· 6 years ago · Nov 25, 2019, 01:24 AM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname www.turkmenajans.net ISP Hetzner Online GmbH
4Continent Europe Flag
5DE
6Country Germany Country Code DE
7Region Unknown Local time 24 Nov 2019 23:36 CET
8City Unknown Postal Code Unknown
9IP Address 144.76.114.219 Latitude 51.299
10 Longitude 9.491
11
12=====================================================================================================================================
13######################################################################################################################################
14> www.turkmenajans.net
15Server: 38.132.106.139
16Address: 38.132.106.139#53
17
18Non-authoritative answer:
19www.turkmenajans.net canonical name = turkmenajans.net.
20Name: turkmenajans.net
21Address: 144.76.114.219
22>
23######################################################################################################################################
24 Domain Name: TURKMENAJANS.NET
25 Registry Domain ID: 2203585110_DOMAIN_NET-VRSN
26 Registrar WHOIS Server: whois.isimtescil.net
27 Registrar URL: http://www.isimtescil.net
28 Updated Date: 2019-02-13T14:41:13Z
29 Creation Date: 2017-12-23T10:33:39Z
30 Registry Expiry Date: 2020-12-23T10:33:39Z
31 Registrar: FBS Inc.
32 Registrar IANA ID: 1110
33 Registrar Abuse Contact Email: abuse@domaintime.biz
34 Registrar Abuse Contact Phone: +90.8502000444
35 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
36 Name Server: NS1.AKINMEDYA.COM
37 Name Server: NS2.AKINMEDYA.COM
38 DNSSEC: unsigned
39######################################################################################################################################
40[+] Target : www.turkmenajans.net
41
42[+] IP Address : 144.76.114.219
43
44[+] Headers :
45
46[+] Connection : Keep-Alive
47[+] Content-Type : text/html; charset=UTF-8
48[+] Link : <https://www.turkmenajans.net/wp-json/>; rel="https://api.w.org/"
49[+] Etag : "472-1574415520;gz"
50[+] X-LiteSpeed-Cache : hit
51[+] Content-Encoding : gzip
52[+] Vary : Accept-Encoding
53[+] Content-Length : 11615
54[+] Date : Sun, 24 Nov 2019 23:10:17 GMT
55[+] Server : LiteSpeed
56
57[+] SSL Certificate Information :
58
59[+] commonName : turkmenajans.net
60[+] countryName : US
61[+] organizationName : Let's Encrypt
62[+] commonName : Let's Encrypt Authority X3
63[+] Version : 3
64[+] Serial Number : 0381ED2FB4B059F589863E17ECED24F961FA
65[+] Not Before : Oct 31 00:37:34 2019 GMT
66[+] Not After : Jan 29 00:37:34 2020 GMT
67[+] OCSP : ('http://ocsp.int-x3.letsencrypt.org',)
68[+] subject Alt Name : (('DNS', 'cpanel.turkmenajans.net'), ('DNS', 'mail.turkmenajans.net'), ('DNS', 'turkmenajans.net'), ('DNS', 'webdisk.turkmenajans.net'), ('DNS', 'webmail.turkmenajans.net'), ('DNS', 'www.turkmenajans.net'))
69[+] CA Issuers : ('http://cert.int-x3.letsencrypt.org/',)
70
71[+] Whois Lookup :
72
73[+] NIR : None
74[+] ASN Registry : ripencc
75[+] ASN : 24940
76[+] ASN CIDR : 144.76.0.0/16
77[+] ASN Country Code : DE
78[+] ASN Date : 1990-11-16
79[+] ASN Description : HETZNER-AS, DE
80[+] cidr : 144.76.114.192/27
81[+] name : HETZNER-fsn1-dc10
82[+] handle : HOAC1-RIPE
83[+] range : 144.76.114.192 - 144.76.114.223
84[+] description : Hetzner Online GmbH
85Datacenter fsn1-dc10
86[+] country : DE
87[+] state : None
88[+] city : None
89[+] address : Hetzner Online GmbH
90Industriestrasse 25
91D-91710 Gunzenhausen
92Germany
93[+] postal_code : None
94[+] emails : ['abuse@hetzner.de', 'peering@hetzner.de']
95[+] created : 2018-03-15T13:51:40Z
96[+] updated : 2018-03-15T13:51:40Z
97
98[+] Crawling Target...
99
100[+] Looking for robots.txt........[ Found ]
101[+] Extracting robots Links.......[ 2 ]
102[+] Looking for sitemap.xml.......[ Found ]
103[+] Extracting sitemap Links......[ 7 ]
104[+] Extracting CSS Links..........[ 5 ]
105[+] Extracting Javascript Links...[ 4 ]
106[+] Extracting Internal Links.....[ 40 ]
107[+] Extracting External Links.....[ 5 ]
108[+] Extracting Images.............[ 40 ]
109
110[+] Total Links Extracted : 103
111
112[+] Dumping Links in /opt/FinalRecon/dumps/www.turkmenajans.net.dump
113[+] Completed!
114######################################################################################################################################
115[i] Scanning Site: http://www.turkmenajans.net
116
117
118
119B A S I C I N F O
120====================
121
122
123[+] Site Title: Türkmen Ajans |
124[+] IP address: 144.76.114.219
125[+] Web Server: LiteSpeed
126[+] CMS: WordPress
127[+] Cloudflare: Not Detected
128[+] Robots File: Found
129
130-------------[ contents ]----------------
131User-agent: *
132Disallow: /wp-admin/
133Allow: /wp-admin/admin-ajax.php
134
135Sitemap: https://www.turkmenajans.net/sitemap.xml
136
137-----------[end of contents]-------------
138
139
140
141W H O I S L O O K U P
142========================
143
144 Domain Name: TURKMENAJANS.NET
145 Registry Domain ID: 2203585110_DOMAIN_NET-VRSN
146 Registrar WHOIS Server: whois.isimtescil.net
147 Registrar URL: http://www.isimtescil.net
148 Updated Date: 2019-02-13T14:41:13Z
149 Creation Date: 2017-12-23T10:33:39Z
150 Registry Expiry Date: 2020-12-23T10:33:39Z
151 Registrar: FBS Inc.
152 Registrar IANA ID: 1110
153 Registrar Abuse Contact Email: abuse@domaintime.biz
154 Registrar Abuse Contact Phone: +90.8502000444
155 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
156 Name Server: NS1.AKINMEDYA.COM
157 Name Server: NS2.AKINMEDYA.COM
158 DNSSEC: unsigned
159 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
160>>> Last update of whois database: 2019-11-24T23:10:21Z <<<
161
162For more information on Whois status codes, please visit https://icann.org/epp
163
164
165
166The Registry database contains ONLY .COM, .NET, .EDU domains and
167Registrars.
168
169
170
171
172G E O I P L O O K U P
173=========================
174
175[i] IP Address: 144.76.114.219
176[i] Country: Germany
177[i] State:
178[i] City:
179[i] Latitude: 51.2993
180[i] Longitude: 9.491
181
182
183
184
185H T T P H E A D E R S
186=======================
187
188
189[i] HTTP/1.0 200 OK
190[i] Connection: close
191[i] Content-Type: text/html; charset=UTF-8
192[i] Link: <https://www.turkmenajans.net/wp-json/>; rel="https://api.w.org/"
193[i] Etag: "472-1574415520;;;"
194[i] X-LiteSpeed-Cache: hit
195[i] Date: Sun, 24 Nov 2019 23:10:33 GMT
196[i] Server: LiteSpeed
197
198
199
200
201D N S L O O K U P
202===================
203
204turkmenajans.net. 14399 IN TXT "v=spf1 ip4:144.76.114.219 +a +mx +ip4:176.53.25.90 ~all"
205turkmenajans.net. 21599 IN SOA ns1.akinmedya.com.tr. yok.yokki.com. 2019101404 3600 1800 1209600 86400
206turkmenajans.net. 21599 IN NS ns1.akinmedya.com.tr.
207turkmenajans.net. 21599 IN NS ns2.akinmedya.com.tr.
208turkmenajans.net. 14399 IN A 144.76.114.219
209turkmenajans.net. 14399 IN MX 0 turkmenajans.net.
210
211
212
213
214S U B N E T C A L C U L A T I O N
215====================================
216
217Address = 144.76.114.219
218Network = 144.76.114.219 / 32
219Netmask = 255.255.255.255
220Broadcast = not needed on Point-to-Point links
221Wildcard Mask = 0.0.0.0
222Hosts Bits = 0
223Max. Hosts = 1 (2^0 - 0)
224Host Range = { 144.76.114.219 - 144.76.114.219 }
225
226
227
228N M A P P O R T S C A N
229============================
230
231Starting Nmap 7.70 ( https://nmap.org ) at 2019-11-24 23:10 UTC
232Nmap scan report for turkmenajans.net (144.76.114.219)
233Host is up (0.081s latency).
234rDNS record for 144.76.114.219: ns1.akinmedya.com
235
236PORT STATE SERVICE
23721/tcp open ftp
23822/tcp closed ssh
23923/tcp closed telnet
24080/tcp open http
241110/tcp open pop3
242143/tcp open imap
243443/tcp open https
2443389/tcp open ms-wbt-server
245
246Nmap done: 1 IP address (1 host up) scanned in 1.26 seconds
247
248
249
250S U B - D O M A I N F I N D E R
251==================================
252
253
254[i] Total Subdomains Found : 2
255
256[+] Subdomain: cpanel.turkmenajans.net
257[-] IP: 144.76.114.219
258
259[+] Subdomain: webmail.turkmenajans.net
260[-] IP: 144.76.114.219
261#######################################################################################################################################
262[+] Starting At 2019-11-24 18:10:31.250891
263[+] Collecting Information On: http://www.turkmenajans.net/
264[#] Status: 200
265--------------------------------------------------
266[#] Web Server Detected: LiteSpeed
267[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
268- Connection: Keep-Alive
269- Content-Type: text/html; charset=UTF-8
270- Link: <https://www.turkmenajans.net/wp-json/>; rel="https://api.w.org/"
271- Etag: "472-1574415520;gz"
272- X-LiteSpeed-Cache: hit
273- Content-Encoding: gzip
274- Vary: Accept-Encoding
275- Content-Length: 11615
276- Date: Sun, 24 Nov 2019 23:10:31 GMT
277- Server: LiteSpeed
278--------------------------------------------------
279[#] Finding Location..!
