 FTP glob Expansion Vulnerability
2737| [20536] ProFTPD 1.2 SIZE Remote Denial of Service Vulnerability
2738| [19503] ProFTPD 1.2 pre6 snprintf Vulnerability
2739| [19476] ProFTPD 1.2 pre1/pre2/pre3/pre4/pre5 Remote Buffer Overflow (2)
2740| [19475] ProFTPD 1.2 pre1/pre2/pre3/pre4/pre5 Remote Buffer Overflow (1)
2741| [19087] wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (2)
2742| [19086] wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (1)
2743| [18181] FreeBSD ftpd and ProFTPd on FreeBSD Remote r00t Exploit
2744| [16921] ProFTPD-1.3.3c Backdoor Command Execution
2745| [16878] ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)
2746| [16852] ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux)
2747| [16851] ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (Linux)
2748| [16129] ProFTPD mod_sftp Integer Overflow DoS PoC
2749| [15662] ProFTPD 1.3.3c compromised source remote root Trojan
2750| [15449] ProFTPD IAC Remote Root Exploit
2751| [10044] ProFTPd 1.3.0 mod_ctrls Local Stack Overflow (opensuse)
2752| [8037] ProFTPd with mod_mysql Authentication Bypass Vulnerability
2753| [4312] ProFTPD 1.x (module mod_tls) Remote Buffer Overflow Exploit
2754| [3730] ProFTPD 1.3.0/1.3.0a (mod_ctrls) Local Overflow Exploit (exec-shield)
2755| [3333] ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit 2
2756| [3330] ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit
2757| [3021] ProFTPD <= 1.2.9 rc2 (ASCII File) Remote Root Exploit
2758| [2928] ProFTPD <= 1.3.0a (mod_ctrls support) Local Buffer Overflow PoC
2759| [2856] ProFTPD 1.3.0 (sreplace) Remote Stack Overflow Exploit (meta)
2760| [581] ProFTPD <= 1.2.10 Remote Users Enumeration Exploit
2761| [394] ProFTPd Local pr_ctrls_connect Vulnerability - ftpdctl
2762| [244] ProFTPD <= 1.2.0pre10 Remote Denial of Service Exploit
2763| [241] ProFTPD 1.2.0 (rc2) - memory leakage example Exploit
2764| [110] ProFTPD 1.2.7 - 1.2.9rc2 Remote Root & brute-force Exploit
2765| [107] ProFTPD 1.2.9rc2 ASCII File Remote Root Exploit
2766| [43] ProFTPD 1.2.9RC1 (mod_sql) Remote SQL Injection Exploit
2767|
2768| OpenVAS (Nessus) - http://www.openvas.org:
2769| [900815] ProFTPD Server Remote Version Detection
2770| [900507] ProFTPD Server SQL Injection Vulnerability
2771| [900506] ProFTPD Server Version Detection
2772| [900133] ProFTPD Long Command Handling Security Vulnerability
2773| [863897] Fedora Update for proftpd FEDORA-2011-15765
2774| [863633] Fedora Update for proftpd FEDORA-2011-15741
2775| [863630] Fedora Update for proftpd FEDORA-2011-15740
2776| [862999] Fedora Update for proftpd FEDORA-2011-5040
2777| [862992] Fedora Update for proftpd FEDORA-2011-5033
2778| [862829] Fedora Update for proftpd FEDORA-2011-0613
2779| [862828] Fedora Update for proftpd FEDORA-2011-0610
2780| [862658] Fedora Update for proftpd FEDORA-2010-17091
2781| [862546] Fedora Update for proftpd FEDORA-2010-17220
2782| [862544] Fedora Update for proftpd FEDORA-2010-17098
2783| [861120] Fedora Update for proftpd FEDORA-2007-2613
2784| [831503] Mandriva Update for proftpd MDVSA-2011:181 (proftpd)
2785| [831323] Mandriva Update for proftpd MDVSA-2011:023 (proftpd)
2786| [831242] Mandriva Update for proftpd MDVSA-2010:227 (proftpd)
2787| [830311] Mandriva Update for proftpd MDKSA-2007:130 (proftpd)
2788| [830197] Mandriva Update for proftpd MDKA-2007:089 (proftpd)
2789| [801640] ProFTPD Denial of Service Vulnerability
2790| [801639] ProFTPD Multiple Remote Vulnerabilities
2791| [103331] ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
2792| [100933] ProFTPD Backdoor Unauthorized Access Vulnerability
2793| [100316] ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
2794| [71967] Slackware Advisory SSA:2012-041-04 proftpd
2795| [70586] FreeBSD Ports: proftpd, proftpd-mysql
2796| [70560] Debian Security Advisory DSA 2346-2 (proftpd-dfsg)
2797| [70559] Debian Security Advisory DSA 2346-1 (proftpd-dfsg)
2798| [69584] Slackware Advisory SSA:2011-095-01 proftpd
2799| [69327] Debian Security Advisory DSA 2191-1 (proftpd-dfsg)
2800| [69322] Debian Security Advisory DSA 2185-1 (proftpd-dfsg)
2801| [68801] Slackware Advisory SSA:2010-357-02 proftpd
2802| [68702] FreeBSD Ports: proftpd
2803| [68697] FreeBSD Ports: proftpd
2804| [68466] Slackware Advisory SSA:2010-305-03 proftpd
2805| [66585] Fedora Core 11 FEDORA-2009-13236 (proftpd)
2806| [66583] Fedora Core 12 FEDORA-2009-13250 (proftpd)
2807| [66291] Fedora Core 10 FEDORA-2009-11666 (proftpd)
2808| [66290] Fedora Core 11 FEDORA-2009-11649 (proftpd)
2809| [66205] Debian Security Advisory DSA 1925-1 (proftpd-dfsg)
2810| [66091] Mandrake Security Advisory MDVSA-2009:288 (proftpd)
2811| [64966] Fedora Core 10 FEDORA-2009-9386 (proftpd)
2812| [63630] FreeBSD Ports: proftpd, proftpd-mysql
2813| [63573] Debian Security Advisory DSA 1727-1 (proftpd-dfsg)
2814| [63558] Gentoo Security Advisory GLSA 200903-27 (proftpd)
2815| [63497] Debian Security Advisory DSA 1730-1 (proftpd-dfsg)
2816| [63128] Fedora Core 8 FEDORA-2009-0195 (proftpd)
2817| [63119] Fedora Core 10 FEDORA-2009-0089 (proftpd)
2818| [63117] Fedora Core 9 FEDORA-2009-0064 (proftpd)
2819| [63061] Debian Security Advisory DSA 1689-1 (proftpd-dfsg)
2820| [61656] FreeBSD Ports: proftpd, proftpd-mysql
2821| [58019] Gentoo Security Advisory GLSA 200702-02 (proftpd)
2822| [57939] Gentoo Security Advisory GLSA 200611-26 (proftpd)
2823| [57786] Debian Security Advisory DSA 1245-1 (proftpd)
2824| [57725] FreeBSD Ports: proftpd, proftpd-mysql
2825| [57703] Slackware Advisory SSA:2006-335-02 proftpd
2826| [57686] Debian Security Advisory DSA 1222-2 (proftpd)
2827| [57683] Debian Security Advisory DSA 1222-1 (proftpd)
2828| [57592] Debian Security Advisory DSA 1218-1 (proftpd)
2829| [57576] FreeBSD Ports: proftpd, proftpd-mysql
2830| [55234] Debian Security Advisory DSA 795-2 (proftpd)
2831| [55007] Gentoo Security Advisory GLSA 200508-02 (proftpd)
2832| [54858] Gentoo Security Advisory GLSA 200502-26 (GProFTPD)
2833| [54569] Gentoo Security Advisory GLSA 200405-09 (proftpd)
2834| [54483] FreeBSD Ports: proftpd, proftpd-mysql
2835| [53882] Slackware Advisory SSA:2003-259-02 ProFTPD Security Advisory
2836| [53794] Debian Security Advisory DSA 032-1 (proftpd)
2837| [53791] Debian Security Advisory DSA 029-1 (proftpd)
2838| [52532] FreeBSD Ports: proftpd
2839| [52464] FreeBSD Ports: proftpd
2840| [15484] proftpd < 1.2.11 remote user enumeration
2841|
2842| SecurityTracker - https://www.securitytracker.com:
2843| [1028040] ProFTPD MKD/XMKD Race Condition Lets Local Users Gain Elevated Privileges
2844| [1026321] ProFTPD Use-After-Free Memory Error Lets Remote Authenticated Users Execute Arbitrary Code
2845| [1020945] ProFTPD Request Processing Bug Permits Cross-Site Request Forgery Attacks
2846| [1017931] ProFTPD Auth API State Error May Let Remote Users Access the System in Certain Cases
2847| [1017167] ProFTPD sreplace() Off-by-one Bug Lets Remote Users Execute Arbitrary Code
2848| [1012488] ProFTPD SITE CHGRP Command Lets Remote Authenticated Users Modify File/Directory Group Ownership
2849| [1011687] ProFTPd Login Timing Differences Disclose Valid User Account Names to Remote Users
2850| [1009997] ProFTPD Access Control Bug With CIDR Addresses May Let Remote Authenticated Users Access Files
2851| [1009297] ProFTPD _xlate_ascii_write() Off-By-One Buffer Overflows Let Remote Users Execute Arbitrary Code With Root Privileges
2852| [1007794] ProFTPD ASCII Mode File Upload Buffer Overflow Lets Certain Remote Users Execute Arbitrary Code
2853| [1007020] ProFTPD Input Validation Flaw When Authenticating Against Postgresql Using 'mod_sql' Lets Remote Users Gain Access
2854| [1003019] ProFTPD FTP Server May Allow Local Users to Execute Code on the Server
2855| [1002354] ProFTPD Reverse DNS Feature Fails to Check Forward-to-Reverse DNS Mappings
2856| [1002148] ProFTPD Site and Quote Commands May Allow Remote Users to Execute Arbitrary Commands on the Server
2857|
2858| OSVDB - http://www.osvdb.org:
2859| [89051] ProFTPD Multiple FTP Command Handling Symlink Arbitrary File Overwrite
2860| [77004] ProFTPD Use-After-Free Response Pool Allocation List Parsing Remote Memory Corruption
2861| [70868] ProFTPD mod_sftp Component SSH Payload DoS
2862| [70782] ProFTPD contrib/mod_sql.c sql_prepare_where Function Crafted Username Handling Remote Overflow
2863| [69562] ProFTPD on ftp.proftpd.org Compromised Source Packages Trojaned Distribution
2864| [69200] ProFTPD pr_data_xfer Function ABOR Command Remote DoS
2865| [68988] ProFTPD mod_site_misc Module Multiple Command Traversal Arbitrary File Manipulation
2866| [68985] ProFTPD netio.c pr_netio_telnet_gets Function TELNET_IAC Escape Sequence Remote Overflow
2867| [59292] ProFTPD mod_tls Module Certificate Authority (CA) subjectAltName Field Null Byte Handling SSL MiTM Weakness
2868| [57311] ProFTPD contrib/mod_ratio.c Multiple Unspecified Buffer Handling Issues
2869| [57310] ProFTPD Multiple Unspecified Overflows
2870| [57309] ProFTPD src/support.c Unspecified Buffer Handling Issue
2871| [57308] ProFTPD modules/mod_core.c Multiple Unspecified Overflows
2872| [57307] ProFTPD Multiple Modules Unspecified Overflows
2873| [57306] ProFTPD contrib/mod_pam.c Multiple Unspecified Buffer Handling Issues
2874| [57305] ProFTPD src/main.c Unspecified Overflow
2875| [57304] ProFTPD src/log.c Logfile Handling Unspecified Race Condition
2876| [57303] ProFTPD modules/mod_auth.c Unspecified Issue
2877| [51954] ProFTPD Server NLS Support mod_sql_* Encoded Multibyte Character SQL Injection Protection Bypass
2878| [51953] ProFTPD Server mod_sql username % Character Handling SQL Injection
2879| [51849] ProFTPD Character Encoding SQL Injection
2880| [51720] ProFTPD NLST Command Argument Handling Remote Overflow
2881| [51719] ProFTPD MKDIR Command Directory Name Handling Remote Overflow
2882| [48411] ProFTPD FTP Command Truncation CSRF
2883| [34602] ProFTPD Auth API Multiple Auth Module Authentication Bypass
2884| [31509] ProFTPD mod_ctrls Module pr_ctrls_recv_request Function Local Overflow
2885| [30719] mod_tls Module for ProFTPD tls_x509_name_oneline Function Remote Overflow
2886| [30660] ProFTPD CommandBufferSize Option cmd_loop() Function DoS
2887| [30267] ProFTPD src/support.c sreplace() Function Remote Overflow
2888| [23063] ProFTPD mod_radius Password Overflow DoS
2889| [20212] ProFTPD Host Reverse Resolution Failure ACL Bypass
2890| [18271] ProFTPD mod_sql SQLShowInfo Directive Format String
2891| [18270] ProFTPD ftpshut Shutdown Message Format String
2892| [14012] GProftpd gprostats Utility Log Parser Remote Format String
2893| [10769] ProFTPD File Transfer Newline Character Overflow
2894| [10768] ProFTPD STAT Command Remote DoS
2895| [10758] ProFTPD Login Timing Account Name Enumeration
2896| [10173] ProFTPD mod_sqlpw wtmp Authentication Credential Disclosure
2897| [9507] PostgreSQL Authentication Module (mod_sql) for ProFTPD USER Name Parameter SQL Injection
2898| [9163] ProFTPD MKDIR Directory Creation / Change Remote Overflow (palmetto)
2899| [7166] ProFTPD SIZE Command Memory Leak Remote DoS
2900| [7165] ProFTPD USER Command Memory Leak DoS
2901| [5744] ProFTPD CIDR IP Subnet ACL Bypass
2902| [5705] ProFTPD Malformed cwd Command Format String
2903| [5638] ProFTPD on Debian Linux postinst Installation Privilege Escalation
2904| [4134] ProFTPD in_xlate_ascii_write() Function RETR Command Remote Overflow
2905| [144] ProFTPD src/log.c log_xfer() Function Remote Overflow
2906|_
290725/tcp closed smtp
290880/tcp open http nginx
2909|_https-redirect: ERROR: Script execution failed (use -d to debug)
2910| vulscan: VulDB - https://vuldb.com:
2911| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
2912| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
2913| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
2914| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
2915| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
2916| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
2917| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
2918| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
2919| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
2920| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
2921| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
2922| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
2923| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
2924| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
2925| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
2926| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
2927| [67677] nginx up to 1.7.3 SSL weak authentication
2928| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
2929| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
2930| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
2931| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
2932| [65364] nginx up to 1.1.13 Default Configuration information disclosure
2933| [8671] nginx up to 1.4 proxy_pass denial of service
2934| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
2935| [7247] nginx 1.2.6 Proxy Function spoofing
2936| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
2937| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
2938| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
2939| [59645] nginx up to 0.8.9 Heap-based memory corruption
2940| [53592] nginx 0.8.36 memory corruption
2941| [53590] nginx up to 0.8.9 unknown vulnerability
2942| [51533] nginx 0.7.64 Terminal privilege escalation
2943| [50905] nginx up to 0.8.9 directory traversal
2944| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
2945| [50043] nginx up to 0.8.10 memory corruption
2946|
2947| MITRE CVE - https://cve.mitre.org:
2948| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
2949| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
2950| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
2951| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
2952| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
2953| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
2954| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
2955| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
2956| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
2957| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
2958| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
2959| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
2960| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
2961|
2962| SecurityFocus - https://www.securityfocus.com/bid/:
2963| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
2964| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
2965| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
2966| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
2967| [82230] nginx Multiple Denial of Service Vulnerabilities
2968| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
2969| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
2970| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
2971| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
2972| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
2973| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
2974| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
2975| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
2976| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
2977| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
2978| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