280[#] status: success
281[#] country: Germany
282[#] countryCode: DE
283[#] region: SN
284[#] regionName: Saxony
285[#] city: Falkenstein
286[#] zip: 08223
287[#] lat: 50.475
288[#] lon: 12.365
289[#] timezone: Europe/Berlin
290[#] isp: Hetzner
291[#] org: Hetzner Online GmbH
292[#] as: AS24940 Hetzner Online GmbH
293[#] query: 144.76.114.219
294--------------------------------------------------
295[x] Didn't Detect WAF Presence on: http://www.turkmenajans.net/
296--------------------------------------------------
297[#] Starting Reverse DNS
298[-] Failed ! Fail
299--------------------------------------------------
300[!] Scanning Open Port
301[#] 21/tcp open ftp
302[#] 53/tcp open domain
303[#] 80/tcp open http
304[#] 110/tcp open pop3
305[#] 143/tcp open imap
306[#] 443/tcp open https
307[#] 465/tcp open smtps
308[#] 587/tcp open submission
309[#] 993/tcp open imaps
310[#] 995/tcp open pop3s
311[#] 3306/tcp open mysql
312[#] 3389/tcp open ms-wbt-server
313--------------------------------------------------
314[+] Collecting Information Disclosure!
315[#] Detecting sitemap.xml file
316[!] sitemap.xml File Found: http://www.turkmenajans.net//sitemap.xml
317[#] Detecting robots.txt file
318[!] robots.txt File Found: http://www.turkmenajans.net//robots.txt
319[#] Detecting GNU Mailman
320[!] GNU Mailman App Detected: http://www.turkmenajans.net//mailman/admin
321[!] version: 2.1.29
322--------------------------------------------------
323[+] Crawling Url Parameter On: http://www.turkmenajans.net/
324--------------------------------------------------
325[#] Searching Html Form !
326[+] Html Form Discovered
327[#] action: https://www.turkmenajans.net/
328[#] class: None
329[#] id: None
330[#] method: get
331--------------------------------------------------
332[!] Found 1 dom parameter
333[#] http://www.turkmenajans.net//#
334--------------------------------------------------
335[-] No internal Dynamic Parameter Found!?
336--------------------------------------------------
337[!] 1 External Dynamic Parameter Discovered
338[#] https://twitter.com/huseyinbozan?ref_src=twsrc%5Etfw
339--------------------------------------------------
340[!] 101 Internal links Discovered
341[+] http://www.turkmenajans.net/wp-content/themes/HaberMatikV2/style.css
342[+] http://www.turkmenajans.net/wp-content/themes/HaberMatikV2/css/general.css
343[+] http://www.turkmenajans.net/wp-content/themes/HaberMatikV2/css/reset.css
344[+] https://www.turkmenajans.net/wp-content/uploads/favicon.png
345[+] http://www.turkmenajans.net/wp-content/themes/HaberMatikV2/css/siyah.css
346[+] https://www.turkmenajans.net/feed/
347[+] https://www.turkmenajans.net/feed/rss/
348[+] https://www.turkmenajans.net/feed/atom/
349[+] http://www.turkmenajans.net/xmlrpc.php
350[+] https://www.turkmenajans.net/
351[+] https://www.turkmenajans.net/wp-content/uploads/2019/02/cropped-Untitled-1-32x32.png
352[+] https://www.turkmenajans.net/wp-content/uploads/2019/02/cropped-Untitled-1-192x192.png
353[+] https://www.turkmenajans.net/wp-content/uploads/2019/02/cropped-Untitled-1-180x180.png
354[+] https://www.turkmenajans.net/sitene-ekle
355[+] https://www.turkmenajans.net/giris
356[+] https://www.turkmenajans.net/kunye
357[+] https://www.turkmenajans.net/iletisim
358[+] https://www.turkmenajans.net
359[+] http://www.turkmenajans.net//"><img src=
360[+] https://www.turkmenajans.net
361[+] https://www.turkmenajans.net/kategori/gundem/
362[+] https://www.turkmenajans.net/kategori/turkmeneli/
363[+] https://www.turkmenajans.net/kategori/dunya/
364[+] https://www.turkmenajans.net/kategori/ekonomi/
365[+] https://www.turkmenajans.net/kategori/egitim/
366[+] https://www.turkmenajans.net/kategori/spor/
367[+] https://www.turkmenajans.net/kategori/teknoloji/
368[+] https://www.turkmenajans.net/kategori/foto-galeri/
369[+] https://www.turkmenajans.net/kategori/video-galeri/
370[+] https://www.turkmenajans.net/teror-orgutu-ypg-pkk-roj-multeci-kampinda-cocuklari-tutukladi/
371[+] https://www.turkmenajans.net/operasyona-haziriz-emir-bekliyoruz/
372[+] https://www.turkmenajans.net/cobanbeyde-7000-kisiye-istihdam-saglayacak-dev-proje/
373[+] https://www.turkmenajans.net/firat-kalkani-harekatiyla-terorden-temizlenen-bolgelerde-suc-orani-yuzde-2ye-dustu/
374[+] https://www.turkmenajans.net/turkmen-meclisi-baskani-genclerle-bulustu/
375[+] https://www.turkmenajans.net/feed
376[+] https://www.turkmenajans.net/telaferden-ayrilan-turkmenlerin-yuzde-35i-bolgeye-donebildi/
377[+] https://www.turkmenajans.net/cumhurbaskani-erdogan-suriye-konulu-uclu-zirve-sonrasi-aciklama-yapti-erdogan-suriyede-cozum-umudu-hic-bu-kadar-filizlenmedi-dedi-cumhurbaskani-erdogan-suriyede-cozum-umudu-hic-bu-kadar/
378[+] https://www.turkmenajans.net/teror-orgutu-ypg-pkk-roj-multeci-kampinda-cocuklari-tutukladi/
379[+] https://www.turkmenajans.net/operasyona-haziriz-emir-bekliyoruz/
380[+] https://www.turkmenajans.net/cobanbeyde-7000-kisiye-istihdam-saglayacak-dev-proje/
381[+] https://www.turkmenajans.net/firat-kalkani-harekatiyla-terorden-temizlenen-bolgelerde-suc-orani-yuzde-2ye-dustu/
382[+] https://www.turkmenajans.net/turkmen-meclisi-baskani-genclerle-bulustu/
383[+] https://www.turkmenajans.net/bati-turkmeneli-dernegi-yeni-yerine-tasindi/
384[+] https://www.turkmenajans.net/turkmenler-dernek-acilisinda-toplandi/
385[+] https://www.turkmenajans.net/telaferden-ayrilan-turkmenlerin-yuzde-35i-bolgeye-donebildi/
386[+] https://www.turkmenajans.net/hersey-vatan-icin/
387[+] https://www.turkmenajans.net/cobanbey-saldirisini-planlayan-teroristler-yakalandi/
388[+] https://www.turkmenajans.net/rusya-ile-iranin-hakimiyet-kavgasi-devam-ediyor/
389[+] https://www.turkmenajans.net/menbic-de-firatin-dogusu-da-bizi-ve-turkiyeyi-dort-gozle-bekliyor/
390[+] https://www.turkmenajans.net/cumhurbaskani-erdogan-suriye-konulu-uclu-zirve-sonrasi-aciklama-yapti-erdogan-suriyede-cozum-umudu-hic-bu-kadar-filizlenmedi-dedi-cumhurbaskani-erdogan-suriyede-cozum-umudu-hic-bu-kadar/
391[+] https://www.turkmenajans.net/bir-defter-bir-kalem-ile-bir-cocuk-okut/
392[+] https://www.turkmenajans.net/teror-orgutu-ypg-pkk-roj-multeci-kampinda-cocuklari-tutukladi/
393[+] https://www.turkmenajans.net/operasyona-haziriz-emir-bekliyoruz/
394[+] https://www.turkmenajans.net/cobanbeyde-7000-kisiye-istihdam-saglayacak-dev-proje/
395[+] https://www.turkmenajans.net/firat-kalkani-harekatiyla-terorden-temizlenen-bolgelerde-suc-orani-yuzde-2ye-dustu/
396[+] https://www.turkmenajans.net/turkmen-meclisi-baskani-genclerle-bulustu/
397[+] https://www.turkmenajans.net/bati-turkmeneli-dernegi-yeni-yerine-tasindi/
398[+] https://www.turkmenajans.net/turkmenler-dernek-acilisinda-toplandi/
399[+] https://www.turkmenajans.net/telaferden-ayrilan-turkmenlerin-yuzde-35i-bolgeye-donebildi/
400[+] https://www.turkmenajans.net/hersey-vatan-icin/
401[+] https://www.turkmenajans.net/cobanbey-saldirisini-planlayan-teroristler-yakalandi/
402[+] https://www.turkmenajans.net/rusya-ile-iranin-hakimiyet-kavgasi-devam-ediyor/
403[+] https://www.turkmenajans.net/menbic-de-firatin-dogusu-da-bizi-ve-turkiyeyi-dort-gozle-bekliyor/
404[+] https://www.turkmenajans.net/cumhurbaskani-erdogan-suriye-konulu-uclu-zirve-sonrasi-aciklama-yapti-erdogan-suriyede-cozum-umudu-hic-bu-kadar-filizlenmedi-dedi-cumhurbaskani-erdogan-suriyede-cozum-umudu-hic-bu-kadar/
405[+] https://www.turkmenajans.net/bir-defter-bir-kalem-ile-bir-cocuk-okut/
406[+] https://www.turkmenajans.net/suriye-lirasi-karsisinda-doviz-kurlari-ne-kadar/
407[+] https://www.turkmenajans.net/suriye-lirasi-karsisinda-doviz-kurlari-ne-kadar/
408[+] https://www.turkmenajans.net/teror-orgutu-ypg-pkk-roj-multeci-kampinda-cocuklari-tutukladi/
409[+] https://www.turkmenajans.net/operasyona-haziriz-emir-bekliyoruz/
410[+] https://www.turkmenajans.net/cobanbeyde-7000-kisiye-istihdam-saglayacak-dev-proje/
411[+] https://www.turkmenajans.net/firat-kalkani-harekatiyla-terorden-temizlenen-bolgelerde-suc-orani-yuzde-2ye-dustu/
412[+] https://www.turkmenajans.net/turkmen-meclisi-baskani-genclerle-bulustu/
413[+] https://www.turkmenajans.net/hersey-vatan-icin/
414[+] http://www.turkmenajans.net//javascript:void(0);
415[+] http://www.turkmenajans.net//javascript:void(0);
416[+] https://www.turkmenajans.net/cobanbeyde-7000-kisiye-istihdam-saglayacak-dev-proje/
417[+] https://www.turkmenajans.net/firat-kalkani-harekatiyla-terorden-temizlenen-bolgelerde-suc-orani-yuzde-2ye-dustu/
418[+] https://www.turkmenajans.net/turkmen-meclisi-baskani-genclerle-bulustu/
419[+] https://www.turkmenajans.net/bati-turkmeneli-dernegi-yeni-yerine-tasindi/
420[+] https://www.turkmenajans.net/turkmenler-dernek-acilisinda-toplandi/
421[+] https://www.turkmenajans.net/telaferden-ayrilan-turkmenlerin-yuzde-35i-bolgeye-donebildi/
422[+] https://www.turkmenajans.net/iki-farkli-besiktas/
423[+] https://www.turkmenajans.net/telaferden-ayrilan-turkmenlerin-yuzde-35i-bolgeye-donebildi/
424[+] https://www.turkmenajans.net/cumhurbaskani-erdogan-suriye-konulu-uclu-zirve-sonrasi-aciklama-yapti-erdogan-suriyede-cozum-umudu-hic-bu-kadar-filizlenmedi-dedi-cumhurbaskani-erdogan-suriyede-cozum-umudu-hic-bu-kadar/
425[+] https://www.turkmenajans.net/bir-defter-bir-kalem-ile-bir-cocuk-okut/
426[+] https://www.turkmenajans.net/menbic-de-firatin-dogusu-da-bizi-ve-turkiyeyi-dort-gozle-bekliyor/
427[+] https://www.turkmenajans.net/menbic-de-firatin-dogusu-da-bizi-ve-turkiyeyi-dort-gozle-bekliyor/
428[+] http://www.turkmenajans.net//javascript:void(0);
429[+] http://www.turkmenajans.net//javascript:void(0);
430[+] https://www.turkmenajans.net/tum-yazarlar
431[+] https://www.turkmenajans.net/iletisim/
432[+] https://www.turkmenajans.net/kunye/
433[+] https://www.turkmenajans.net/kayit-ol/
434[+] https://www.turkmenajans.net/giris/
435[+] https://www.turkmenajans.net/gazete-mansetleri/
436[+] https://www.turkmenajans.net/sitene-ekle/
437[+] https://www.turkmenajans.net/tum-yazarlar/
438[+] https://www.turkmenajans.net/ornek-sayfa/
439[+] https://www.turkmenajans.net
440[+] http://www.turkmenajans.net//www.twitter.com/turkmenajans
441[+] https://www.turkmenajans.net/feed
442--------------------------------------------------
443[!] 4 External links Discovered
444[#] http://www.facebook.com/turkmenajans1
445[#] https://plus.google.com/+HüseyinBozan
446[#] https://www.akinmedya.com.tr/
447[#] http://www.habermatik.net
448--------------------------------------------------
449[#] Mapping Subdomain..
450[!] Found 3 Subdomain
451- webdisk.turkmenajans.net
452- cpanel.turkmenajans.net
453- webmail.turkmenajans.net
454--------------------------------------------------
455[!] Done At 2019-11-24 18:10:44.136335
456######################################################################################################################################
457Trying "turkmenajans.net"
458;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18099
459;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 1
460
461;; QUESTION SECTION:
462;turkmenajans.net. IN ANY
463
464;; ANSWER SECTION:
465turkmenajans.net. 5 IN MX 0 turkmenajans.net.
466turkmenajans.net. 5 IN A 144.76.114.219
467turkmenajans.net. 5 IN SOA ns1.akinmedya.com.tr. yok.yokki.com. 2019101404 3600 1800 1209600 86400
468turkmenajans.net. 5 IN TXT "v=spf1 ip4:144.76.114.219 +a +mx +ip4:176.53.25.90 ~all"
469turkmenajans.net. 5 IN NS ns2.akinmedya.com.tr.
470turkmenajans.net. 5 IN NS ns1.akinmedya.com.tr.
471
472;; AUTHORITY SECTION:
473turkmenajans.net. 43200 IN NS ns2.akinmedya.com.tr.
474turkmenajans.net. 43200 IN NS ns1.akinmedya.com.tr.
475
476;; ADDITIONAL SECTION:
477turkmenajans.net. 14400 IN A 144.76.114.219
478
479Received 279 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 343 ms
480#######################################################################################################################################
481
482; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace turkmenajans.net any
483;; global options: +cmd
484. 85829 IN NS i.root-servers.net.
485. 85829 IN NS g.root-servers.net.
486. 85829 IN NS k.root-servers.net.
487. 85829 IN NS c.root-servers.net.
488. 85829 IN NS h.root-servers.net.
489. 85829 IN NS b.root-servers.net.
490. 85829 IN NS j.root-servers.net.
491. 85829 IN NS d.root-servers.net.
492. 85829 IN NS e.root-servers.net.
493. 85829 IN NS l.root-servers.net.
494. 85829 IN NS m.root-servers.net.
495. 85829 IN NS a.root-servers.net.
496. 85829 IN NS f.root-servers.net.
497. 85829 IN RRSIG NS 8 0 518400 20191207170000 20191124160000 22545 . X8zWOJ0yhReViHVoneu/RSB2gO9JYyZM/HI4fKUuCUZb64YWoR1HFnjv M3iJLVlg0mmUZu/Rqdz1etMviXNSSYg9RmwcP1OLFuaCEjR2686CXYQ1 PBpeRtlYTMyT/0cxH66IwDROqVRL6+tnq8IrGr1uHgrut3toItkUvsiO Yra47LYoOCQ17KBoqW8KOymJW34GUWR7rPUO+xk6eEdmB7gj++W4vR/D TAkHupbNum6IU/OnOGOLfIfQ1kGUqntEScEunNaRoR83SM4tdViGogmk XZI2zY+Tn1Jjn6+PwcPH2j6h5nw0nDy+Sx6PdOT+EYvNa+U8OkkTLHLM ksB2Yw==
498;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 139 ms
499
500net. 172800 IN NS l.gtld-servers.net.
501net. 172800 IN NS b.gtld-servers.net.
502net. 172800 IN NS c.gtld-servers.net.
503net. 172800 IN NS d.gtld-servers.net.
504net. 172800 IN NS e.gtld-servers.net.
505net. 172800 IN NS f.gtld-servers.net.
506net. 172800 IN NS g.gtld-servers.net.
507net. 172800 IN NS a.gtld-servers.net.
508net. 172800 IN NS h.gtld-servers.net.
509net. 172800 IN NS i.gtld-servers.net.
510net. 172800 IN NS j.gtld-servers.net.
511net. 172800 IN NS k.gtld-servers.net.
512net. 172800 IN NS m.gtld-servers.net.
513net. 86400 IN DS 35886 8 2 7862B27F5F516EBE19680444D4CE5E762981931842C465F00236401D 8BD973EE
514net. 86400 IN RRSIG DS 8 1 86400 20191207170000 20191124160000 22545 . j5AfEsccEHvuDiXt76g3m4h7c56SNXoocPmPmXMrCczDQHFHKK544QGF YrKSh66a0+++g0xTHTNmBLMVGTuVlozQTWRt+XzyUv7gzhaLsXwA2xa8 YpkCqErpqgyOayOddV8izpOrdylMtI12E0jdPhOgxcmEPd4s7WLps8ep Keed1l49BG3I/ytey/UaIcoWnDaocOof4B2e0AjvWu6bAIhLdyRKTO3e PstNjciO4Ao55RjDIhVtj7odNC6ykN7+InPKo3pouYVAf5E7fkL6HeRy 8t6NgJi+QypWKDsCGIpMbpGtFaGOjiIID01CEpvStcFD7Kw/5SnkwJN2 dPtYKg==
515;; Received 1173 bytes from 192.5.5.241#53(f.root-servers.net) in 66 ms
516
517turkmenajans.net. 172800 IN NS ns1.akinmedya.com.
518turkmenajans.net. 172800 IN NS ns2.akinmedya.com.
519A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN NSEC3 1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSEC3PARAM
520A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN RRSIG NSEC3 8 2 86400 20191201072150 20191124061150 36407 net. GzkksAfF3zDuRE63m8N+JAXlkxH2eGujFm8QwA99azgk+ueiR36LmQwz Qcr9AjffeSolED9ZxDqVSXexJJLjEqZK33+5ILWXuqwYvB1jSR0WoF17 86knzLaxjH1yoZl+xqvDwFfmpf/ceuCTBnjrhugiIswuEmh3mwY5blOm OQs+FjI3by+BkUMkf2JJUC7gpn1ytDcEJeAz2B1P5EXZaQ==
521C6T9UD4IJK105PGKUAPMERDR6F7GAT93.net. 86400 IN NSEC3 1 1 0 - C6TECPULT8T64RD0A7SCPR5ARV2JFNJU NS DS RRSIG
522C6T9UD4IJK105PGKUAPMERDR6F7GAT93.net. 86400 IN RRSIG NSEC3 8 2 86400 20191128072027 20191121061027 36407 net. Fr64Uxm+qsCO3/+FjB/fq/Oy61n6Ywx/PAIubg/+8iWAlYXrEw3iMUF1 bFtyQnCLynfRwaGmL6j55pztXBy8Zm+pDni/xwoyxDCKxn0wegGrXTSn p7baibionn6Qkt9BD7Xps4Gabpyb5wEqvqBoVr05/T1dobaVpFsf8BCV Ek46kEIZFHvHGHSf8ivjy5fxMdyfzQb/MX9MLawmlPX10g==
523;; Received 643 bytes from 192.35.51.30#53(f.gtld-servers.net) in 233 ms
524
525turkmenajans.net. 14400 IN TXT "v=spf1 ip4:144.76.114.219 +a +mx +ip4:176.53.25.90 ~all"
526turkmenajans.net. 86400 IN SOA ns1.akinmedya.com.tr. yok.yokki.com. 2019101404 3600 1800 1209600 86400
527turkmenajans.net. 86400 IN NS ns1.akinmedya.com.tr.
528turkmenajans.net. 86400 IN NS ns2.akinmedya.com.tr.
529turkmenajans.net. 14400 IN A 144.76.114.219
530turkmenajans.net. 14400 IN MX 0 turkmenajans.net.