2979| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
2980| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
2981| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
2982| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2983| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2984| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2985| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2986| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
2987| [40420] nginx Directory Traversal Vulnerability
2988| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2989| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2990| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2991| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2992| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
2993|
2994| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2995| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
2996| [84172] nginx denial of service
2997| [84048] nginx buffer overflow
2998| [83923] nginx ngx_http_close_connection() integer overflow
2999| [83688] nginx null byte code execution
3000| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
3001| [82319] nginx access.log information disclosure
3002| [80952] nginx SSL spoofing
3003| [77244] nginx and Microsoft Windows request security bypass
3004| [76778] Naxsi module for Nginx nx_extract.py directory traversal
3005| [74831] nginx ngx_http_mp4_module.c buffer overflow
3006| [74191] nginx ngx_cpystrn() information disclosure
3007| [74045] nginx header response information disclosure
3008| [71355] nginx ngx_resolver_copy() buffer overflow
3009| [59370] nginx characters denial of service
3010| [59369] nginx DATA source code disclosure
3011| [59047] nginx space source code disclosure
3012| [58966] nginx unspecified directory traversal
3013| [54025] nginx ngx_http_parse.c denial of service
3014| [53431] nginx WebDAV component directory traversal
3015| [53328] Nginx CRC-32 cached domain name spoofing
3016| [53250] Nginx ngx_http_parse_complex_uri() function code execution
3017|
3018| Exploit-DB - https://www.exploit-db.com:
3019| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
3020| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
3021| [25499] nginx 1.3.9-1.4.0 DoS PoC
3022| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
3023| [14830] nginx 0.6.38 - Heap Corruption Exploit
3024| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
3025| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
3026| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
3027| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
3028| [9829] nginx 0.7.61 WebDAV directory traversal
3029|
3030| OpenVAS (Nessus) - http://www.openvas.org:
3031| [864418] Fedora Update for nginx FEDORA-2012-3846
3032| [864310] Fedora Update for nginx FEDORA-2012-6238
3033| [864209] Fedora Update for nginx FEDORA-2012-6411
3034| [864204] Fedora Update for nginx FEDORA-2012-6371
3035| [864121] Fedora Update for nginx FEDORA-2012-4006
3036| [864115] Fedora Update for nginx FEDORA-2012-3991
3037| [864065] Fedora Update for nginx FEDORA-2011-16075
3038| [863654] Fedora Update for nginx FEDORA-2011-16110
3039| [861232] Fedora Update for nginx FEDORA-2007-1158
3040| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
3041| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
3042| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
3043| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
3044| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3045| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3046| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3047| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3048| [100659] nginx Directory Traversal Vulnerability
3049| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
3050| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3051| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3052| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3053| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
3054| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3055| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
3056| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
3057| [71297] FreeBSD Ports: nginx
3058| [71276] FreeBSD Ports: nginx
3059| [71239] Debian Security Advisory DSA 2434-1 (nginx)
3060| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
3061| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
3062| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
3063| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
3064| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
3065| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
3066| [64894] FreeBSD Ports: nginx
3067| [64869] Debian Security Advisory DSA 1884-1 (nginx)
3068|
3069| SecurityTracker - https://www.securitytracker.com:
3070| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
3071| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
3072| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
3073| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
3074|
3075| OSVDB - http://www.osvdb.org:
3076| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
3077| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
3078| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
3079| [92796] nginx ngx_http_close_connection Function Crafted r->
3080| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
3081| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
3082| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
3083| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
3084| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
3085| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
3086| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
3087| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
3088| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
3089| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
3090| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
3091| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
3092| [62617] nginx Internal DNS Cache Poisoning Weakness
3093| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
3094| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
3095| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
3096| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
3097| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
3098| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
3099| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
3100| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
3101| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
3102| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
3103|_
3104110/tcp open pop3 Courier pop3d
3105| vulscan: VulDB - https://vuldb.com:
3106| [100906] Accellion FTA WAF Filter courier/1000@/index.html cross site scripting
3107| [11638] Courier MTA Webmail Server 0.73 External File System denial of service
3108| [50729] e-Courier CMS wizard_oe2.asp Wizard_tracking.asp cross site scripting
3109| [50725] e-Courier CMS cross site scripting
3110| [46287] Pre Courier and Cargo Business unknown vulnerability
3111| [45619] Courier-mta Courtier-authlib up to 0.61.1 authpgsqllib.c sql injection
3112| [36320] Double Precision Incorporated courier-imap up to 4.1.1 Login privilege escalation
3113|
3114| MITRE CVE - https://cve.mitre.org:
3115| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
3116| [CVE-2010-1328] Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section.
3117| [CVE-2010-1327] Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
3118| [CVE-2009-3905] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to (1) Wizard_tracking.asp, (2) wizard_oe2.asp, (3) your-register.asp, (4) main-whyregister.asp, and (5) your.asp in home/, and other unspecified vectors. NOTE: the provenance of this information is unknown
3119| [CVE-2009-3901] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified vectors.
3120| [CVE-2008-7012] courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters.
3121| [CVE-2008-6984] Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.
3122| [CVE-2008-6054] PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
3123| [CVE-2008-3850] Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html.
3124| [CVE-2008-2667] SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.
3125| [CVE-2008-2380] SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.
3126| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
3127| [CVE-2006-6390] Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/
3128| [CVE-2006-2659] libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
3129| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
3130| [CVE-2005-3532] authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
3131| [CVE-2005-2151] spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
3132| [CVE-2004-0777] Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.
3133| [CVE-2004-0224] Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
3134| [CVE-2003-0040] SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
3135| [CVE-2002-1311] Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
3136| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
3137| [CVE-2002-0914] Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.
3138| [CVE-2002-0436] sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.
3139| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
3140| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
3141| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
3142|
3143| SecurityFocus - https://www.securityfocus.com/bid/:
3144| [84605] Pre Courier And Cargo Business CVE-2008-6054 Remote Security Vulnerability
3145| [75469] Courier Mail Server Multiple Memory Corruption Vulnerabilities
3146| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
3147| [41970] e-Courier CMS 'UserGUID' Parameter Multiple Cross Site Scripting Vulnerabilities
3148| [39838] tpop3d Remote Denial of Service Vulnerability
3149| [32926] Courier-Authlib Non-Latin Character Handling Postgres SQL Injection Vulnerability
3150| [29605] Courier-Authlib Non-Latin Character Handling SQL Injection Vulnerability
3151| [23589] Courier-IMAP XMAILDIR Shell Command Injection Vulnerability
3152| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
3153| [18345] Courier Mail Server Username Encoding Remote Denial Of Service Vulnerability
3154| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
3155| [15771] Courier Mail Server Unauthorized Access Vulnerability
3156| [14135] Courier Mail Server Remote Denial Of Service Vulnerability
3157| [10976] Courier-IMAP Remote Format String Vulnerability
3158| [9845] Courier Multiple Remote Buffer Overflow Vulnerabilities
3159| [8495] akpop3d User Name SQL Injection Vulnerability
3160| [8473] Vpop3d Remote Denial Of Service Vulnerability
3161| [6738] Courier-IMAP Username SQL Injection Vulnerability
3162| [6189] Courier SqWebMail File Disclosure Vulnerability
3163| [4908] Courier MTA Long Year Remote Resource Consumption Vulnerability
3164| [4269] Sun Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
3165| [3990] ZPop3D Bad Login Logging Failure Vulnerability
3166| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
3167|
3168| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3169| [54180] e-Courier CMS multiple scripts cross-site scripting
3170| [54143] e-Courier CMS index.asp cross-site scripting
3171| [47494] Courier Authentication Library Postgres SQL injection
3172| [47436] PRE COURIER &
3173| [43628] Novell OpenSUSE courier-authlib SQL injection
3174| [42950] Courier authentication library username SQL injection
3175| [33805] Gentoo Courier-IMAP command execution
3176| [26998] Courier Mail Server libs/comverp.c usernames denial of service
3177| [26578] Cyrus IMAP pop3d buffer overflow
3178| [23532] Courier Mail Server authentication daemon allows deactivated account access
3179| [21565] Courier Mail Server rfc1035/spf.c denial of service
3180| [17034] Courier-IMAP auth_debug format string attack
3181| [15434] Courier Japanese codeset converter buffer overflow
3182| [13018] akpop3d authentication code SQL injection
3183| [11213] Courier-IMAP authpgsqllib username SQL injection
3184| [10643] Courier sqwebmail mail transport agent (MTA) fails to properly enforce permissions
3185| [9228] Courier MTA long year denial of service
3186| [7345] Slackware Linux imapd and ipop3d core dump
3187| [6269] imap, ipop2d and ipop3d buffer overflows
3188| [5923] Linuxconf vpop3d symbolic link
3189| [4918] IPOP3D, Buffer overflow attack
3190| [1560] IPOP3D, user login successful
3191| [1559] IPOP3D user login to remote host successful
3192| [1525] IPOP3D, user logout
3193| [1524] IPOP3D, user auto-logout
3194| [1523] IPOP3D, user login failure
3195| [1522] IPOP3D, brute force attack
3196| [1521] IPOP3D, user kiss of death logout
3197| [418] pop3d mktemp creates insecure temporary files
3198|
3199| Exploit-DB - https://www.exploit-db.com:
3200| [23053] Vpop3d Remote Denial of Service Vulnerability
3201| [21340] Solaris 7.0/8 Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
3202| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
3203| [11893] tPop3d 1.5.3 DoS
3204| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
3205| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
3206| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
3207| [432] Courier-IMAP <= 3.0.2-r1 auth_debug() Remote Format String Exploit
3208|
3209| OpenVAS (Nessus) - http://www.openvas.org:
3210| [63556] Gentoo Security Advisory GLSA 200903-25 (courier-authlib)
3211| [63063] Debian Security Advisory DSA 1688-2 (courier-authlib)
3212| [63031] Debian Security Advisory DSA 1688-1 (courier-authlib)
3213| [61600] Gentoo Security Advisory GLSA 200809-05 (courier-authlib)
3214| [61192] FreeBSD Ports: courier-authlib
3215| [58224] Gentoo Security Advisory GLSA 200704-18 (courier-imap)
3216| [57856] Gentoo Security Advisory GLSA 200608-06 (Courier)
3217| [57001] Debian Security Advisory DSA 1101-1 (courier)
3218| [55972] Debian Security Advisory DSA 917-1 (courier)
3219| [55421] Debian Security Advisory DSA 820-1 (courier)
3220| [55204] Debian Security Advisory DSA 793-1 (courier)
3221| [55165] Debian Security Advisory DSA 784-1 (courier)
3222| [54649] Gentoo Security Advisory GLSA 200408-19 (courier-imap)
3223| [54632] Gentoo Security Advisory GLSA 200408-02 (Courier)
3224| [54531] Gentoo Security Advisory GLSA 200403-06 (Courier)
3225| [53589] Debian Security Advisory DSA 247-1 (courier)
3226| [53441] Debian Security Advisory DSA 197-1 (courier)
3227| [53222] Debian Security Advisory DSA 533-1 (courier)
3228| [52431] FreeBSD Ports: courier
3229| [52418] FreeBSD Ports: courier-imap
3230|
3231| SecurityTracker - https://www.securitytracker.com:
3232| [1016248] Courier Mailing List Manager Lets Remote Users Deny Service
3233| [1014798] Courier Mail Server Error in Processing SPF Responses May Let Remote Users Deny Service
3234| [1010982] Courier-IMAP Format String Flaw in auth_debug() Lets Remote Users Execute Arbitrary Code
3235| [1009455] Courier Mail Server 'iso2022jp' and 'shiftjis' Buffer Overflows May Let Remote Users Execute Arbitrary Code
3236| [1006101] Courier Mail Transfer Agent May Let Remote Users Inject and Execute SQL Statements
3237| [1005639] Courier SqWebMail Privilege Dropping Bug Lets Local Users View Files on the System