531;; Received 306 bytes from 144.76.114.219#53(ns2.akinmedya.com) in 212 ms
532
533######################################################################################################################################
534[*] Performing General Enumeration of Domain: turkmenajans.net
535[-] DNSSEC is not configured for turkmenajans.net
536[*] SOA ns1.akinmedya.com.tr 144.76.114.219
537[*] NS ns2.akinmedya.com.tr 144.76.144.147
538[*] Bind Version for 144.76.144.147 9.11.4-P2-RedHat-9.11.4-9.P2.el7
539[*] NS ns1.akinmedya.com.tr 144.76.114.219
540[*] Bind Version for 144.76.114.219 9.11.4-P2-RedHat-9.11.4-9.P2.el7
541[*] MX turkmenajans.net 144.76.114.219
542[*] A turkmenajans.net 144.76.114.219
543[*] TXT turkmenajans.net v=spf1 ip4:144.76.114.219 +a +mx +ip4:176.53.25.90 ~all
544[*] Enumerating SRV Records
545[-] No SRV Records Found for turkmenajans.net
546[+] 0 Records Found
547######################################################################################################################################
548[*] Processing domain turkmenajans.net
549[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
550[+] Getting nameservers
551144.76.144.147 - ns2.akinmedya.com.tr
552144.76.114.219 - ns1.akinmedya.com.tr
553[-] Zone transfer failed
554
555[+] TXT records found
556"v=spf1 ip4:144.76.114.219 +a +mx +ip4:176.53.25.90 ~all"
557
558[+] MX records found, added to target list
5590 turkmenajans.net.
560
561[*] Scanning turkmenajans.net for A records
562144.76.114.219 - turkmenajans.net
563144.76.114.219 - cpanel.turkmenajans.net
564144.76.114.219 - ftp.turkmenajans.net
565144.76.114.219 - mail.turkmenajans.net
566144.76.114.219 - webmail.turkmenajans.net
567144.76.114.219 - webdisk.turkmenajans.net
568144.76.114.219 - whm.turkmenajans.net
569144.76.114.219 - www.turkmenajans.net
570#######################################################################################################################################
571
572 AVAILABLE PLUGINS
573 -----------------
574
575 FallbackScsvPlugin
576 OpenSslCipherSuitesPlugin
577 EarlyDataPlugin
578 CertificateInfoPlugin
579 HeartbleedPlugin
580 RobotPlugin
581 HttpHeadersPlugin
582 OpenSslCcsInjectionPlugin
583 CompressionPlugin
584 SessionRenegotiationPlugin
585 SessionResumptionPlugin
586
587
588
589 CHECKING HOST(S) AVAILABILITY
590 -----------------------------
591
592 144.76.114.219:443 => 144.76.114.219
593
594
595
596
597 SCAN RESULTS FOR 144.76.114.219:443 - 144.76.114.219
598 ----------------------------------------------------
599
600 * TLSV1_3 Cipher Suites:
601 Server rejected all cipher suites.
602
603 * Downgrade Attacks:
604 TLS_FALLBACK_SCSV: OK - Supported
605
606 * ROBOT Attack:
607 OK - Not vulnerable, RSA cipher suites not supported
608
609 * Session Renegotiation:
610 Client-initiated Renegotiation: OK - Rejected
611 Secure Renegotiation: OK - Supported
612
613 * Certificate Information:
614 Content
615 SHA1 Fingerprint: d09bdc904ff1c064e366d0bfba952bc2c763d58e
616 Common Name: adanaguneyhaber.com
617 Issuer: adanaguneyhaber.com
618 Serial Number: 524983933
619 Not Before: 2017-04-29 03:07:28
620 Not After: 2018-04-29 03:07:28
621 Signature Algorithm: sha256
622 Public Key Algorithm: RSA
623 Key Size: 2048
624 Exponent: 65537 (0x10001)
625 DNS Subject Alternative Names: ['adanaguneyhaber.com', 'www.adanaguneyhaber.com']
626
627 Trust
628 Hostname Validation: FAILED - Certificate does NOT match 144.76.114.219
629 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: self signed certificate
630 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: self signed certificate
631 Java CA Store (jdk-12.0.1): FAILED - Certificate is NOT Trusted: self signed certificate
632 Mozilla CA Store (2019-03-14): FAILED - Certificate is NOT Trusted: self signed certificate
633 Windows CA Store (2019-05-27): FAILED - Certificate is NOT Trusted: self signed certificate
634 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
635 Received Chain: adanaguneyhaber.com
636 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
637 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
638 Received Chain Order: OK - Order is valid
639 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
640
641 Extensions
642 OCSP Must-Staple: NOT SUPPORTED - Extension not found
643 Certificate Transparency: NOT SUPPORTED - Extension not found
644
645 OCSP Stapling
646 NOT SUPPORTED - Server did not send back an OCSP response
647
648 * OpenSSL Heartbleed:
649 OK - Not vulnerable to Heartbleed
650
651 * TLSV1_1 Cipher Suites:
652 Server rejected all cipher suites.
653
654 * TLSV1 Cipher Suites:
655 Server rejected all cipher suites.
656
657 * TLS 1.2 Session Resumption Support:
658 With Session IDs: NOT SUPPORTED (0 successful, 5 failed, 0 errors, 5 total attempts).
659 With TLS Tickets: NOT SUPPORTED - TLS ticket assigned but not accepted.
660
661 * TLSV1_2 Cipher Suites:
662 Forward Secrecy OK - Supported
663 RC4 OK - Not Supported
664
665 Preferred:
666 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 500 Internal Server Error
667 Accepted:
668 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits HTTP 500 Internal Server Error
669 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 500 Internal Server Error
670 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 500 Internal Server Error
671 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 500 Internal Server Error
672
673 * SSLV2 Cipher Suites:
674 Server rejected all cipher suites.
675
676 * OpenSSL CCS Injection:
677 OK - Not vulnerable to OpenSSL CCS injection
678
679 * Deflate Compression:
680 OK - Compression disabled
681
682 * SSLV3 Cipher Suites:
683 Server rejected all cipher suites.
684
685
686 SCAN COMPLETED IN 12.66 S
687 -------------------------
688######################################################################################################################################
689
690Domains still to check: 1
691 Checking if the hostname turkmenajans.net. given is in fact a domain...
692
693Analyzing domain: turkmenajans.net.
694 Checking NameServers using system default resolver...
695 IP: 144.76.144.147 (Germany)
696 HostName: ns2.akinmedya.com.tr Type: NS
697 HostName: akinmedya.com.tr Type: PTR
698 IP: 144.76.114.219 (Germany)
699 HostName: ns1.akinmedya.com.tr Type: NS
700 HostName: ns1.akinmedya.com Type: PTR
701
702 Checking MailServers using system default resolver...
703 IP: 144.76.114.219 (Germany)
704 HostName: ns1.akinmedya.com.tr Type: NS
705 HostName: ns1.akinmedya.com Type: PTR
706 HostName: turkmenajans.net Type: MX
707
708 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
709 No zone transfer found on nameserver 144.76.114.219
710 No zone transfer found on nameserver 144.76.144.147
711
712 Checking SPF record...
713 New IP found: 176.53.25.90
714
715 Checking 192 most common hostnames using system default resolver...
716 IP: 144.76.114.219 (Germany)
717 HostName: ns1.akinmedya.com.tr Type: NS
718 HostName: ns1.akinmedya.com Type: PTR
719 HostName: turkmenajans.net Type: MX
720 Type: SPF
721 HostName: www.turkmenajans.net. Type: A
722 IP: 144.76.114.219 (Germany)
723 HostName: ns1.akinmedya.com.tr Type: NS
724 HostName: ns1.akinmedya.com Type: PTR
725 HostName: turkmenajans.net Type: MX
726 Type: SPF
727 HostName: www.turkmenajans.net. Type: A
728 HostName: ftp.turkmenajans.net. Type: A
729 IP: 144.76.114.219 (Germany)
730 HostName: ns1.akinmedya.com.tr Type: NS
731 HostName: ns1.akinmedya.com Type: PTR
732 HostName: turkmenajans.net Type: MX
733 Type: SPF
734 HostName: www.turkmenajans.net. Type: A
735 HostName: ftp.turkmenajans.net. Type: A
736 HostName: mail.turkmenajans.net. Type: A
737 IP: 144.76.114.219 (Germany)
738 HostName: ns1.akinmedya.com.tr Type: NS
739 HostName: ns1.akinmedya.com Type: PTR
740 HostName: turkmenajans.net Type: MX
741 Type: SPF
742 HostName: www.turkmenajans.net. Type: A
743 HostName: ftp.turkmenajans.net. Type: A
744 HostName: mail.turkmenajans.net. Type: A
745 HostName: webmail.turkmenajans.net. Type: A
746
747 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
748 Checking netblock 176.53.25.0
749 Checking netblock 144.76.114.0
750 Checking netblock 144.76.144.0
751
752 Searching for turkmenajans.net. emails in Google
753
754 Checking 3 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
755 Host 176.53.25.90 is up (reset ttl 64)
756 Host 144.76.114.219 is up (reset ttl 64)
757 Host 144.76.144.147 is up (reset ttl 64)
758
759 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
760 Scanning ip 176.53.25.90 ():
761 Scanning ip 144.76.114.219 (webmail.turkmenajans.net.):
762adjust_timeouts2: packet supposedly had rtt of -582745 microseconds. Ignoring time.
763adjust_timeouts2: packet supposedly had rtt of -582745 microseconds. Ignoring time.
764adjust_timeouts2: packet supposedly had rtt of -562817 microseconds. Ignoring time.
765adjust_timeouts2: packet supposedly had rtt of -562817 microseconds. Ignoring time.
766adjust_timeouts2: packet supposedly had rtt of -517899 microseconds. Ignoring time.
767adjust_timeouts2: packet supposedly had rtt of -517899 microseconds. Ignoring time.
768 Scanning ip 144.76.144.147 (akinmedya.com.tr (PTR)):
769 21/tcp open ftp syn-ack ttl 52 Pure-FTPd
770 | ssl-cert: Subject: commonName=server.akinmedya.com.tr
771 | Subject Alternative Name: DNS:server.akinmedya.com.tr, DNS:www.server.akinmedya.com.tr
772 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
773 | Public Key type: rsa
774 | Public Key bits: 2048
775 | Signature Algorithm: sha256WithRSAEncryption
776 | Not valid before: 2019-10-19T00:00:00
777 | Not valid after: 2020-10-18T23:59:59
778 | MD5: bc3d f3ca 6005 4fdf dc83 fb32 c090 fdef
779 |_SHA-1: cdbb b6dd 0304 0e6f 5a16 5372 e5eb e51f 0739 ef86
780 53/tcp open domain syn-ack ttl 52 ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
781 | dns-nsid:
782 |_ bind.version: 9.11.4-P2-RedHat-9.11.4-9.P2.el7
783 80/tcp open http syn-ack ttl 52 LiteSpeed httpd
784 | http-methods:
785 |_ Supported Methods: GET HEAD POST OPTIONS
786 |_http-server-header: LiteSpeed
787 |_http-title: Did not follow redirect to https://www.akinmedya.com.tr/index.php
788 110/tcp open pop3 syn-ack ttl 52 Dovecot pop3d
789 |_pop3-capabilities: AUTH-RESP-CODE UIDL USER RESP-CODES STLS SASL(PLAIN LOGIN) CAPA TOP PIPELINING
790 | ssl-cert: Subject: commonName=server.akinmedya.com.tr
791 | Subject Alternative Name: DNS:server.akinmedya.com.tr, DNS:www.server.akinmedya.com.tr
792 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
793 | Public Key type: rsa
794 | Public Key bits: 2048
795 | Signature Algorithm: sha256WithRSAEncryption
796 | Not valid before: 2019-10-19T00:00:00
797 | Not valid after: 2020-10-18T23:59:59
798 | MD5: bc3d f3ca 6005 4fdf dc83 fb32 c090 fdef
799 |_SHA-1: cdbb b6dd 0304 0e6f 5a16 5372 e5eb e51f 0739 ef86
800 143/tcp open imap syn-ack ttl 52 Dovecot imapd
801 |_imap-capabilities: IMAP4rev1 capabilities Pre-login AUTH=LOGINA0001 post-login have LITERAL+ LOGIN-REFERRALS ENABLE more OK NAMESPACE STARTTLS IDLE AUTH=PLAIN SASL-IR listed ID
802 | ssl-cert: Subject: commonName=server.akinmedya.com.tr
803 | Subject Alternative Name: DNS:server.akinmedya.com.tr, DNS:www.server.akinmedya.com.tr
804 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
805 | Public Key type: rsa
806 | Public Key bits: 2048
807 | Signature Algorithm: sha256WithRSAEncryption
808 | Not valid before: 2019-10-19T00:00:00
809 | Not valid after: 2020-10-18T23:59:59
810 | MD5: bc3d f3ca 6005 4fdf dc83 fb32 c090 fdef
811 |_SHA-1: cdbb b6dd 0304 0e6f 5a16 5372 e5eb e51f 0739 ef86
812 443/tcp open ssl/http syn-ack ttl 52 LiteSpeed httpd
813 | http-methods:
814 |_ Supported Methods: GET HEAD POST
815 |_http-server-header: LiteSpeed
816 |_http-title: Kurumsal \xC3\x87\xC3\xB6z\xC3\xBCmler, Web Tasar\xC4\xB1m, E-Ticaret, Yaz\xC4\xB1l\xC4\xB1m, Mobi...
817 | ssl-cert: Subject: commonName=akinmedya.com.tr
818 | Subject Alternative Name: DNS:akinmedya.com.tr, DNS:cpanel.akinmedya.com.tr, DNS:mail.akinmedya.com.tr, DNS:webdisk.akinmedya.com.tr, DNS:webmail.akinmedya.com.tr, DNS:whm.akinmedya.com.tr, DNS:www.akinmedya.com.tr
819 | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
820 | Public Key type: rsa
821 | Public Key bits: 2048
822 | Signature Algorithm: sha256WithRSAEncryption
823 | Not valid before: 2019-10-03T23:19:13
824 | Not valid after: 2020-01-01T23:19:13
825 | MD5: ec55 1457 fb3c d80e 0130 4126 f7f9 3092
826 |_SHA-1: 8250 b419 77ea df27 b2f2 e1eb 4a1f 9fbf 987a d760
827 465/tcp open ssl/smtp syn-ack ttl 52 Exim smtpd 4.92
828 | smtp-commands: server.akinmedya.com.tr Hello nmap.scanme.org [176.113.74.110], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
829 |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
830 | ssl-cert: Subject: commonName=server.akinmedya.com.tr
831 | Subject Alternative Name: DNS:server.akinmedya.com.tr, DNS:www.server.akinmedya.com.tr
832 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
833 | Public Key type: rsa
834 | Public Key bits: 2048
835 | Signature Algorithm: sha256WithRSAEncryption
836 | Not valid before: 2019-10-19T00:00:00
837 | Not valid after: 2020-10-18T23:59:59
838 | MD5: bc3d f3ca 6005 4fdf dc83 fb32 c090 fdef
839 |_SHA-1: cdbb b6dd 0304 0e6f 5a16 5372 e5eb e51f 0739 ef86
840 | vulners:
841 | cpe:/a:exim:exim:4.92:
842 | CVE-2019-15846 10.0 https://vulners.com/cve/CVE-2019-15846
843 | CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
844 |_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
845 587/tcp open smtp syn-ack ttl 52 Exim smtpd 4.92
846 | smtp-commands: server.akinmedya.com.tr Hello nmap.scanme.org [176.113.74.110], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP,
847 |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
848 | ssl-cert: Subject: commonName=server.akinmedya.com.tr
849 | Subject Alternative Name: DNS:server.akinmedya.com.tr, DNS:www.server.akinmedya.com.tr
850 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
851 | Public Key type: rsa
852 | Public Key bits: 2048
853 | Signature Algorithm: sha256WithRSAEncryption
854 | Not valid before: 2019-10-19T00:00:00
855 | Not valid after: 2020-10-18T23:59:59
856 | MD5: bc3d f3ca 6005 4fdf dc83 fb32 c090 fdef
857 |_SHA-1: cdbb b6dd 0304 0e6f 5a16 5372 e5eb e51f 0739 ef86
858 | vulners:
859 | cpe:/a:exim:exim:4.92:
860 | CVE-2019-15846 10.0 https://vulners.com/cve/CVE-2019-15846
861 | CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
862 |_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
863 993/tcp open imaps? syn-ack ttl 52
864 |_imap-capabilities: IMAP4rev1 capabilities Pre-login listed post-login have LITERAL+ LOGIN-REFERRALS ENABLE OK NAMESPACE more IDLE AUTH=PLAIN SASL-IR AUTH=LOGINA0001 ID
865 | ssl-cert: Subject: commonName=server.akinmedya.com.tr
866 | Subject Alternative Name: DNS:server.akinmedya.com.tr, DNS:www.server.akinmedya.com.tr
867 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
868 | Public Key type: rsa
869 | Public Key bits: 2048
870 | Signature Algorithm: sha256WithRSAEncryption
871 | Not valid before: 2019-10-19T00:00:00
872 | Not valid after: 2020-10-18T23:59:59
873 | MD5: bc3d f3ca 6005 4fdf dc83 fb32 c090 fdef
874 |_SHA-1: cdbb b6dd 0304 0e6f 5a16 5372 e5eb e51f 0739 ef86
875 995/tcp open pop3s? syn-ack ttl 52
876 |_pop3-capabilities: SASL(PLAIN LOGIN) USER RESP-CODES TOP AUTH-RESP-CODE CAPA UIDL PIPELINING
877 | ssl-cert: Subject: commonName=server.akinmedya.com.tr
878 | Subject Alternative Name: DNS:server.akinmedya.com.tr, DNS:www.server.akinmedya.com.tr
879 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
880 | Public Key type: rsa
881 | Public Key bits: 2048
882 | Signature Algorithm: sha256WithRSAEncryption
883 | Not valid before: 2019-10-19T00:00:00
884 | Not valid after: 2020-10-18T23:59:59
885 | MD5: bc3d f3ca 6005 4fdf dc83 fb32 c090 fdef
886 |_SHA-1: cdbb b6dd 0304 0e6f 5a16 5372 e5eb e51f 0739 ef86
887 3306/tcp open mysql syn-ack ttl 52 MySQL 5.7.28
888 | mysql-info:
889 | Protocol: 10
890 | Version: 5.7.28
891 | Thread ID: 24479471
892 | Capabilities flags: 65535
893 | Some Capabilities: Speaks41ProtocolNew, LongPassword, Speaks41ProtocolOld, Support41Auth, ODBCClient, IgnoreSigpipes, FoundRows, InteractiveClient, SupportsLoadDataLocal, SwitchToSSLAfterHandshake, SupportsTransactions, IgnoreSpaceBeforeParenthesis, LongColumnFlag, ConnectWithDatabase, DontAllowDatabaseTableColumn, SupportsCompression, SupportsAuthPlugins, SupportsMultipleStatments, SupportsMultipleResults
894 | Status: Autocommit
895 | Salt: \x1CYAD\\x03({`\x14Pt\x1CLa\x12\x04%?\x1F
896 |_ Auth Plugin Name: mysql_native_password
897 3389/tcp open ms-wbt-server syn-ack ttl 52 xrdp
898 OS Info: Service Info: Host: server.akinmedya.com.tr; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
899 WebCrawling domain's web servers... up to 50 max links.
900
901 + URL to crawl: http://ns2.akinmedya.com.tr
902 + Date: 2019-11-24
903
904 + Crawling URL: http://ns2.akinmedya.com.tr:
905 + Links:
906 + Crawling http://ns2.akinmedya.com.tr
907 + Crawling http://ns2.akinmedya.com.tr/templates/site/css/all.min.css?v=dcb031 (File! Not crawling it.)
908 + Crawling http://ns2.akinmedya.com.tr/templates/site/js/scripts.min.js?v=dcb031 (File! Not crawling it.)