3238| [1004433] Courier Mail Server Input Validation Bug Lets Remote Users Send Mail Containing Bogus Dates to Cause the Server to Consume Available CPU Resources
3239|
3240| OSVDB - http://www.osvdb.org:
3241| [86050] Courier Authentication Library (courier-authlib) Multiple Unspecified Issues
3242| [63879] Courier MTA localmailfilter Error Message Handling Remote DoS
3243| [59669] e-Courier CMS home/your.asp UserGUID Parameter XSS
3244| [59668] e-Courier CMS home/main-whyregister.asp UserGUID Parameter XSS
3245| [59667] e-Courier CMS home/your-register.asp UserGUID Parameter XSS
3246| [59666] e-Courier CMS home/wizard_oe2.asp UserGUID Parameter XSS
3247| [59665] e-Courier CMS home/Wizard_tracking.asp UserGUID Parameter XSS
3248| [59662] e-Courier CMS home/index.asp UserGUID Parameter XSS
3249| [50872] Pre Courier and Cargo Business dbcourior.mdb Direct Request Database Disclosure
3250| [50811] Courier Authentication Library authpgsqllib.c Unspecified SQL Injection
3251| [48242] Accellion File Transfer Appliance courier/1000@/api_error_email.html Arbitrary Mail Relay
3252| [47516] openSUSE courier-authlib Unspecified SQL Injection
3253| [46049] Courier Authentication Library Username SQL Injection
3254| [35274] Gentoo courier-imap XMAILDIR Variable Remote Command Injection
3255| [31746] Quick.Cart couriers.php config[db_type] Parameter Traversal Local File Inclusion
3256| [26232] Courier Mail Server Crafted Username Encoding DoS
3257| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
3258| [21541] Courier Mail Server courier-authdaemon Deactivated Account Authentication Bypass
3259| [17718] Courier Mail Server DNS SPF Record Lookup Failure Memory Corruption DoS
3260| [14521] Courier sqwebmail Startup Sequence Arbitrary File Access
3261| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
3262| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
3263| [10598] Sun Sunsolve CD Pack sscd_suncourier.pl email Parameter Arbitrary Command Execution
3264| [9506] PostgreSQL Auth Module For Courier User Name Parameter SQL Injection
3265| [9013] Courier-IMAP debug.c auth_debug() Function Remote Format String
3266| [6927] Courier Japanese Codeset shiftjis.c Conversion Overflow
3267| [5857] Linux pop3d Arbitrary Mail File Access
3268| [5052] Double Precision Courier MTA Invalid Year DoS
3269| [4194] Courier Japanese Codeset iso2022jp.c Conversion Overflow
3270| [2471] akpop3d username SQL Injection
3271|_
3272139/tcp closed netbios-ssn
3273443/tcp open ssl/http nginx
3274| vulscan: VulDB - https://vuldb.com:
3275| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
3276| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
3277| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
3278| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
3279| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
3280| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
3281| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
3282| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
3283| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
3284| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
3285| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
3286| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
3287| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
3288| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
3289| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
3290| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
3291| [67677] nginx up to 1.7.3 SSL weak authentication
3292| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
3293| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
3294| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
3295| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
3296| [65364] nginx up to 1.1.13 Default Configuration information disclosure
3297| [8671] nginx up to 1.4 proxy_pass denial of service
3298| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
3299| [7247] nginx 1.2.6 Proxy Function spoofing
3300| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
3301| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
3302| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
3303| [59645] nginx up to 0.8.9 Heap-based memory corruption
3304| [53592] nginx 0.8.36 memory corruption
3305| [53590] nginx up to 0.8.9 unknown vulnerability
3306| [51533] nginx 0.7.64 Terminal privilege escalation
3307| [50905] nginx up to 0.8.9 directory traversal
3308| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
3309| [50043] nginx up to 0.8.10 memory corruption
3310|
3311| MITRE CVE - https://cve.mitre.org:
3312| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
3313| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
3314| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
3315| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
3316| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
3317| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
3318| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
3319| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
3320| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
3321| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
3322| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
3323| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
3324| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
3325|
3326| SecurityFocus - https://www.securityfocus.com/bid/:
3327| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
3328| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
3329| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
3330| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
3331| [82230] nginx Multiple Denial of Service Vulnerabilities
3332| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
3333| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
3334| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
3335| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
3336| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
3337| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
3338| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
3339| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
3340| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
3341| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
3342| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
3343| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
3344| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
3345| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
3346| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3347| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3348| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3349| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3350| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
3351| [40420] nginx Directory Traversal Vulnerability
3352| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3353| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3354| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3355| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3356| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
3357|
3358| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3359| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
3360| [84172] nginx denial of service
3361| [84048] nginx buffer overflow
3362| [83923] nginx ngx_http_close_connection() integer overflow
3363| [83688] nginx null byte code execution
3364| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
3365| [82319] nginx access.log information disclosure
3366| [80952] nginx SSL spoofing
3367| [77244] nginx and Microsoft Windows request security bypass
3368| [76778] Naxsi module for Nginx nx_extract.py directory traversal
3369| [74831] nginx ngx_http_mp4_module.c buffer overflow
3370| [74191] nginx ngx_cpystrn() information disclosure
3371| [74045] nginx header response information disclosure
3372| [71355] nginx ngx_resolver_copy() buffer overflow
3373| [59370] nginx characters denial of service
3374| [59369] nginx DATA source code disclosure
3375| [59047] nginx space source code disclosure
3376| [58966] nginx unspecified directory traversal
3377| [54025] nginx ngx_http_parse.c denial of service
3378| [53431] nginx WebDAV component directory traversal
3379| [53328] Nginx CRC-32 cached domain name spoofing
3380| [53250] Nginx ngx_http_parse_complex_uri() function code execution
3381|
3382| Exploit-DB - https://www.exploit-db.com:
3383| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
3384| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
3385| [25499] nginx 1.3.9-1.4.0 DoS PoC
3386| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
3387| [14830] nginx 0.6.38 - Heap Corruption Exploit
3388| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
3389| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
3390| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
3391| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
3392| [9829] nginx 0.7.61 WebDAV directory traversal
3393|
3394| OpenVAS (Nessus) - http://www.openvas.org:
3395| [864418] Fedora Update for nginx FEDORA-2012-3846
3396| [864310] Fedora Update for nginx FEDORA-2012-6238
3397| [864209] Fedora Update for nginx FEDORA-2012-6411
3398| [864204] Fedora Update for nginx FEDORA-2012-6371
3399| [864121] Fedora Update for nginx FEDORA-2012-4006
3400| [864115] Fedora Update for nginx FEDORA-2012-3991
3401| [864065] Fedora Update for nginx FEDORA-2011-16075
3402| [863654] Fedora Update for nginx FEDORA-2011-16110
3403| [861232] Fedora Update for nginx FEDORA-2007-1158
3404| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
3405| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
3406| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
3407| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
3408| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3409| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3410| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3411| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3412| [100659] nginx Directory Traversal Vulnerability
3413| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
3414| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3415| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3416| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3417| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
3418| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3419| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
3420| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
3421| [71297] FreeBSD Ports: nginx
3422| [71276] FreeBSD Ports: nginx
3423| [71239] Debian Security Advisory DSA 2434-1 (nginx)
3424| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
3425| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
3426| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
3427| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
3428| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
3429| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
3430| [64894] FreeBSD Ports: nginx
3431| [64869] Debian Security Advisory DSA 1884-1 (nginx)
3432|
3433| SecurityTracker - https://www.securitytracker.com:
3434| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
3435| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
3436| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
3437| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
3438|
3439| OSVDB - http://www.osvdb.org:
3440| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
3441| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
3442| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
3443| [92796] nginx ngx_http_close_connection Function Crafted r->
3444| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
3445| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
3446| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
3447| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
3448| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
3449| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
3450| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
3451| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
3452| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
3453| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
3454| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
3455| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
3456| [62617] nginx Internal DNS Cache Poisoning Weakness
3457| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
3458| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
3459| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
3460| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
3461| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
3462| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
3463| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
3464| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
3465| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
3466| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
3467|_
3468445/tcp closed microsoft-ds
3469465/tcp open ssl/smtps?
3470587/tcp open smtp Postfix smtpd
3471| vulscan: VulDB - https://vuldb.com:
3472| [108975] Apple macOS up to 10.13.1 Postfix unknown vulnerability
3473| [98314] PostfixAdmin up to 3.0.1 AliasHandler delete.php gen_show_status denial of service
3474| [71720] Postfix up to 2.3.0 backup.php pacrypt sql injection
3475| [12746] Postfix Admin 2.3.6 functions.inc.php sql injection
3476| [57422] Postfix memory corruption
3477| [56843] Postfix up to 2.7.2 Cleartext weak encryption
3478|
3479| MITRE CVE - https://cve.mitre.org:
3480| [CVE-2013-2852] Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.
3481| [CVE-2011-1720] The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
3482| [CVE-2011-0411] The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
3483| [CVE-2010-0230] SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
3484| [CVE-2009-2939] The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
3485| [CVE-2008-4977] ** DISPUTED ** postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue ... users would have to edit a script under /usr/lib to enable it."
3486| [CVE-2008-3889] Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file.
3487| [CVE-2008-3646] The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users.
3488| [CVE-2008-2937] Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
3489| [CVE-2008-2936] Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.
3490| [CVE-2007-3791] Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from third party information.
3491| [CVE-2006-0213] Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges.
3492| [CVE-2005-1127] Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.
3493| [CVE-2005-0337] Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
3494| [CVE-2004-1113] SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses.
3495| [CVE-2004-1088] Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.
3496| [CVE-2004-0925] Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate.
3497| [CVE-2003-0540] The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.
3498| [CVE-2003-0468] Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.
3499| [CVE-2001-0894] Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large.