909 + Crawling http://ns2.akinmedya.com.tr/cart.php?a=view
910 + Crawling http://ns2.akinmedya.com.tr/e-ticaret-yazilimi.html
911 + Crawling http://ns2.akinmedya.com.tr/otel-web-sitesi.html
912 + Crawling http://ns2.akinmedya.com.tr/cafe-restaurant-web-sitesi.html
913 + Crawling http://ns2.akinmedya.com.tr/alan-adi-tescil.html
914 + Crawling http://ns2.akinmedya.com.tr/alan-adi-transfer.html
915 + Crawling http://ns2.akinmedya.com.tr/downloads.php?action=displaycat&catid=1
916 + Crawling http://ns2.akinmedya.com.tr/kurumsal-linux-ssd-hosting.html
917 + Crawling http://ns2.akinmedya.com.tr/cart.php?gid=19
918 + Crawling http://ns2.akinmedya.com.tr/linux-bayi-hosting.html
919 + Crawling http://ns2.akinmedya.com.tr/google-adwords.html
920 + Crawling http://ns2.akinmedya.com.tr/yandex-direct.html
921 + Crawling http://ns2.akinmedya.com.tr/web-tasarim.html
922 + Crawling http://ns2.akinmedya.com.tr/wordpress-ssd-hosting.html
923 + Crawling http://ns2.akinmedya.com.tr/ssd-sunucular.html
924 + Crawling http://ns2.akinmedya.com.tr/
925 + Crawling http://ns2.akinmedya.com.tr/hakkimizda.html
926 + Crawling http://ns2.akinmedya.com.tr/hesap-numaralarimiz.html
927 + Crawling http://ns2.akinmedya.com.tr/hizmet-sozlesmesi.html
928 + Crawling http://ns2.akinmedya.com.tr/satis-ortakligi.html
929 + Crawling http://ns2.akinmedya.com.tr/haberler.html
930 + Crawling http://ns2.akinmedya.com.tr/assets/js/jquery-ui.min.js11 (404 Not Found)
931 + Crawling http://ns2.akinmedya.com.tr/translate.google.com/translate_a/element.js?cb=googleTranslateElementInit (404 Not Found)
932 + Crawling http://ns2.akinmedya.com.tr/cart.php?a=view¤cy=1
933 + Crawling http://ns2.akinmedya.com.tr/cart.php?a=view¤cy=2
934 + Crawling http://ns2.akinmedya.com.tr/cart.php
935 + Crawling http://ns2.akinmedya.com.tr/templates/site/video/web-tasarim.mp4 (File! Not crawling it.)
936 + Crawling http://ns2.akinmedya.com.tr/cart.php?gid=5
937 + Crawling http://ns2.akinmedya.com.tr/cart.php?gid=6
938 + Crawling http://ns2.akinmedya.com.tr/cart.php?gid=8
939 + Crawling http://ns2.akinmedya.com.tr/cart.php?gid=7
940 + Crawling http://ns2.akinmedya.com.tr/cart.php?gid=16
941 + Crawling http://ns2.akinmedya.com.tr/cart.php?gid=17
942 + Crawling http://ns2.akinmedya.com.tr/cart.php?gid=13
943 + Crawling http://ns2.akinmedya.com.tr/cart.php?gid=18
944 + Crawling http://ns2.akinmedya.com.tr/cart.php?gid=20
945 + Crawling http://ns2.akinmedya.com.tr/cart.php?gid=21
946 + Crawling http://ns2.akinmedya.com.tr/cart.php?a=add&domain=register
947 + Crawling http://ns2.akinmedya.com.tr/cart.php?a=add&domain=transfer
948 + Crawling http://ns2.akinmedya.com.tr/cart.php?a=add&domain=register¤cy=1
949 + Crawling http://ns2.akinmedya.com.tr/cart.php?a=add&domain=register¤cy=2
950 + Crawling http://ns2.akinmedya.com.tr/cart.php?a=add&domain=transfer¤cy=1
951 + Crawling http://ns2.akinmedya.com.tr/cart.php?a=add&domain=transfer¤cy=2
952 + Crawling http://ns2.akinmedya.com.tr/supporttickets.php
953 + Crawling http://ns2.akinmedya.com.tr/index.php?rp=/announcements
954 + Crawling http://ns2.akinmedya.com.tr/index.php?rp=/knowledgebase
955 + Crawling http://ns2.akinmedya.com.tr/index.php?rp=/download
956 + Crawling http://ns2.akinmedya.com.tr/serverstatus.php
957 + Crawling http://ns2.akinmedya.com.tr/submitticket.php
958 + Crawling http://ns2.akinmedya.com.tr/cart.php?a=add&pid=18
959 + Searching for directories...
960 - Found: http://ns2.akinmedya.com.tr/assets/
961 - Found: http://ns2.akinmedya.com.tr/assets/js/
962 - Found: http://ns2.akinmedya.com.tr/translate.google.com/
963 - Found: http://ns2.akinmedya.com.tr/translate.google.com/translate_a/
964 - Found: http://ns2.akinmedya.com.tr/index.php?rp=/
965 - Found: http://ns2.akinmedya.com.tr/templates/
966 - Found: http://ns2.akinmedya.com.tr/templates/site/
967 - Found: http://ns2.akinmedya.com.tr/templates/site/css/
968 - Found: http://ns2.akinmedya.com.tr/templates/site/css/mainmenu/
969 - Found: http://ns2.akinmedya.com.tr/templates/site/css/font-awesome/
970 - Found: http://ns2.akinmedya.com.tr/templates/site/css/font-awesome/css/
971 - Found: http://ns2.akinmedya.com.tr/js/
972 - Found: http://ns2.akinmedya.com.tr/js/accordion/
973 - Found: http://ns2.akinmedya.com.tr/css/
974 - Found: http://ns2.akinmedya.com.tr/assets/css/
975 - Found: http://ns2.akinmedya.com.tr/images/
976 - Found: http://ns2.akinmedya.com.tr/images/sliders/
977 - Found: http://ns2.akinmedya.com.tr/images/ref/
978 - Found: http://ns2.akinmedya.com.tr/templates/site/js/
979 - Found: http://ns2.akinmedya.com.tr/templates/site/js/animations/
980 - Found: http://ns2.akinmedya.com.tr/templates/site/js/owl-carousel/
981 - Found: http://ns2.akinmedya.com.tr/templates/site/js/progressbar/
982 - Found: http://ns2.akinmedya.com.tr/templates/site/js/parallax-background/
983 - Found: http://ns2.akinmedya.com.tr/templates/site/js/scrolltotop/
984 - Found: http://ns2.akinmedya.com.tr/templates/orderforms/
985 - Found: http://ns2.akinmedya.com.tr/templates/orderforms/akin/
986 - Found: http://ns2.akinmedya.com.tr/templates/orderforms/akin/js/
987 - Found: http://ns2.akinmedya.com.tr/assets/img/
988 - Found: http://ns2.akinmedya.com.tr/assets/img/flags/
989 - Found: http://ns2.akinmedya.com.tr/templates/site/img/
990 - Found: http://ns2.akinmedya.com.tr/images/logos/
991 - Found: http://ns2.akinmedya.com.tr/templates/site/video/
992 - Found: http://ns2.akinmedya.com.tr/index.php?rp=/js/
993 - Found: http://ns2.akinmedya.com.tr/index.php?rp=/js/accordion/
994 - Found: http://ns2.akinmedya.com.tr/index.php?rp=/css/
995 - Found: http://ns2.akinmedya.com.tr/index.php?rp=/images/
996 + Searching open folders...
997 - http://ns2.akinmedya.com.tr/assets/ (No Open Folder)
998 - http://ns2.akinmedya.com.tr/assets/js/ (No Open Folder)
999 - http://ns2.akinmedya.com.tr/translate.google.com/ (404 Not Found)
1000 - http://ns2.akinmedya.com.tr/translate.google.com/translate_a/ (404 Not Found)
1001 - http://ns2.akinmedya.com.tr/index.php?rp=/ (No Open Folder)
1002 - http://ns2.akinmedya.com.tr/templates/ (No Open Folder)
1003 - http://ns2.akinmedya.com.tr/templates/site/ (No Open Folder)
1004 - http://ns2.akinmedya.com.tr/templates/site/css/ (No Open Folder)
1005 - http://ns2.akinmedya.com.tr/templates/site/css/mainmenu/ (404 Not Found)
1006 - http://ns2.akinmedya.com.tr/templates/site/css/font-awesome/ (404 Not Found)
1007 - http://ns2.akinmedya.com.tr/templates/site/css/font-awesome/css/ (404 Not Found)
1008 - http://ns2.akinmedya.com.tr/js/ (404 Not Found)
1009 - http://ns2.akinmedya.com.tr/js/accordion/ (404 Not Found)
1010 - http://ns2.akinmedya.com.tr/css/ (404 Not Found)
1011 - http://ns2.akinmedya.com.tr/assets/css/ (No Open Folder)
1012 - http://ns2.akinmedya.com.tr/images/ (No Open Folder)
1013 - http://ns2.akinmedya.com.tr/images/sliders/ (404 Not Found)
1014 - http://ns2.akinmedya.com.tr/images/ref/ (404 Not Found)
1015 - http://ns2.akinmedya.com.tr/templates/site/js/ (No Open Folder)
1016 - http://ns2.akinmedya.com.tr/templates/site/js/animations/ (404 Not Found)
1017 - http://ns2.akinmedya.com.tr/templates/site/js/owl-carousel/ (404 Not Found)
1018 - http://ns2.akinmedya.com.tr/templates/site/js/progressbar/ (404 Not Found)
1019 - http://ns2.akinmedya.com.tr/templates/site/js/parallax-background/ (404 Not Found)
1020 - http://ns2.akinmedya.com.tr/templates/site/js/scrolltotop/ (404 Not Found)
1021 - http://ns2.akinmedya.com.tr/templates/orderforms/ (No Open Folder)
1022 - http://ns2.akinmedya.com.tr/templates/orderforms/akin/ (No Open Folder)
1023 - http://ns2.akinmedya.com.tr/templates/orderforms/akin/js/ (404 Not Found)
1024 - http://ns2.akinmedya.com.tr/assets/img/ (No Open Folder)
1025 - http://ns2.akinmedya.com.tr/assets/img/flags/ (No Open Folder)
1026 - http://ns2.akinmedya.com.tr/templates/site/img/ (No Open Folder)
1027 - http://ns2.akinmedya.com.tr/images/logos/ (404 Not Found)
1028 - http://ns2.akinmedya.com.tr/templates/site/video/ (404 Not Found)
1029 - http://ns2.akinmedya.com.tr/index.php?rp=/js/ (404 Not Found)
1030 - http://ns2.akinmedya.com.tr/index.php?rp=/js/accordion/ (404 Not Found)
1031 - http://ns2.akinmedya.com.tr/index.php?rp=/css/ (404 Not Found)
1032 - http://ns2.akinmedya.com.tr/index.php?rp=/images/ (404 Not Found)
1033 + Crawl finished successfully.