3500|
3501| SecurityFocus - https://www.securityfocus.com/bid/:
3502| [96142] PostfixAdmin CVE-2017-5930 Session Management Security Bypass Vulnerability
3503| [90814] Postfix Admin Multiple Cross Site Request Forgery Vulnerabilities
3504| [67250] Postfix Arbitrary Content Security Bypass Vulnerability
3505| [66455] Postfix Admin 'functions.inc.php' SQL Injection Vulnerability
3506| [65184] Fail2ban Postfix Filter Remote Denial of Service Vulnerability
3507| [51680] Postfix Admin Multiple SQL Injection and Cross Site Scripting Vulnerabilities
3508| [47778] Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability
3509| [36469] Debian and Ubuntu Postfix Insecure Temporary File Creation Vulnerability
3510| [31721] Apple Mac OS X 10.5 Postfix Security Bypass Vulnerability
3511| [30977] Postfix 'epoll' Linux Event Handler Local Denial of Service Vulnerability
3512| [30691] Postfix Local Information Disclosure and Local Privilege Escalation Vulnerabilities
3513| [13133] Salim Gasmi GLD Postfix Greylisting Daemon Format String Vulnerability
3514| [13129] Salim Gasmi GLD Postfix Greylisting Daemon Buffer Overflow Vulnerability
3515| [12445] Postfix IPv6 Unauthorized Mail Relay Vulnerability
3516| [11898] SQLgrey Postfix Greylisting Service Unspecified SQL Injection Vulnerability
3517| [11633] SQLgrey Postfix Greylisting Service SQL Injection Vulnerability
3518| [11323] Apple Mac OS X Postfix Release SMTPD AUTH Username Denial Of Service Vulnerability
3519| [8362] Postfix SMTP Malformed E-mail Envelope Address Denial of Service Vulnerability
3520| [8361] Postfix Connection Proxying Vulnerability
3521| [8333] Multiple Postfix Denial of Service Vulnerabilities
3522| [3638] SuSEConfig.postfix chroot Local DoS Attack Vulnerability
3523| [3637] SuSEConfig.postfix chroot File Ownership Vulnerability
3524| [3544] Postfix SMTP Log Denial Of Service Vulnerability
3525| [1428] cyrus With postfix and Procmail Remote Shell Expansion Vulnerabilities
3526|
3527| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3528| [72752] Postfix Admin multiple parameters SQL injection
3529| [72751] PostfixAdmin multiple parameters cross-site scripting
3530| [67359] Postfix Cyrus SASL library in the SMTP server code execution
3531| [55970] SUSE Linux Enterprise postfix security bypass
3532| [53425] Postfix in Debian and Ubuntu pid symlink
3533| [45876] Apple Mac OS X Postfix configuration file weak security
3534| [44865] Postfix file descriptor denial of service
3535| [44461] Postfix email information disclosure
3536| [44460] Postfix symlink code execution
3537| [22655] RHSA-2005:152 updates for postfix not installed
3538| [19218] Postfix IPv6 mail relay
3539| [18435] SQLgrey Postfix greylisting service SQL injection
3540| [18353] Postfix CRAM-MD5 authentication replay attack
3541| [17998] SQLgrey Postfix greylisting service SQL injection
3542| [17595] Apple Mac OS postfix SMTPD AUTH denial of service
3543| [12816] Postfix MAIL FROM or RCPT TO denial of service
3544| [12815] Postfix could be used as a distributed denial of service tool
3545| [7568] Postfix SMTP log denial of service
3546| [4905] Cyrus with postfix and procmail integration could allow remote command execution
3547|
3548| Exploit-DB - https://www.exploit-db.com:
3549| [25392] Salim Gasmi GLD 1.x Postfix Greylisting Daemon Buffer Overflow Vulnerability
3550| [22982] Postfix 1.1.x Denial of Service Vulnerabilities (2)
3551| [22981] Postfix 1.1.x Denial of Service Vulnerabilities (1)
3552| [16841] GLD (Greylisting Daemon) Postfix Buffer Overflow
3553| [10023] Salim Gasmi GLD 1.0 - 1.4 Postfix Greylisting Buffer Overflow
3554| [6472] Postfix < 2.4.9, 2.5.5, 2.6-20080902 - (.forward) Local DoS Exploit
3555| [6337] Postfix <= 2.6-20080814 - (symlink) Local Privilege Escalation Exploit
3556| [934] gld 1.4 (Postfix Greylisting Daemon) Remote Format String Exploit
3557|
3558| OpenVAS (Nessus) - http://www.openvas.org:
3559| [902517] Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability
3560| [881389] CentOS Update for postfix CESA-2011:0422 centos5 x86_64
3561| [881293] CentOS Update for postfix CESA-2011:0843 centos4 x86_64
3562| [881278] CentOS Update for postfix CESA-2011:0422 centos4 x86_64
3563| [881267] CentOS Update for postfix CESA-2011:0843 centos5 x86_64
3564| [880520] CentOS Update for postfix CESA-2011:0422 centos5 i386
3565| [880509] CentOS Update for postfix CESA-2011:0843 centos5 i386
3566| [880488] CentOS Update for postfix CESA-2011:0843 centos4 i386
3567| [880485] CentOS Update for postfix CESA-2011:0422 centos4 i386
3568| [880268] CentOS Update for postfix CESA-2008:0839 centos3 i386
3569| [880023] CentOS Update for postfix CESA-2008:0839 centos3 x86_64
3570| [870658] RedHat Update for postfix RHSA-2011:0423-01
3571| [870440] RedHat Update for postfix RHSA-2011:0843-01
3572| [870418] RedHat Update for postfix RHSA-2011:0422-01
3573| [870021] RedHat Update for postfix RHSA-2008:0839-01
3574| [863100] Fedora Update for postfix FEDORA-2011-6777
3575| [863097] Fedora Update for postfix FEDORA-2011-6771
3576| [862950] Fedora Update for postfix FEDORA-2011-3394
3577| [862938] Fedora Update for postfix FEDORA-2011-3355
3578| [860510] Fedora Update for postfix FEDORA-2008-8593
3579| [860419] Fedora Update for postfix FEDORA-2008-8595
3580| [850126] SuSE Update for postfix SUSE-SA:2010:011
3581| [850031] SuSE Update for postfix SUSE-SA:2008:040
3582| [840658] Ubuntu Update for postfix USN-1131-1
3583| [840648] Ubuntu Update for postfix USN-1113-1
3584| [840227] Ubuntu Update for postfix vulnerabilities USN-642-1
3585| [840190] Ubuntu Update for postfix vulnerability USN-636-1
3586| [831400] Mandriva Update for postfix MDVSA-2011:090 (postfix)
3587| [830713] Mandriva Update for postfix MDVSA-2008:171 (postfix)
3588| [830635] Mandriva Update for postfix MDVSA-2008:190 (postfix)
3589| [830075] Mandriva Update for postfix MDKA-2007:079 (postfix)
3590| [72452] Gentoo Security Advisory GLSA 201209-18 (postfixadmin)
3591| [71559] Gentoo Security Advisory GLSA 201206-33 (Postfix)
3592| [70744] FreeBSD Ports: postfixadmin
3593| [69770] FreeBSD Ports: postfix, postfix-base
3594| [69733] Debian Security Advisory DSA 2233-1 (postfix)
3595| [69363] FreeBSD Ports: postfix, postfix-base
3596| [66394] Mandriva Security Advisory MDVSA-2009:224-1 (postfix)
3597| [65957] SLES10: Security update for Postfix
3598| [65911] SLES10: Security update for Postfix
3599| [65353] SLES9: Security update for Postfix
3600| [65350] SLES9: Security update for postfix
3601| [64696] Mandrake Security Advisory MDVSA-2009:224 (postfix)
3602| [61646] Gentoo Security Advisory GLSA 200809-09 (postfix)
3603| [61445] Gentoo Security Advisory GLSA 200808-12 (postfix)
3604| [61435] Debian Security Advisory DSA 1629-2 (postfix)
3605| [61434] Debian Security Advisory DSA 1629-1 (postfix)
3606| [60836] FreeBSD Ports: postfix-policyd-weight
3607| [58580] Debian Security Advisory DSA 1361-1 (postfix-policyd)
3608| [53833] Debian Security Advisory DSA 093-1 (postfix)
3609| [53652] Debian Security Advisory DSA 363-1 (postfix)
3610|
3611| SecurityTracker - https://www.securitytracker.com:
3612| [1025521] Postfix SASL Authentication Heap Overflow Lets Remote Users Deny Service
3613| [1025179] Postfix Plaintext to TLS Switching Error Lets Remote Users Inject Plaintext Commands
3614| [1020800] Postfix Linux epoll File Descriptor Leak Lets Local Users Deny Service
3615| [1020700] Postfix Symlink Dereference Bug Lets Local Users Gain Elevated Privileges
3616| [1012395] Postfix CRAM-MD5 Replay Attack May Let Remote Users Send Mail
3617| [1011532] Postfix Buffer Error May Prevent Remote Users from Being Able to Authenticate Using SMTPD AUTH
3618| [1007382] Postfix Bounce Messages Let Remote Users Scan for Open Ports on Other Hosts
3619| [1007381] Postfix Address Resolver Parsing Bug Lets Remote Users Hang the System
3620| [1002756] Postfix Mail Server Can Be Crashed By Remote Users Initiating Unsuccessful Sessions
3621|
3622| OSVDB - http://www.osvdb.org:
3623| [94034] Linux Kernel Broadcom B43 Wireless Driver b43_request_firmware Function fwpostfix modprobe Parameter Format String Local Privilege Escalation
3624| [78567] Postfix Admin backup.php Unspecified SQL Injection
3625| [78566] Postfix Admin functions.inc.php pacrypt() Function Unspecified SQL Injection
3626| [78565] Postfix Admin create-domain.php Unspecified SQL Injection
3627| [78564] Postfix Admin Unspecified XSS
3628| [78563] Postfix Admin edit-alias.php Unspecified XSS
3629| [78562] Postfix Admin create-alias.php Unspecified XSS
3630| [78561] Postfix Admin create-domain.php Unspecified XSS
3631| [78560] Postfix Admin templates/edit-vacation.php domain Parameter XSS
3632| [78559] Postfix Admin templates/menu.php domain Parameter XSS
3633| [72259] Postfix SMTP Cyrus SASL Authentication Context Data Reuse Memory Corruption
3634| [71021] Postfix STARTTLS Arbitrary Plaintext Command Injection
3635| [68340] Artica postfix.events.php Unrestricted Access Information Disclosure
3636| [61983] SUSE Linux postfix Network Interface Remote Access Restriction Bypass
3637| [58325] Debian GNU/Linux postfix postfix.postinst Symlink Arbitrary File Overwrite
3638| [49634] Postfix postfix_groups.pl Multiple Temporary File Symlink Arbitrary File Overwrite
3639| [48973] Apple Mac OS X Postfix Network Access Configuration Weakness
3640| [48108] Postfix epoll File Descriptor Leak Local DoS
3641| [47659] Postfix Cross-user Filename Local Mail Interception
3642| [47658] Postfix Hardlink to Symlink Mailspool Arbitrary Content Append
3643| [43888] policyd-weight for Postfix Socket Handling Unspecified Arbitrary File Manipulation
3644| [38091] policyd for Postfix sockets.c read_w() Function SMTP Command Remote Overflow
3645| [22381] Kolab Server Secure SMTP postfix.log Authentication Credential Disclosure
3646| [13470] Postfix IPv6 Patch if_inet6 Failure Arbitrary Mail Relay
3647| [12339] SQLgrey Postfix greylisting service Unspecified SQL Injection
3648| [12200] Apple Mac OS X Postfix CRAM-MD5 Replay Credentials
3649| [11571] SQLgrey Postfix greylisting Email Address SQL Injection
3650| [10545] Postfix Multiple Mail Header SMTP listener DoS
3651| [10544] Postfix Malformed Envelope Address nqmgr DoS
3652| [10500] Apple Mac OS X Postfix SMTPD AUTH Username Overflow DoS
3653| [6551] Postfix Bounce Scan / Packet Amplification DDoS
3654| [1991] Postfix SMTP Log DoS
3655|_
3656993/tcp open ssl/imaps?
36572020/tcp open ssh OpenSSH 7.4 (protocol 2.0)
3658| vulscan: VulDB - https://vuldb.com:
3659| [130671] gsi-openssh-server 7.9p1 on Fedora /etc/gsissh/sshd_config weak authentication
3660| [130371] OpenSSH 7.9 scp Man-in-the-Middle directory traversal
3661| [130370] OpenSSH 7.9 Man-in-the-Middle spoofing
3662| [130369] OpenSSH 7.9 Encoding progressmeter.c refresh_progress_meter() spoofing
3663| [129007] OpenSSH 7.9 scp Client scp.c Filename privilege escalation
3664| [123343] OpenSSH up to 7.8 GSS2 auth-gss2.c information disclosure
3665| [123011] OpenSSH up to 7.7 auth2-gss.c Request information disclosure
3666| [112267] OpenSSH up to 7.3 sshd kex.c/packet.c NEWKEYS Message denial of service
3667| [108627] OpenSSH up to 7.5 Readonly Mode sftp-server.c process_open unknown vulnerability
3668| [94611] OpenSSH up to 7.3 Access Control privilege escalation
3669| [94610] OpenSSH up to 7.3 Shared Memory Manager privilege escalation
3670| [94608] OpenSSH up to 7.3 Unix-Domain Socket privilege escalation
3671| [94607] OpenSSH up to 7.3 Forwarded Agent Channel privilege escalation
3672| [90671] OpenSSH up to 7.2 auth-passwd.c auth_password denial of service
3673| [90405] OpenSSH up to 7.2p2 sshd information disclosure
3674| [90404] OpenSSH up to 7.2p2 sshd information disclosure
3675| [90403] OpenSSH up to 7.2p2 sshd CPU Exhaustion denial of service
3676| [89622] OpenSSH 7.2p2 Authentication Username information disclosure
3677| [81320] OpenSSH up to 7.2p1 X11 Authentication Credential xauth privilege escalation
3678| [80656] OpenBSD OpenSSH 7.1 X11 Forwarding privilege escalation
3679| [80330] OpenSSH up to 7.1p1 packet.c ssh_packet_read_poll2 memory corruption
3680|
3681| MITRE CVE - https://cve.mitre.org:
3682| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
3683| [CVE-1999-0661] A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.