1034----------------------------------------------------------------------
1035Summary of http://http://ns2.akinmedya.com.tr
1036----------------------------------------------------------------------
1037+ Links crawled:
1038 - http://ns2.akinmedya.com.tr
1039 - http://ns2.akinmedya.com.tr/
1040 - http://ns2.akinmedya.com.tr/alan-adi-tescil.html
1041 - http://ns2.akinmedya.com.tr/alan-adi-transfer.html
1042 - http://ns2.akinmedya.com.tr/assets/js/jquery-ui.min.js11 (404 Not Found)
1043 - http://ns2.akinmedya.com.tr/cafe-restaurant-web-sitesi.html
1044 - http://ns2.akinmedya.com.tr/cart.php
1045 - http://ns2.akinmedya.com.tr/cart.php?a=add&domain=register
1046 - http://ns2.akinmedya.com.tr/cart.php?a=add&domain=register¤cy=1
1047 - http://ns2.akinmedya.com.tr/cart.php?a=add&domain=register¤cy=2
1048 - http://ns2.akinmedya.com.tr/cart.php?a=add&domain=transfer
1049 - http://ns2.akinmedya.com.tr/cart.php?a=add&domain=transfer¤cy=1
1050 - http://ns2.akinmedya.com.tr/cart.php?a=add&domain=transfer¤cy=2
1051 - http://ns2.akinmedya.com.tr/cart.php?a=add&pid=18
1052 - http://ns2.akinmedya.com.tr/cart.php?a=view
1053 - http://ns2.akinmedya.com.tr/cart.php?a=view¤cy=1
1054 - http://ns2.akinmedya.com.tr/cart.php?a=view¤cy=2
1055 - http://ns2.akinmedya.com.tr/cart.php?gid=13
1056 - http://ns2.akinmedya.com.tr/cart.php?gid=16
1057 - http://ns2.akinmedya.com.tr/cart.php?gid=17
1058 - http://ns2.akinmedya.com.tr/cart.php?gid=18
1059 - http://ns2.akinmedya.com.tr/cart.php?gid=19
1060 - http://ns2.akinmedya.com.tr/cart.php?gid=20
1061 - http://ns2.akinmedya.com.tr/cart.php?gid=21
1062 - http://ns2.akinmedya.com.tr/cart.php?gid=5
1063 - http://ns2.akinmedya.com.tr/cart.php?gid=6
1064 - http://ns2.akinmedya.com.tr/cart.php?gid=7
1065 - http://ns2.akinmedya.com.tr/cart.php?gid=8
1066 - http://ns2.akinmedya.com.tr/downloads.php?action=displaycat&catid=1
1067 - http://ns2.akinmedya.com.tr/e-ticaret-yazilimi.html
1068 - http://ns2.akinmedya.com.tr/google-adwords.html
1069 - http://ns2.akinmedya.com.tr/haberler.html
1070 - http://ns2.akinmedya.com.tr/hakkimizda.html
1071 - http://ns2.akinmedya.com.tr/hesap-numaralarimiz.html
1072 - http://ns2.akinmedya.com.tr/hizmet-sozlesmesi.html
1073 - http://ns2.akinmedya.com.tr/index.php?rp=/announcements
1074 - http://ns2.akinmedya.com.tr/index.php?rp=/download
1075 - http://ns2.akinmedya.com.tr/index.php?rp=/knowledgebase
1076 - http://ns2.akinmedya.com.tr/kurumsal-linux-ssd-hosting.html
1077 - http://ns2.akinmedya.com.tr/linux-bayi-hosting.html
1078 - http://ns2.akinmedya.com.tr/otel-web-sitesi.html
1079 - http://ns2.akinmedya.com.tr/satis-ortakligi.html
1080 - http://ns2.akinmedya.com.tr/serverstatus.php
1081 - http://ns2.akinmedya.com.tr/ssd-sunucular.html
1082 - http://ns2.akinmedya.com.tr/submitticket.php
1083 - http://ns2.akinmedya.com.tr/supporttickets.php
1084 - http://ns2.akinmedya.com.tr/translate.google.com/translate_a/element.js?cb=googleTranslateElementInit (404 Not Found)
1085 - http://ns2.akinmedya.com.tr/web-tasarim.html
1086 - http://ns2.akinmedya.com.tr/wordpress-ssd-hosting.html
1087 - http://ns2.akinmedya.com.tr/yandex-direct.html
1088 Total links crawled: 50
1089
1090+ Links to files found:
1091 - http://ns2.akinmedya.com.tr/assets/css/bootstrap.min.css
1092 - http://ns2.akinmedya.com.tr/assets/css/fontawesome-all.min.css
1093 - http://ns2.akinmedya.com.tr/assets/img/flags/na.png
1094 - http://ns2.akinmedya.com.tr/assets/img/flags/us.png
1095 - http://ns2.akinmedya.com.tr/assets/img/loading.gif
1096 - http://ns2.akinmedya.com.tr/assets/img/padlock.gif
1097 - http://ns2.akinmedya.com.tr/assets/js/CreditCardValidation.js
1098 - http://ns2.akinmedya.com.tr/assets/js/PasswordStrength.js
1099 - http://ns2.akinmedya.com.tr/assets/js/StatesDropdown.js
1100 - http://ns2.akinmedya.com.tr/assets/js/bootstrap.min.js
1101 - http://ns2.akinmedya.com.tr/css/contact.css
1102 - http://ns2.akinmedya.com.tr/images/appstore.png
1103 - http://ns2.akinmedya.com.tr/images/card-logos.png
1104 - http://ns2.akinmedya.com.tr/images/firewall.png
1105 - http://ns2.akinmedya.com.tr/images/geri-iade.png
1106 - http://ns2.akinmedya.com.tr/images/googleplay.png
1107 - http://ns2.akinmedya.com.tr/images/guvenli-alisveris.png
1108 - http://ns2.akinmedya.com.tr/images/hesap-no.png
1109 - http://ns2.akinmedya.com.tr/images/iletisimA+.jpg
1110 - http://ns2.akinmedya.com.tr/images/kurumsal.jpg
1111 - http://ns2.akinmedya.com.tr/images/logos/LiteSpeed.png
1112 - http://ns2.akinmedya.com.tr/images/logos/MySQL.png
1113 - http://ns2.akinmedya.com.tr/images/logos/cpanel.png
1114 - http://ns2.akinmedya.com.tr/images/logos/drupal.png
1115 - http://ns2.akinmedya.com.tr/images/logos/jQuery.png
1116 - http://ns2.akinmedya.com.tr/images/logos/joomla.png
1117 - http://ns2.akinmedya.com.tr/images/logos/wordpress.png
1118 - http://ns2.akinmedya.com.tr/images/odeme-bildirim.png
1119 - http://ns2.akinmedya.com.tr/images/ref/beykent_universitesi.png
1120 - http://ns2.akinmedya.com.tr/images/ref/buildex.png
1121 - http://ns2.akinmedya.com.tr/images/ref/diversity.png
1122 - http://ns2.akinmedya.com.tr/images/ref/eplus-logo.jpg
1123 - http://ns2.akinmedya.com.tr/images/ref/habermatik-logo.png
1124 - http://ns2.akinmedya.com.tr/images/ref/kitapbox.png
1125 - http://ns2.akinmedya.com.tr/images/ref/optimal-denetim.png
1126 - http://ns2.akinmedya.com.tr/images/ref/pamukkale_universitesi.png
1127 - http://ns2.akinmedya.com.tr/images/ref/siyah-ajans-logo.png
1128 - http://ns2.akinmedya.com.tr/images/ref/wpmatik-logo.png
1129 - http://ns2.akinmedya.com.tr/images/sliders/badge-white.png
1130 - http://ns2.akinmedya.com.tr/images/sliders/badge-white1.png
1131 - http://ns2.akinmedya.com.tr/images/sliders/bostanci-koprusu.jpg
1132 - http://ns2.akinmedya.com.tr/images/sliders/habermatik-mobil.png
1133 - http://ns2.akinmedya.com.tr/images/sliders/habermatik-pc.png
1134 - http://ns2.akinmedya.com.tr/images/sliders/habermatik-tabh.png
1135 - http://ns2.akinmedya.com.tr/images/sliders/habermatik-tabv.png
1136 - http://ns2.akinmedya.com.tr/images/sliders/slide_bg1.jpg
1137 - http://ns2.akinmedya.com.tr/images/sliders/slide_img_01.png
1138 - http://ns2.akinmedya.com.tr/images/sliders/web-tasarim.jpg
1139 - http://ns2.akinmedya.com.tr/images/sliders/webdesign-bg.jpg
1140 - http://ns2.akinmedya.com.tr/images/uyumluluk.png
1141 - http://ns2.akinmedya.com.tr/index.php?rp=/css/contact.css
1142 - http://ns2.akinmedya.com.tr/index.php?rp=/images/appstore.png
1143 - http://ns2.akinmedya.com.tr/index.php?rp=/images/card-logos.png
1144 - http://ns2.akinmedya.com.tr/index.php?rp=/images/googleplay.png
1145 - http://ns2.akinmedya.com.tr/index.php?rp=/js/accordion/smk-accordion.css
1146 - http://ns2.akinmedya.com.tr/js/accordion/smk-accordion.css
1147 - http://ns2.akinmedya.com.tr/templates/orderforms/akin/js/main.js
1148 - http://ns2.akinmedya.com.tr/templates/orderforms/akin/style.css