3684|
3685| SecurityFocus - https://www.securityfocus.com/bid/:
3686| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
3687| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
3688| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
3689| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
3690| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
3691| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
3692| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
3693| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
3694| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
3695| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
3696| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
3697| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
3698| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
3699| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
3700| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
3701| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
3702| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
3703| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
3704| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
3705| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
3706| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
3707| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
3708| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
3709| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
3710| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
3711| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
3712| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
3713| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
3714| [75990] OpenSSH Login Handling Security Bypass Weakness
3715| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
3716| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
3717| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
3718| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
3719| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
3720| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
3721| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
3722| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
3723| [61286] OpenSSH Remote Denial of Service Vulnerability
3724| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
3725| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
3726| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
3727| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
3728| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
3729| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
3730| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
3731| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
3732| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
3733| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
3734| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
3735| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
3736| [30794] Red Hat OpenSSH Backdoor Vulnerability
3737| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
3738| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
3739| [28531] OpenSSH ForceCommand Command Execution Weakness
3740| [28444] OpenSSH X Connections Session Hijacking Vulnerability
3741| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
3742| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
3743| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
3744| [20956] OpenSSH Privilege Separation Key Signature Weakness
3745| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
3746| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
3747| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
3748| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
3749| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
3750| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
3751| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
3752| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
3753| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
3754| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
3755| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
3756| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
3757| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
3758| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
3759| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
3760| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
3761| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
3762| [6168] OpenSSH Visible Password Vulnerability
3763| [5374] OpenSSH Trojan Horse Vulnerability
3764| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
3765| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
3766| [4241] OpenSSH Channel Code Off-By-One Vulnerability
3767| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
3768| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
3769| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
3770| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
3771| [2917] OpenSSH PAM Session Evasion Vulnerability
3772| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
3773| [2356] OpenSSH Private Key Authentication Check Vulnerability
3774| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
3775| [1334] OpenSSH UseLogin Vulnerability
3776|
3777| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3778| [83258] GSI-OpenSSH auth-pam.c security bypass
3779| [82781] OpenSSH time limit denial of service
3780| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
3781| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
3782| [72756] Debian openssh-server commands information disclosure
3783| [68339] OpenSSH pam_thread buffer overflow
3784| [67264] OpenSSH ssh-keysign unauthorized access
3785| [65910] OpenSSH remote_glob function denial of service
3786| [65163] OpenSSH certificate information disclosure
3787| [64387] OpenSSH J-PAKE security bypass
3788| [63337] Cisco Unified Videoconferencing OpenSSH weak security
3789| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
3790| [45202] OpenSSH signal handler denial of service
3791| [44747] RHEL OpenSSH backdoor
3792| [44280] OpenSSH PermitRootLogin information disclosure
3793| [44279] OpenSSH sshd weak security
3794| [44037] OpenSSH sshd SELinux role unauthorized access
3795| [43940] OpenSSH X11 forwarding information disclosure
3796| [41549] OpenSSH ForceCommand directive security bypass
3797| [41438] OpenSSH sshd session hijacking
3798| [40897] OpenSSH known_hosts weak security
3799| [40587] OpenSSH username weak security
3800| [37371] OpenSSH username data manipulation
3801| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
3802| [37112] RHSA update for OpenSSH signal handler race condition not installed
3803| [37107] RHSA update for OpenSSH identical block denial of service not installed
3804| [36637] OpenSSH X11 cookie privilege escalation
3805| [35167] OpenSSH packet.c newkeys[mode] denial of service
3806| [34490] OpenSSH OPIE information disclosure
3807| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
3808| [32975] Apple Mac OS X OpenSSH denial of service
3809| [32387] RHSA-2006:0738 updates for openssh not installed
3810| [32359] RHSA-2006:0697 updates for openssh not installed
3811| [32230] RHSA-2006:0298 updates for openssh not installed
3812| [32132] RHSA-2006:0044 updates for openssh not installed
3813| [30120] OpenSSH privilege separation monitor authentication verification weakness
3814| [29255] OpenSSH GSSAPI user enumeration
3815| [29254] OpenSSH signal handler race condition
3816| [29158] OpenSSH identical block denial of service
3817| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
3818| [25116] OpenSSH OpenPAM denial of service
3819| [24305] OpenSSH SCP shell expansion command execution
3820| [22665] RHSA-2005:106 updates for openssh not installed
3821| [22117] OpenSSH GSSAPI allows elevated privileges
3822| [22115] OpenSSH GatewayPorts security bypass
3823| [20930] OpenSSH sshd.c LoginGraceTime denial of service
3824| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
3825| [17213] OpenSSH allows port bouncing attacks
3826| [16323] OpenSSH scp file overwrite
3827| [13797] OpenSSH PAM information leak
3828| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
3829| [13264] OpenSSH PAM code could allow an attacker to gain access
3830| [13215] OpenSSH buffer management errors could allow an attacker to execute code
3831| [13214] OpenSSH memory vulnerabilities
3832| [13191] OpenSSH large packet buffer overflow
3833| [12196] OpenSSH could allow an attacker to bypass login restrictions
3834| [11970] OpenSSH could allow an attacker to obtain valid administrative account
3835| [11902] OpenSSH PAM support enabled information leak
3836| [9803] OpenSSH "
3837| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
3838| [9307] OpenSSH is running on the system
3839| [9169] OpenSSH "
3840| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
3841| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
3842| [8383] OpenSSH off-by-one error in channel code
3843| [7647] OpenSSH UseLogin option arbitrary code execution
3844| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
3845| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
3846| [7179] OpenSSH source IP access control bypass
3847| [6757] OpenSSH "
3848| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
3849| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
3850| [5517] OpenSSH allows unauthorized access to resources
3851| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
3852|
3853| Exploit-DB - https://www.exploit-db.com:
3854| [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
3855| [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
3856| [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
3857| [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability
3858| [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability
3859| [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
3860| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
3861| [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)
3862| [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
3863| [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit
3864| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
3865| [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x
3866| [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
3867| [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool
3868|
3869| OpenVAS (Nessus) - http://www.openvas.org:
3870| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
3871| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
3872| [881183] CentOS Update for openssh CESA-2012:0884 centos6
3873| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
3874| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
3875| [870763] RedHat Update for openssh RHSA-2012:0884-04
3876| [870129] RedHat Update for openssh RHSA-2008:0855-01
3877| [861813] Fedora Update for openssh FEDORA-2010-5429
3878| [861319] Fedora Update for openssh FEDORA-2007-395
3879| [861170] Fedora Update for openssh FEDORA-2007-394
3880| [861012] Fedora Update for openssh FEDORA-2007-715
3881| [840345] Ubuntu Update for openssh vulnerability USN-597-1
3882| [840300] Ubuntu Update for openssh update USN-612-5
3883| [840271] Ubuntu Update for openssh vulnerability USN-612-2
3884| [840268] Ubuntu Update for openssh update USN-612-7
3885| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
3886| [840214] Ubuntu Update for openssh vulnerability USN-566-1
3887| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
3888| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
3889| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
3890| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
3891| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
3892| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
3893| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
3894| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
3895| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
3896| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
3897| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
3898| [100584] OpenSSH X Connections Session Hijacking Vulnerability
3899| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
3900| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
3901| [65987] SLES10: Security update for OpenSSH
3902| [65819] SLES10: Security update for OpenSSH
3903| [65514] SLES9: Security update for OpenSSH
3904| [65513] SLES9: Security update for OpenSSH
3905| [65334] SLES9: Security update for OpenSSH
3906| [65248] SLES9: Security update for OpenSSH
3907| [65218] SLES9: Security update for OpenSSH
3908| [65169] SLES9: Security update for openssh,openssh-askpass
3909| [65126] SLES9: Security update for OpenSSH
3910| [65019] SLES9: Security update for OpenSSH
3911| [65015] SLES9: Security update for OpenSSH
3912| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
3913| [61639] Debian Security Advisory DSA 1638-1 (openssh)
3914| [61030] Debian Security Advisory DSA 1576-2 (openssh)
3915| [61029] Debian Security Advisory DSA 1576-1 (openssh)
3916| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
3917| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
3918| [60667] Slackware Advisory SSA:2008-095-01 openssh
3919| [59014] Slackware Advisory SSA:2007-255-01 openssh
3920| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
3921| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
3922| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
3923| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
3924| [57492] Slackware Advisory SSA:2006-272-02 openssh
3925| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
3926| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
3927| [57470] FreeBSD Ports: openssh
3928| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
3929| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
3930| [56294] Slackware Advisory SSA:2006-045-06 openssh
3931| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
3932| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
3933| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
3934| [53788] Debian Security Advisory DSA 025-1 (openssh)
3935| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
3936| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
3937| [11343] OpenSSH Client Unauthorized Remote Forwarding
3938| [10954] OpenSSH AFS/Kerberos ticket/token passing
3939| [10883] OpenSSH Channel Code Off by 1
3940| [10823] OpenSSH UseLogin Environment Variables
3941|
3942| SecurityTracker - https://www.securitytracker.com:
3943| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
3944| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
3945| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
3946| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
3947| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
3948| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
3949| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
3950| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
3951| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
3952| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
3953| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
3954| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
3955| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
3956| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
3957| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
3958| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
3959| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
3960| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
3961| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
3962| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
3963| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
3964| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
3965| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
3966| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
3967| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
3968| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
3969| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
3970| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
3971| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
3972| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
3973| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
3974| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
3975| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
3976| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
3977| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
3978| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
3979| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
3980| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
3981|
3982| OSVDB - http://www.osvdb.org:
3983| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
3984| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
3985| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
3986| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
3987| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
3988| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
3989| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
3990| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
3991| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
3992| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
3993| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
3994| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
3995| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
3996| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
3997| [56921] OpenSSH Unspecified Remote Compromise
3998| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
3999| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
4000| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
4001| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
4002| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
4003| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
4004| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
4005| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
4006| [43745] OpenSSH X11 Forwarding Local Session Hijacking
4007| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
4008| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
4009| [37315] pam_usb OpenSSH Authentication Unspecified Issue
4010| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
4011| [34601] OPIE w/ OpenSSH Account Enumeration
4012| [34600] OpenSSH S/KEY Authentication Account Enumeration
4013| [32721] OpenSSH Username Password Complexity Account Enumeration
4014| [30232] OpenSSH Privilege Separation Monitor Weakness
4015| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
4016| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
4017| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
4018| [29152] OpenSSH Identical Block Packet DoS
4019| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
4020| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
4021| [22692] OpenSSH scp Command Line Filename Processing Command Injection
4022| [20216] OpenSSH with KerberosV Remote Authentication Bypass
4023| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
4024| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
4025| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
4026| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
4027| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
4028| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
4029| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
4030| [6601] OpenSSH *realloc() Unspecified Memory Errors
4031| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
4032| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
4033| [6072] OpenSSH PAM Conversation Function Stack Modification
4034| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
4035| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
4036| [5408] OpenSSH echo simulation Information Disclosure
4037| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
4038| [4536] OpenSSH Portable AIX linker Privilege Escalation
4039| [3938] OpenSSL and OpenSSH /dev/random Check Failure
4040| [3456] OpenSSH buffer_append_space() Heap Corruption
4041| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
4042| [2140] OpenSSH w/ PAM Username Validity Timing Attack
4043| [2112] OpenSSH Reverse DNS Lookup Bypass
4044| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
4045| [1853] OpenSSH Symbolic Link 'cookies' File Removal
4046| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
4047| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
4048| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
4049| [688] OpenSSH UseLogin Environment Variable Local Command Execution
4050| [642] OpenSSH Multiple Key Type ACL Bypass
4051| [504] OpenSSH SSHv2 Public Key Authentication Bypass
4052| [341] OpenSSH UseLogin Local Privilege Escalation
4053|_
40548443/tcp open ssl/http sw-cp-server httpd (Plesk Onyx 17.8.11)
4055|_http-server-header: sw-cp-server
4056| vulscan: VulDB - https://vuldb.com:
4057| No findings
4058|
4059| MITRE CVE - https://cve.mitre.org:
4060| No findings
4061|
4062| SecurityFocus - https://www.securityfocus.com/bid/:
4063| No findings
4064|
4065| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4066| No findings
4067|
4068| Exploit-DB - https://www.exploit-db.com:
4069| No findings
4070|
4071| OpenVAS (Nessus) - http://www.openvas.org:
4072| No findings
4073|
4074| SecurityTracker - https://www.securitytracker.com:
4075| No findings
4076|
4077| OSVDB - http://www.osvdb.org:
4078| No findings
4079|_
4080Service Info: Hosts: localhost.localdomain, mail.outhouse-media.co.uk
4081######################################################################################################################################
4082[+] URL: https://www.owlertonstadium.co.uk/
4083[+] Started: Sun Jan 5 01:42:47 2020
4084
4085Interesting Finding(s):
4086
4087[+] https://www.owlertonstadium.co.uk/
4088 | Interesting Entries:
4089 | - Server: nginx
4090 | - X-Powered-By: PHP/7.0.33, PleskLin
4091 | Found By: Headers (Passive Detection)
4092 | Confidence: 100%
4093
4094[+] https://www.owlertonstadium.co.uk/xmlrpc.php
4095 | Found By: Link Tag (Passive Detection)
4096 | Confidence: 100%
4097 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
4098 | References:
4099 | - http://codex.wordpress.org/XML-RPC_Pingback_API
4100 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
4101 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
4102 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
4103 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
4104
4105[+] WordPress version 5.3.2 identified (Latest, released on 2019-12-18).
4106 | Found By: Rss Generator (Passive Detection)
4107 | - https://www.owlertonstadium.co.uk/feed/, <generator>https://wordpress.org/?v=5.3.2</generator>
4108 | Confirmed By: Meta Generator (Passive Detection)
4109 | - https://www.owlertonstadium.co.uk/, Match: 'WordPress 5.3.2'
4110
4111[+] WordPress theme in use: genesisexpo
4112 | Location: https://www.owlertonstadium.co.uk/wp-content/themes/genesisexpo/
4113 | Readme: https://www.owlertonstadium.co.uk/wp-content/themes/genesisexpo/readme.txt
4114 | Style URL: https://www.owlertonstadium.co.uk/wp-content/themes/genesisexpo/style.css
4115 | Style Name: GenesisExpo
4116 | Style URI: http://genesisexpo.webgeniuslab.net/
4117 | Description: WebGeniusLab team presents absolutely fresh and powerful WordPress theme. It combines new technologi...
4118 | Author: WebGeniusLab
4119 | Author URI: http://webgeniuslab.net/
4120 |
4121 | Found By: Css Style In Homepage (Passive Detection)
4122 | Confirmed By:
4123 | Urls In Homepage (Passive Detection)
4124 | Urls In 404 Page (Passive Detection)
4125 |
4126 | Version: 1.2.3 (80% confidence)
4127 | Found By: Style (Passive Detection)
4128 | - https://www.owlertonstadium.co.uk/wp-content/themes/genesisexpo/style.css, Match: 'Version: 1.2.3'
4129
4130[+] Enumerating All Plugins (via Passive Methods)
4131[+] Checking Plugin Versions (via Passive and Aggressive Methods)
4132
4133[i] Plugin(s) Identified:
4134
4135[+] calendarize-it
4136 | Location: https://www.owlertonstadium.co.uk/wp-content/plugins/calendarize-it/
4137 |
4138 | Found By: Urls In Homepage (Passive Detection)
4139 | Confirmed By: Urls In 404 Page (Passive Detection)
4140 |
4141 | Version: 4.9.2.94702 (80% confidence)
4142 | Found By: Readme - Stable Tag (Aggressive Detection)
4143 | - https://www.owlertonstadium.co.uk/wp-content/plugins/calendarize-it/readme.txt
4144
4145[+] contact-form-7
4146 | Location: https://www.owlertonstadium.co.uk/wp-content/plugins/contact-form-7/
4147 | Latest Version: 5.1.6 (up to date)
4148 | Last Updated: 2019-11-30T13:01:00.000Z
4149 |
4150 | Found By: Urls In Homepage (Passive Detection)
4151 | Confirmed By: Urls In 404 Page (Passive Detection)
4152 |
4153 | Version: 5.1.6 (100% confidence)
4154 | Found By: Query Parameter (Passive Detection)
4155 | - https://www.owlertonstadium.co.uk/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.6
4156 | - https://www.owlertonstadium.co.uk/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.6
4157 | Confirmed By:
4158 | Readme - Stable Tag (Aggressive Detection)
4159 | - https://www.owlertonstadium.co.uk/wp-content/plugins/contact-form-7/readme.txt
4160 | Readme - ChangeLog Section (Aggressive Detection)
4161 | - https://www.owlertonstadium.co.uk/wp-content/plugins/contact-form-7/readme.txt
4162
4163[+] genesisexpo-core
4164 | Location: https://www.owlertonstadium.co.uk/wp-content/plugins/genesisexpo-core/
4165 |
4166 | Found By: Urls In Homepage (Passive Detection)
4167 | Confirmed By: Urls In 404 Page (Passive Detection)
4168 |
4169 | Version: 4.3 (80% confidence)
4170 | Found By: Readme - Stable Tag (Aggressive Detection)
4171 | - https://www.owlertonstadium.co.uk/wp-content/plugins/genesisexpo-core/README.txt
4172
4173[+] google-analytics-for-wordpress
4174 | Location: https://www.owlertonstadium.co.uk/wp-content/plugins/google-analytics-for-wordpress/
4175 | Last Updated: 2019-12-19T20:31:00.000Z
4176 | [!] The version is out of date, the latest version is 7.10.2
4177 |
4178 | Found By: Urls In 404 Page (Passive Detection)
4179 | Confirmed By: Monster Insights Comment (Passive Detection)
4180 |
4181 | Version: 7.10.1 (100% confidence)
4182 | Found By: Monster Insights Comment (Passive Detection)
4183 | - https://www.owlertonstadium.co.uk/4ae54f5.html, Match: 'Google Analytics by MonsterInsights plugin v7.10.1 -'
4184 | Confirmed By:
4185 | Query Parameter (Passive Detection)
4186 | - https://www.owlertonstadium.co.uk/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend.min.js?ver=7.10.1
4187 | Readme - Stable Tag (Aggressive Detection)
4188 | - https://www.owlertonstadium.co.uk/wp-content/plugins/google-analytics-for-wordpress/readme.txt
4189
4190[+] gravityforms
4191 | Location: https://www.owlertonstadium.co.uk/wp-content/plugins/gravityforms/
4192 |
4193 | Found By: Urls In Homepage (Passive Detection)
4194 | Confirmed By: Urls In 404 Page (Passive Detection)
4195 |
4196 | Version: 2.3.2 (100% confidence)
4197 | Found By: Query Parameter (Passive Detection)
4198 | - https://www.owlertonstadium.co.uk/wp-content/plugins/gravityforms/css/formreset.min.css?ver=2.3.2
4199 | - https://www.owlertonstadium.co.uk/wp-content/plugins/gravityforms/css/formsmain.min.css?ver=2.3.2
4200 | - https://www.owlertonstadium.co.uk/wp-content/plugins/gravityforms/css/readyclass.min.css?ver=2.3.2
4201 | - https://www.owlertonstadium.co.uk/wp-content/plugins/gravityforms/css/browsers.min.css?ver=2.3.2
4202 | - https://www.owlertonstadium.co.uk/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.3.2
4203 | Confirmed By: Change Log (Aggressive Detection)
4204 | - https://www.owlertonstadium.co.uk/wp-content/plugins/gravityforms/change_log.txt, Match: 'Version 2.3.2'
4205
4206[+] js_composer
4207 | Location: https://www.owlertonstadium.co.uk/wp-content/plugins/js_composer/
4208 |
4209 | Found By: Urls In Homepage (Passive Detection)
4210 | Confirmed By:
4211 | Urls In 404 Page (Passive Detection)
4212 | Body Tag (Passive Detection)
4213 |
4214 | Version: 6.0.3 (80% confidence)
4215 | Found By: Body Tag (Passive Detection)
4216 | - https://www.owlertonstadium.co.uk/, Match: 'js-comp-ver-6.0.3'
4217 | Confirmed By: Query Parameter (Passive Detection)
4218 | - https://www.owlertonstadium.co.uk/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.0.3
4219 | - https://www.owlertonstadium.co.uk/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.0.3
4220
4221[+] revslider
4222 | Location: https://www.owlertonstadium.co.uk/wp-content/plugins/revslider/
4223 |
4224 | Found By: Urls In Homepage (Passive Detection)
4225 | Confirmed By:
4226 | Urls In 404 Page (Passive Detection)
4227 | Meta Generator (Passive Detection)
4228 |
4229 | Version: 6.0.4 (100% confidence)
4230 | Found By: Meta Generator (Passive Detection)
4231 | - https://www.owlertonstadium.co.uk/, Match: 'Powered by Slider Revolution 6.0.4'
4232 | Confirmed By: Release Log (Aggressive Detection)
4233 | - https://www.owlertonstadium.co.uk/wp-content/plugins/revslider/release_log.html, Match: 'Version 6.0.4 (13th July 2019)'
4234
4235[+] wordpress-seo
4236 | Location: https://www.owlertonstadium.co.uk/wp-content/plugins/wordpress-seo/
4237 | Latest Version: 12.7.1 (up to date)
4238 | Last Updated: 2019-12-12T08:32:00.000Z
4239 |
4240 | Found By: Comment (Passive Detection)
4241 |
4242 | Version: 12.7.1 (100% confidence)
4243 | Found By: Comment (Passive Detection)
4244 | - https://www.owlertonstadium.co.uk/4ae54f5.html, Match: 'optimized with the Yoast SEO plugin v12.7.1 -'
4245 | Confirmed By:
4246 | Readme - Stable Tag (Aggressive Detection)
4247 | - https://www.owlertonstadium.co.uk/wp-content/plugins/wordpress-seo/readme.txt
4248 | Readme - ChangeLog Section (Aggressive Detection)
4249 | - https://www.owlertonstadium.co.uk/wp-content/plugins/wordpress-seo/readme.txt
4250
4251[+] wp-google-maps
4252 | Location: https://www.owlertonstadium.co.uk/wp-content/plugins/wp-google-maps/
4253 | Last Updated: 2020-01-02T09:17:00.000Z
4254 | [!] The version is out of date, the latest version is 8.0.12
4255 |
4256 | Found By: Urls In 404 Page (Passive Detection)
4257 |
4258 | Version: 7.21.23 (50% confidence)
4259 | Found By: Readme - ChangeLog Section (Aggressive Detection)
4260 | - https://www.owlertonstadium.co.uk/wp-content/plugins/wp-google-maps/readme.txt
4261
4262[+] wp-rocket
4263 | Location: https://www.owlertonstadium.co.uk/wp-content/plugins/wp-rocket/
4264 |
4265 | Found By: Comment (Passive Detection)
4266 |
4267 | Version: 3.4 (60% confidence)
4268 | Found By: Translation File (Aggressive Detection)
4269 | - https://www.owlertonstadium.co.uk/wp-content/plugins/wp-rocket/languages/rocket.pot, Match: 'Project-Id-Version: WP Rocket 3.4'
4270
4271[+] wp-smushit
4272 | Location: https://www.owlertonstadium.co.uk/wp-content/plugins/wp-smushit/
4273 | Latest Version: 3.3.2 (up to date)
4274 | Last Updated: 2019-12-13T17:31:00.000Z
4275 |
4276 | Found By: Urls In 404 Page (Passive Detection)
4277 |
4278 | Version: 3.3.2 (100% confidence)
4279 | Found By: Readme - Stable Tag (Aggressive Detection)
4280 | - https://www.owlertonstadium.co.uk/wp-content/plugins/wp-smushit/readme.txt
4281 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
4282 | - https://www.owlertonstadium.co.uk/wp-content/plugins/wp-smushit/readme.txt
4283
4284[+] Enumerating Config Backups (via Passive and Aggressive Methods)
4285 Checking Config Backups - Time: 00:00:04 <=============> (21 / 21) 100.00% Time: 00:00:04
4286
4287[i] No Config Backups Found.
4288
4289[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
4290[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
4291
4292[+] Finished: Sun Jan 5 01:43:25 2020
4293[+] Requests Done: 89
4294[+] Cached Requests: 7
4295[+] Data Sent: 20.072 KB
4296[+] Data Received: 2.042 MB
4297[+] Memory used: 173.185 MB
4298[+] Elapsed time: 00:00:38
4299#######################################################################################################################################
4300[+] URL: https://www.owlertonstadium.co.uk/
4301[+] Started: Sun Jan 5 01:42:54 2020
4302
4303Interesting Finding(s):
4304
4305[+] https://www.owlertonstadium.co.uk/
4306 | Interesting Entries:
4307 | - Server: nginx
4308 | - X-Powered-By: PHP/7.0.33, PleskLin
4309 | Found By: Headers (Passive Detection)
4310 | Confidence: 100%
4311
4312[+] https://www.owlertonstadium.co.uk/xmlrpc.php
4313 | Found By: Link Tag (Passive Detection)
4314 | Confidence: 100%
4315 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
4316 | References:
4317 | - http://codex.wordpress.org/XML-RPC_Pingback_API
4318 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
4319 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
4320 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
4321 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
4322
4323[+] WordPress version 5.3.2 identified (Latest, released on 2019-12-18).
4324 | Found By: Rss Generator (Passive Detection)
4325 | - https://www.owlertonstadium.co.uk/feed/, <generator>https://wordpress.org/?v=5.3.2</generator>
4326 | Confirmed By: Meta Generator (Passive Detection)
4327 | - https://www.owlertonstadium.co.uk/, Match: 'WordPress 5.3.2'
4328
4329[+] WordPress theme in use: genesisexpo
4330 | Location: https://www.owlertonstadium.co.uk/wp-content/themes/genesisexpo/
4331 | Readme: https://www.owlertonstadium.co.uk/wp-content/themes/genesisexpo/readme.txt
4332 | Style URL: https://www.owlertonstadium.co.uk/wp-content/themes/genesisexpo/style.css
4333 | Style Name: GenesisExpo
4334 | Style URI: http://genesisexpo.webgeniuslab.net/
4335 | Description: WebGeniusLab team presents absolutely fresh and powerful WordPress theme. It combines new technologi...
4336 | Author: WebGeniusLab
4337 | Author URI: http://webgeniuslab.net/
4338 |
4339 | Found By: Css Style In Homepage (Passive Detection)
4340 | Confirmed By:
4341 | Urls In Homepage (Passive Detection)
4342 | Urls In 404 Page (Passive Detection)
4343 |
4344 | Version: 1.2.3 (80% confidence)
4345 | Found By: Style (Passive Detection)
4346 | - https://www.owlertonstadium.co.uk/wp-content/themes/genesisexpo/style.css, Match: 'Version: 1.2.3'
4347
4348[+] Enumerating Users (via Passive and Aggressive Methods)
4349 Brute Forcing Author IDs - Time: 00:00:06 <==> (10 / 10) 100.00% Time: 00:00:06
4350
4351[i] User(s) Identified:
4352
4353[+] Guy
4354 | Found By: Rss Generator (Passive Detection)
4355
4356[+] owler
4357 | Found By: Rss Generator (Passive Detection)
4358 | Confirmed By: Wp Json Api (Aggressive Detection)
4359 | - https://www.owlertonstadium.co.uk/wp-json/wp/v2/users/?per_page=100&page=1
4360
4361[+] admin
4362 | Found By: Rss Generator (Passive Detection)
4363 | Confirmed By: Wp Json Api (Aggressive Detection)
4364 | - https://www.owlertonstadium.co.uk/wp-json/wp/v2/users/?per_page=100&page=1
4365
4366[+] seocopilot
4367 | Found By: Wp Json Api (Aggressive Detection)
4368 | - https://www.owlertonstadium.co.uk/wp-json/wp/v2/users/?per_page=100&page=1
4369
4370[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
4371[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
4372
4373[+] Finished: Sun Jan 5 01:43:20 2020
4374[+] Requests Done: 36
4375[+] Cached Requests: 25
4376[+] Data Sent: 8.317 KB
4377[+] Data Received: 2.245 MB
4378[+] Memory used: 151.494 MB
4379[+] Elapsed time: 00:00:26
4380######################################################################################################################################
4381[+] URL: https://www.owlertonstadium.co.uk/
4382[+] Started: Sun Jan 5 01:45:13 2020
4383
4384Interesting Finding(s):
4385
4386[+] https://www.owlertonstadium.co.uk/
4387 | Interesting Entries:
4388 | - Server: nginx
4389 | - X-Powered-By: PHP/7.0.33, PleskLin
4390 | Found By: Headers (Passive Detection)
4391 | Confidence: 100%
4392
4393[+] https://www.owlertonstadium.co.uk/xmlrpc.php
4394 | Found By: Link Tag (Passive Detection)
4395 | Confidence: 100%
4396 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
4397 | References:
4398 | - http://codex.wordpress.org/XML-RPC_Pingback_API
4399 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
4400 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
4401 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
4402 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
4403
4404[+] WordPress version 5.3.2 identified (Latest, released on 2019-12-18).
4405 | Found By: Rss Generator (Passive Detection)
4406 | - https://www.owlertonstadium.co.uk/feed/, <generator>https://wordpress.org/?v=5.3.2</generator>
4407 | Confirmed By: Meta Generator (Passive Detection)
4408 | - https://www.owlertonstadium.co.uk/, Match: 'WordPress 5.3.2'
4409
4410[+] WordPress theme in use: genesisexpo
4411 | Location: https://www.owlertonstadium.co.uk/wp-content/themes/genesisexpo/
4412 | Readme: https://www.owlertonstadium.co.uk/wp-content/themes/genesisexpo/readme.txt
4413 | Style URL: https://www.owlertonstadium.co.uk/wp-content/themes/genesisexpo/style.css
4414 | Style Name: GenesisExpo
4415 | Style URI: http://genesisexpo.webgeniuslab.net/
4416 | Description: WebGeniusLab team presents absolutely fresh and powerful WordPress theme. It combines new technologi...
4417 | Author: WebGeniusLab
4418 | Author URI: http://webgeniuslab.net/
4419 |
4420 | Found By: Css Style In Homepage (Passive Detection)
4421 | Confirmed By:
4422 | Urls In Homepage (Passive Detection)
4423 | Urls In 404 Page (Passive Detection)
4424 |
4425 | Version: 1.2.3 (80% confidence)
4426 | Found By: Style (Passive Detection)
4427 | - https://www.owlertonstadium.co.uk/wp-content/themes/genesisexpo/style.css, Match: 'Version: 1.2.3'
4428
4429[+] Enumerating Users (via Passive and Aggressive Methods)
4430 Brute Forcing Author IDs - Time: 00:00:03 <============> (10 / 10) 100.00% Time: 00:00:03
4431
4432[i] User(s) Identified:
4433
4434[+] Guy
4435 | Found By: Rss Generator (Passive Detection)
4436
4437[+] owler
4438 | Found By: Rss Generator (Passive Detection)
4439 | Confirmed By: Wp Json Api (Aggressive Detection)
4440 | - https://www.owlertonstadium.co.uk/wp-json/wp/v2/users/?per_page=100&page=1
4441
4442[+] admin
4443 | Found By: Rss Generator (Passive Detection)
4444 | Confirmed By: Wp Json Api (Aggressive Detection)
4445 | - https://www.owlertonstadium.co.uk/wp-json/wp/v2/users/?per_page=100&page=1
4446
4447[+] seocopilot
4448 | Found By: Wp Json Api (Aggressive Detection)
4449 | - https://www.owlertonstadium.co.uk/wp-json/wp/v2/users/?per_page=100&page=1
4450
4451[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
4452[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
4453
4454[+] Finished: Sun Jan 5 01:45:24 2020
4455[+] Requests Done: 14
4456[+] Cached Requests: 47
4457[+] Data Sent: 2.919 KB
4458[+] Data Received: 240.109 KB
4459[+] Memory used: 149.919 MB
4460[+] Elapsed time: 00:00:10
4461#######################################################################################################################################
4462[INFO] ------TARGET info------
4463[*] TARGET: https://www.owlertonstadium.co.uk/
4464[*] TARGET IP: 194.39.164.140
4465[INFO] NO load balancer detected for www.owlertonstadium.co.uk...
4466[*] DNS servers: owlertonstadium.co.uk.
4467[*] TARGET server: nginx
4468[*] CC: GB
4469[*] Country: United Kingdom
4470[*] RegionCode: ENG
4471[*] RegionName: England
4472[*] City: London
4473[*] ASN: AS61323
4474[*] BGP_PREFIX: 194.39.164.0/22
4475[*] ISP: SECARMA UKFAST.NET LIMITED, GB
4476[INFO] SSL/HTTPS certificate detected
4477[*] Issuer: issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
4478[*] Subject: subject=CN = owlertonstadium.co.uk
4479[ALERT] Let's Encrypt is commonly used for Phishing
4480[INFO] DNS enumeration:
4481[*] ad.owlertonstadium.co.uk 46.183.13.53
4482[*] admin.owlertonstadium.co.uk 46.183.13.53
4483[*] ads.owlertonstadium.co.uk 46.183.13.53
4484[*] alpha.owlertonstadium.co.uk 46.183.13.53
4485[*] api.owlertonstadium.co.uk 46.183.13.53
4486[*] api-online.owlertonstadium.co.uk 46.183.13.53
4487[*] apolo.owlertonstadium.co.uk 46.183.13.53
4488[*] app.owlertonstadium.co.uk 178.238.139.19
4489[*] beta.owlertonstadium.co.uk 46.183.13.53
4490[*] bi.owlertonstadium.co.uk 46.183.13.53
4491[*] blog.owlertonstadium.co.uk 46.183.13.53
4492[*] cdn.owlertonstadium.co.uk 46.183.13.53
4493[*] events.owlertonstadium.co.uk 46.183.13.53
4494[*] ex.owlertonstadium.co.uk 46.183.13.53
4495[*] files.owlertonstadium.co.uk 46.183.13.53
4496[*] ftp.owlertonstadium.co.uk owlertonstadium.co.uk. 194.39.164.140
4497[*] gateway.owlertonstadium.co.uk 46.183.13.53
4498[*] go.owlertonstadium.co.uk 46.183.13.53
4499[*] help.owlertonstadium.co.uk 46.183.13.53
4500[*] ib.owlertonstadium.co.uk 46.183.13.53
4501[*] images.owlertonstadium.co.uk 46.183.13.53
4502[*] internetbanking.owlertonstadium.co.uk 46.183.13.53
4503[*] intranet.owlertonstadium.co.uk 46.183.13.53
4504[*] jobs.owlertonstadium.co.uk 46.183.13.53
4505[*] join.owlertonstadium.co.uk 46.183.13.53
4506[*] live.owlertonstadium.co.uk 46.183.13.53
4507[*] login.owlertonstadium.co.uk 46.183.13.53
4508[*] m.owlertonstadium.co.uk 46.183.13.53
4509[*] mail.owlertonstadium.co.uk 46.183.13.250
4510[*] mail2.owlertonstadium.co.uk 46.183.13.53
4511[*] mobile.owlertonstadium.co.uk 46.183.13.53
4512[*] moodle.owlertonstadium.co.uk 46.183.13.53
4513[*] mx.owlertonstadium.co.uk 46.183.13.53
4514[*] mx2.owlertonstadium.co.uk 46.183.13.53
4515[*] mx3.owlertonstadium.co.uk 46.183.13.53
4516[*] my.owlertonstadium.co.uk 46.183.13.53
4517[*] new.owlertonstadium.co.uk 46.183.13.53
4518[*] news.owlertonstadium.co.uk 46.183.13.53
4519[*] ns1.owlertonstadium.co.uk 46.183.13.53
4520[*] ns2.owlertonstadium.co.uk 46.183.13.53
4521[*] ns3.owlertonstadium.co.uk 46.183.13.53
4522[*] oauth.owlertonstadium.co.uk 46.183.13.53
4523[*] old.owlertonstadium.co.uk 46.183.13.53
4524[*] one.owlertonstadium.co.uk 46.183.13.53
4525[*] open.owlertonstadium.co.uk 46.183.13.53
4526[*] out.owlertonstadium.co.uk 46.183.13.53
4527[*] outlook.owlertonstadium.co.uk 46.183.13.53
4528[*] portfolio.owlertonstadium.co.uk 46.183.13.53
4529[*] raw.owlertonstadium.co.uk 46.183.13.53
4530[*] repo.owlertonstadium.co.uk 46.183.13.53
4531[*] router.owlertonstadium.co.uk 46.183.13.53
4532[*] search.owlertonstadium.co.uk 46.183.13.53
4533[*] siem.owlertonstadium.co.uk 46.183.13.53
4534[*] slack.owlertonstadium.co.uk 46.183.13.53
4535[*] slackbot.owlertonstadium.co.uk 46.183.13.53
4536[*] snmp.owlertonstadium.co.uk 46.183.13.53
4537[*] stream.owlertonstadium.co.uk 46.183.13.53
4538[*] support.owlertonstadium.co.uk 46.183.13.53
4539[*] syslog.owlertonstadium.co.uk 46.183.13.53
4540[*] tags.owlertonstadium.co.uk 46.183.13.53
4541[*] test.owlertonstadium.co.uk 46.183.13.53
4542[*] upload.owlertonstadium.co.uk 46.183.13.53
4543[*] video.owlertonstadium.co.uk 46.183.13.53
4544[*] vpn.owlertonstadium.co.uk 46.183.13.53
4545[*] webconf.owlertonstadium.co.uk 46.183.13.53
4546[*] webmail.owlertonstadium.co.uk 46.183.13.250
4547[*] webportal.owlertonstadium.co.uk 46.183.13.53
4548[*] wiki.owlertonstadium.co.uk 46.183.13.53
4549[*] www2.owlertonstadium.co.uk 46.183.13.53
4550[*] www3.owlertonstadium.co.uk 46.183.13.53
4551[*] zendesk.owlertonstadium.co.uk 46.183.13.53
4552[INFO] Possible abuse mails are:
4553[*] abuse@owlertonstadium.co.uk
4554[*] abuse@ukfast.co.uk
4555[*] abuse@www.owlertonstadium.co.uk
4556[*] postmaster@ukfast.co.uk
4557[INFO] NO PAC (Proxy Auto Configuration) file FOUND
4558[ALERT] robots.txt file FOUND in http://www.owlertonstadium.co.uk/robots.txt
4559[INFO] Checking for HTTP status codes recursively from http://www.owlertonstadium.co.uk/robots.txt
4560[INFO] Status code Folders
4561[*] 200 http://www.owlertonstadium.co.uk/wp-admin/
4562[INFO] Starting FUZZing in http://www.owlertonstadium.co.uk/FUzZzZzZzZz...
4563[INFO] Status code Folders
4564[ALERT] Look in the source code. It may contain passwords
4565[INFO] Links found from https://www.owlertonstadium.co.uk/ http://194.39.164.140/:
4566[*] https://owlertonstadium.co.uk/bookings
4567[*] https://twitter.com/Outhousemediauk
4568[*] https://twitter.com/OwlertonStadium
4569[*] https://www.begambleaware.org/
4570[*] https://www.facebook.com/outhousemedia
4571[*] https://www.facebook.com/OwlertonGreyhoundStadium
4572[*] https://www.greyhoundtrustsheffield.com/
4573[*] https://www.instagram.com/owlertonstadium/?hl=en
4574[*] https://www.outhouse-media.co.uk/
4575[*] https://www.outhouse-media.co.uk/#1575314178281-5c1d61c4-459a
4576[*] https://www.outhouse-media.co.uk/#1575314178373-a4e0ef6f-9ce0
4577[*] https://www.outhouse-media.co.uk/#1575314178465-25b4e65e-f21f
4578[*] https://www.outhouse-media.co.uk/about/
4579[*] https://www.outhouse-media.co.uk/blog/
4580[*] https://www.outhouse-media.co.uk/cms-content-management/
4581[*] https://www.outhouse-media.co.uk/contact/
4582[*] https://www.outhouse-media.co.uk/cookie-notice/
4583[*] https://www.outhouse-media.co.uk/ecommerce/
4584[*] https://www.outhouse-media.co.uk/feed/
4585[*] https://www.outhouse-media.co.uk/portfolio/
4586[*] https://www.outhouse-media.co.uk/portfolio/bec/
4587[*] https://www.outhouse-media.co.uk/portfolio/bloomfields-horseboxes/
4588[*] https://www.outhouse-media.co.uk/portfolio/donasonic/
4589[*] https://www.outhouse-media.co.uk/portfolio/gables-cattery/
4590[*] https://www.outhouse-media.co.uk/portfolio/granby-nurseries/
4591[*] https://www.outhouse-media.co.uk/portfolio/lucas-petersson/
4592[*] https://www.outhouse-media.co.uk/privacy-policy/
4593[*] https://www.outhouse-media.co.uk/responsive-websites/
4594[*] https://www.outhouse-media.co.uk/seo/
4595[*] https://www.outhouse-media.co.uk/social-media-management/
4596[*] https://www.outhouse-media.co.uk/web-design/
4597[*] https://www.outhouse-media.co.uk/web-design-retford/
4598[*] https://www.outhouse-media.co.uk/website-hosting/
4599[*] https://www.outhouse-media.co.uk/website-prices/
4600[*] https://www.owlertonstadium.co.uk/
4601[*] https://www.owlertonstadium.co.uk/advertising/
4602[*] https://www.owlertonstadium.co.uk/all-packages/
4603[*] https://www.owlertonstadium.co.uk/bars/
4604[*] https://www.owlertonstadium.co.uk/birthday-party-venues-in-sheffield/
4605[*] https://www.owlertonstadium.co.uk/birthdays/
4606[*] https://www.owlertonstadium.co.uk/bookings/
4607[*] https://www.owlertonstadium.co.uk/careers/
4608[*] https://www.owlertonstadium.co.uk/category/blog/
4609[*] https://www.owlertonstadium.co.uk/category/news/
4610[*] https://www.owlertonstadium.co.uk/christmas-parties-in-sheffield/
4611[*] https://www.owlertonstadium.co.uk/contact
4612[*] https://www.owlertonstadium.co.uk/cookie-policy/
4613[*] https://www.owlertonstadium.co.uk/corporate-hospitality/
4614[*] https://www.owlertonstadium.co.uk/executive-boxes/
4615[*] https://www.owlertonstadium.co.uk/fab-free-tuesday/
4616[*] https://www.owlertonstadium.co.uk/faq
4617[*] https://www.owlertonstadium.co.uk/feed/
4618[*] https://www.owlertonstadium.co.uk/fundraising
4619[*] https://www.owlertonstadium.co.uk/greyhound-welfare/
4620[*] https://www.owlertonstadium.co.uk/how-to-bet/
4621[*] https://www.owlertonstadium.co.uk/looking-for-bars-in-sheffield/
4622[*] https://www.owlertonstadium.co.uk/offers-and-packages/
4623[*] https://www.owlertonstadium.co.uk/our-team/
4624[*] https://www.owlertonstadium.co.uk/owlerton-blog/
4625[*] https://www.owlertonstadium.co.uk/packages/
4626[*] https://www.owlertonstadium.co.uk/partnerships/
4627[*] https://www.owlertonstadium.co.uk/privacy-policy/
4628[*] https://www.owlertonstadium.co.uk/#racetimes
4629[*] https://www.owlertonstadium.co.uk/responsible-gambling/
4630[*] https://www.owlertonstadium.co.uk/restaurant/
4631[*] https://www.owlertonstadium.co.uk/results-calendar/
4632[*] https://www.owlertonstadium.co.uk/results-calendar/schedule/
4633[*] https://www.owlertonstadium.co.uk/snack-bar/
4634[*] https://www.owlertonstadium.co.uk/speedway/
4635[*] https://www.owlertonstadium.co.uk/sponsorship/
4636[*] https://www.owlertonstadium.co.uk/stag-and-hen-parties/
4637[*] https://www.owlertonstadium.co.uk/stock-car-racing/
4638[*] https://www.owlertonstadium.co.uk/terms/
4639[*] https://www.owlertonstadium.co.uk/venue-hire/
4640[*] https://www.owlertonstadium.co.uk/vip-experience/
4641[*] https://www.owlertonstadium.co.uk/wp-content/uploads/2019/08/gallery1.jpg
4642[*] https://www.owlertonstadium.co.uk/wp-content/uploads/2019/08/gallery2.jpg
4643[*] https://www.owlertonstadium.co.uk/wp-content/uploads/2019/08/gallery3.jpg
4644[*] https://www.owlertonstadium.co.uk/wp-content/uploads/2019/08/gallery4.jpg
4645[*] https://www.owlertonstadium.co.uk/wp-json/oembed/1.0/embed?url=https://www.owlertonstadium.co.uk/
4646[*] https://www.owlertonstadium.co.uk/wp-json/oembed/1.0/embed?url=https://www.owlertonstadium.co.uk/&format=xml
4647[*] https://www.youtube.com/user/owlertonstadium1
4648[*] https://www.youtube.com/watch?v=E-GNZCJyi5s&has_verified=1
4649[*] http://tickets.owlertongreyhoundracingstadium.co.uk/mi-eventmaster/html/em/website/cart.pl
4650[*] http://www.sheffield-speedway.com/
4651[INFO] GOOGLE has › visit-searchresults › product about http://www.owlertonstadium.co.uk/
4652[INFO] Shodan detected the following opened ports on 194.39.164.140:
4653[*] 1
4654[*] 110
4655[*] 2019
4656[*] 21
4657[*] 214
4658[*] 25
4659[*] 4
4660[*] 443
4661[*] 465
4662[*] 587
4663[*] 7
4664[*] 8
4665[*] 80
4666[*] 9675
4667[*] 993
4668[INFO] ------VirusTotal SECTION------
4669[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
4670[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
4671[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
4672[INFO] ------Alexa Rank SECTION------
4673[INFO] Percent of Visitors Rank in Country:
4674[INFO] Percent of Search Traffic:
4675[INFO] Percent of Unique Visits:
4676[INFO] Total Sites Linking In:
4677[*] Total Sites
4678[INFO] Useful links related to www.owlertonstadium.co.uk - 194.39.164.140:
4679[*] https://www.virustotal.com/pt/ip-address/194.39.164.140/information/
4680[*] https://www.hybrid-analysis.com/search?host=194.39.164.140
4681[*] https://www.shodan.io/host/194.39.164.140
4682[*] https://www.senderbase.org/lookup/?search_string=194.39.164.140
4683[*] https://www.alienvault.com/open-threat-exchange/ip/194.39.164.140
4684[*] http://pastebin.com/search?q=194.39.164.140
4685[*] http://urlquery.net/search.php?q=194.39.164.140
4686[*] http://www.alexa.com/siteinfo/www.owlertonstadium.co.uk
4687[*] http://www.google.com/safebrowsing/diagnostic?site=www.owlertonstadium.co.uk
4688[*] https://censys.io/ipv4/194.39.164.140
4689[*] https://www.abuseipdb.com/check/194.39.164.140
4690[*] https://urlscan.io/search/#194.39.164.140
4691[*] https://github.com/search?q=194.39.164.140&type=Code
4692[INFO] Useful links related to AS61323 - 194.39.164.0/22:
4693[*] http://www.google.com/safebrowsing/diagnostic?site=AS:61323
4694[*] https://www.senderbase.org/lookup/?search_string=194.39.164.0/22
4695[*] http://bgp.he.net/AS61323
4696[*] https://stat.ripe.net/AS61323
4697[INFO] Date: 05/01/20 | Time: 01:47:04
4698[INFO] Total time: 1 minute(s) and 22 second(s)
4699#######################################################################################################################################
4700[-] Target: https://www.owlertonstadium.co.uk (194.39.164.140)
4701[I] Server: nginx
4702[I] X-Powered-By: PHP/7.0.33
4703[L] X-Frame-Options: Not Enforced
4704[I] Strict-Transport-Security: Not Enforced
4705[I] X-Content-Security-Policy: Not Enforced
4706[I] X-Content-Type-Options: Not Enforced
4707[L] Robots.txt Found: https://www.owlertonstadium.co.uk/robots.txt
4708[I] CMS Detection: WordPress
4709[I] Wordpress Version: 5.3.2
4710[I] Wordpress Theme: genesisexpo
4711[-] WordPress usernames identified:
4712[M] Guy
4713[M] admin
4714[M] owler
4715[M] XML-RPC services are enabled
4716[M] Website vulnerable to XML-RPC Brute Force Vulnerability
4717[I] Autocomplete Off Not Found: https://www.owlertonstadium.co.uk/wp-login.php
4718[-] Default WordPress Files:
4719[I] https://www.owlertonstadium.co.uk/license.txt
4720[I] https://www.owlertonstadium.co.uk/readme.html
4721[I] https://www.owlertonstadium.co.uk/wp-content/themes/twentynineteen/readme.txt
4722[I] https://www.owlertonstadium.co.uk/wp-content/themes/twentysixteen/genericons/COPYING.txt
4723[I] https://www.owlertonstadium.co.uk/wp-content/themes/twentysixteen/genericons/LICENSE.txt
4724[I] https://www.owlertonstadium.co.uk/wp-content/themes/twentysixteen/readme.txt
4725[I] https://www.owlertonstadium.co.uk/wp-content/themes/twentytwenty/readme.txt
4726[I] https://www.owlertonstadium.co.uk/wp-includes/ID3/license.commercial.txt
4727[I] https://www.owlertonstadium.co.uk/wp-includes/ID3/license.txt
4728[I] https://www.owlertonstadium.co.uk/wp-includes/ID3/readme.txt
4729[I] https://www.owlertonstadium.co.uk/wp-includes/images/crystal/license.txt
4730[I] https://www.owlertonstadium.co.uk/wp-includes/js/plupload/license.txt
4731[I] https://www.owlertonstadium.co.uk/wp-includes/js/swfupload/license.txt
4732[I] https://www.owlertonstadium.co.uk/wp-includes/js/tinymce/license.txt
4733[-] Searching Wordpress Plugins ...
4734[I] akismet
4735[M] EDB-ID: 37826 "WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities"
4736[M] EDB-ID: 37902 "WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities"
4737[I] calendarize-it v4.9.2.94702
4738[I] contact-form-7 v5.1.6
4739[I] duplicator v1.3.24
4740[M] EDB-ID: 38676 "WordPress Plugin Duplicator - Cross-Site Scripting"
4741[M] EDB-ID: 44288 "WordPress Plugin Duplicator 1.2.32 - Cross-Site Scripting"
4742[I] genesisexpo-core
4743[I] gravityforms
4744[I] js_composer
4745[I] revslider
4746[I] woocommerce v3.8.1
4747[M] EDB-ID: 43196 "WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal"
4748[I] Checking for Directory Listing Enabled ...
4749[-] Date & Time: 05/01/2020 01:50:48
4750[-] Completed in: 0:07:46
4751######################################################################################################################################
4752 Anonymous JTSEC #OpDefendTheWild Full Recon #7