1149 - http://ns2.akinmedya.com.tr/templates/site/css/all.min.css?v=dcb031
1150 - http://ns2.akinmedya.com.tr/templates/site/css/animations.min.css
1151 - http://ns2.akinmedya.com.tr/templates/site/css/custom.css
1152 - http://ns2.akinmedya.com.tr/templates/site/css/extralayers.css
1153 - http://ns2.akinmedya.com.tr/templates/site/css/font-awesome/css/font-awesome.min.css
1154 - http://ns2.akinmedya.com.tr/templates/site/css/mainmenu/bootstrap.min.css
1155 - http://ns2.akinmedya.com.tr/templates/site/css/orange.css
1156 - http://ns2.akinmedya.com.tr/templates/site/css/overrides.css
1157 - http://ns2.akinmedya.com.tr/templates/site/css/owl.carousel.css
1158 - http://ns2.akinmedya.com.tr/templates/site/css/owl.theme.css
1159 - http://ns2.akinmedya.com.tr/templates/site/css/reset.css
1160 - http://ns2.akinmedya.com.tr/templates/site/css/responsive-tabs.css
1161 - http://ns2.akinmedya.com.tr/templates/site/css/responsive-tabs7.css
1162 - http://ns2.akinmedya.com.tr/templates/site/css/settings.css
1163 - http://ns2.akinmedya.com.tr/templates/site/css/sky-forms.css
1164 - http://ns2.akinmedya.com.tr/templates/site/css/slider_style.css
1165 - http://ns2.akinmedya.com.tr/templates/site/css/styles.css
1166 - http://ns2.akinmedya.com.tr/templates/site/css/yeni.css
1167 - http://ns2.akinmedya.com.tr/templates/site/img/bitcoin.png
1168 - http://ns2.akinmedya.com.tr/templates/site/img/garanti.png
1169 - http://ns2.akinmedya.com.tr/templates/site/img/isbankasi.jpg
1170 - http://ns2.akinmedya.com.tr/templates/site/img/kuveytturk.png
1171 - http://ns2.akinmedya.com.tr/templates/site/img/otel-sitesi-mobil-uygulama.jpg
1172 - http://ns2.akinmedya.com.tr/templates/site/img/otel-sitesi-tasarimi-hazir.jpg
1173 - http://ns2.akinmedya.com.tr/templates/site/img/ptt.png
1174 - http://ns2.akinmedya.com.tr/templates/site/img/restaurant-sitesi-mobil-uygulama.jpg
1175 - http://ns2.akinmedya.com.tr/templates/site/img/restaurant-sitesi-tasarimi-hazir.jpg
1176 - http://ns2.akinmedya.com.tr/templates/site/img/web-tasarim-img.jpg
1177 - http://ns2.akinmedya.com.tr/templates/site/js/animations/animations.min.js
1178 - http://ns2.akinmedya.com.tr/templates/site/js/animations/appear.min.js
1179 - http://ns2.akinmedya.com.tr/templates/site/js/custom.js
1180 - http://ns2.akinmedya.com.tr/templates/site/js/custom1.js
1181 - http://ns2.akinmedya.com.tr/templates/site/js/customeUI.js
1182 - http://ns2.akinmedya.com.tr/templates/site/js/jquery.revolution.js
1183 - http://ns2.akinmedya.com.tr/templates/site/js/jquery.revolution.min.js
1184 - http://ns2.akinmedya.com.tr/templates/site/js/jquery.tools.min.js
1185 - http://ns2.akinmedya.com.tr/templates/site/js/owl-carousel/custom.js
1186 - http://ns2.akinmedya.com.tr/templates/site/js/owl-carousel/owl.carousel.js
1187 - http://ns2.akinmedya.com.tr/templates/site/js/parallax-background/parallax.js
1188 - http://ns2.akinmedya.com.tr/templates/site/js/progressbar/progress.js
1189 - http://ns2.akinmedya.com.tr/templates/site/js/responsive-tabs.min.js
1190 - http://ns2.akinmedya.com.tr/templates/site/js/scripts.min.js?v=dcb031
1191 - http://ns2.akinmedya.com.tr/templates/site/js/scrolltotop/totop.js
1192 - http://ns2.akinmedya.com.tr/templates/site/js/smk-accordion.js
1193 - http://ns2.akinmedya.com.tr/templates/site/js/whmcs.js
1194 - http://ns2.akinmedya.com.tr/templates/site/video/web-tasarim.mp4
1195 Total links to files: 104
1196
1197+ Externals links found:
1198 - data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJYAAABLCAYAAACSoX4TAAAaZklEQVR4Xu1ceXgbxdl/Z2Z3JcvO5dzckASSklIgfIVAUpzgSNpdU6AQCi09aaHwcYUbekDLVe4klBYoFOgH5QhQDu8hxQ7mSAKFcBQoN4FCsUNCEhLbknZ3Zr5nZElIq5VtHOyHPtb8uTPzzsw7v3nnvWYRVEuVA4PAATQINKskqxyAKrCqIBgUDlSBNShsrRKtAquKgUHhQBVYg8LWKtEqsKoYGBQOVIE1KGytEq0Cq4qBQeFAFViDwtYq0SqwqhgYFA5UgTUobK0SrQKrioFB4UAVWIPC1irRKrCqGBgUDlSBNShsrRKtAquKgUHhQBVYg8LWKtEqsKoYGBQOVIE1KGytEq0Cq4qBQeFAFViDwtYq0S8MLH4CyN1fm7S3RNAeSMLjEQLEPfqp5/E3at5d9xK6ATKDxFbS0NCwazgc3i8UCq185JFHPtzWcVRVDVmWNVjz3dbpDUn/weJBv4DFAVBm8YRGhvChCKHZAGgXQBABACX7HIODC8C7EYcPGOfPYM4eDa38pAUtA7ot3InH4wsxxvsihKYAwM4Ioe0BQO7s7JzV1tb20UBpx+Px4zDGPyCEjGOMved53tJEIvHUQOn9N/ZTVfUkjPHRCKGRjLHXGGPX2Lb9zy9rLX0Cq3vx+O8Cli5ACH3jCw3K2aucepdHFm245wv1yzWeP3/+9pFI5COESqdIKX3ONM1vDoSm6KOq6g2EkFOK6TLGIJPJzG5paXlmoHT/m/rF4/H7ZFk+unjOjLEux3H2Wb58+dtfxloqAqvrynHboTC5GWHStE0DUWZx6pwYOWvjF7q6VFU9lBDyaACwlpimecZA5hSPxw+RJKnFT1PQYoz9wTCMUwdC97+pj5DWsiz/X9CcPc8737KsK7+M9QQCq/v6+tlIkpcBEHH1bHvhvB0c7+ias9c/3V9iqqr+XpKk8/ztGWNHG4axrL90itvpuv5HjPFJFZh6i2VZJ/rrGhsbR8myvD3nfA/O+ehEInGnwOFAxv8q9NE07VFCyKEVeHCRZVm/+zLmWQas7iUTDkSIJAChut4HQADOVuDUARQek1W0IHttVRCCHLrB4/GaM9v7pctomtZGCDm4eA6cc8dxnOnJZHLtQBav6/ptGOOfBvV1Xfdo27azgI3FYlMJIZdhjKcBwA4AMF5IOUpp0jTN2EDG/qr0UVXVliSpbA2cc7G+OZZlrfwy5lqCgtTvx+wEkfALgNDYPom73SB961IARMBbfTkA8wBoGoCEABAO7s75RqCpWTWLNr/fG/05c+aMGT169HsIodHF7RhjrxqG8fU+51ahQSwWO1KW5Qf8V6HneZZlWeLKz0oiTdPOIYRc5Sfjed7JlmX9aaDjfxX6qap6qiRJSwPWdrtlWYGHbiDzLgBLyJv0kklPAsZzKhISEsrLABLAqRkD4ZPeB/BSkLphMijaXwDV7w7uo98HntoAQJQK4GKrw6d1HISyIi64qKp6MCGkzQ8AxthfDMM4fiALzfeJx+OLJElaBADimt9MKb379ddfP/f9999P59vour4MY3yUT1qKE72vZVkvbsv4X4G+KB6P/06SpJ8LSQwA6zzPu8W27d/2XDtfTikAK714womcSDcFkuUsK5nkxuuBd3UAe8cAUEaAcsQy8J5bDG5yEdScswU4cyFz60yAXPtKU0See0p40fobK9VrmnYBIeRyfz2l9Kemad6+rUufNWtWpL6+fvtUKrXh6aef3lRMb9asWfLkyZPfRAjt6gPWh2vXrp362muvOds6/leh//777z+yrq5uEqX047a2ts4ve05ZYPGrJ9amQ+gtQHi7wAG8FKDRUyD04+c+r6YuAJGBvdMM9KOVIDdcAfSlW8B57ERAYyZX1rWyA/J14ZQ7DZ23YWvQeE1NTY8hhEqsUc45o5TubFnWgP1X/WFeLBbbU5blf6KsWC5aLqV3mab5g/7Q6EebHu/ftpUvg8a2zaCX3llgpRZPOA6IFGiCZvtyDoBlQCN3AmmfE4DMDOYvW/cSeM9e1SPRiAxAwpX5R+kJNWes+7N/bg0NDeHa2tp3MMYlFinn/J10On2GoihRhNCenHOMMW6nlD6xefPmB1avXr2xNy41NDSMrq2tnc+E0+rzIiGEPjRN89n8p3g8/mNZlsukIqX0rwihBxljBcCJCXDOu03TTFRaqPDHKYoSJ4TMRQhN45yPEaDlnHdxzv+DEHrWdV07mUy+0AvYcDQa1SRJUhFCewFAPUKIcM43MsZeoZQ+lkwmm/tCiaZpkwDgIM55seNa4py/VcE5KjU2Nn5dkqR9McZfwxjvyhirxxgrQtkHgE7G2Buc8xbbtg2Azx3iWWB1L530CEL4271PjAPv7AC88zwIHdvag7euDqBvPAR4x7mAJ3yuU9P3EuBaxwN4Tg/AAgt/subU9hKrTzSLRqOzFEV5PsDX5HDOlQo+qA7Xdc9OJpN3V1pDPB7/kSzLd/jrPc+7xrKsc/LfNU37MyHkZ31tUr6eUrrGNM39/O3nz5+/cygUupAQcixCaERv9MQmeZ53g23bp/nbxePxbxNCLsUY92q0CMex4zgntrS0VNQBVVX9jSRJQpcqKZ7nnWpZ1h/yH2Ox2GRCyEUIoUYR9QjiuZ+GMKzS6fTJra2tWasfpa8aP43XSI8DZMMlvRahlMuzfwXSnF9n29E3H4TMfUcBrhsBeDcNlOgNABGhDwLQV+8Cxz4h54oIIMt5iqXcqbXnbfi4uDYej58sy3JF/avSBMXmCMYmk8lbgtroun4LxlgorCXFcZwFiUSipQhYLxNChFToV6GU/tY0zYt9aziOELIUYyz8MP0qnucdZ1lWycFQVXUpIeTU/mysGER4z13XPSSZTBYkcPHgTU1NJkJILf7GhfiidKZlWf/Kf4/H46fJsrykXxMvasQ5z7iue2AikXgBpZdM+AXH0vUAIO6t3kvmM1COfBjwLo3Zdm7rmeC98EdANfXANrWD3HARyHN7eMy3fAiZO/fvseARKafLARh1tdpF663iSl3X78IYf7+vqQTVc87dVCo1s7W19S1/va7rL2KM9/Z9/6y7u3tKa2vrp+J7Y2PjTuFw+C2EUKi/4/uBGY/Hz5ck6Yr+giEHiHe6urpmtLW1eflxNU27lxDy3f7OI9+OMba2o6Nj5po1a7qL+86ePbtm7Nix7yKEhAJcKJzz9zo7O/coHltV1XskSTrmi46d3XfOVzQ3N0dRasl2FmAQDrPe44bCTyXXQuhHzwISUklIiPt1oGsTAJhk/VjKYfcAmdHDC7b+FXDuPrhHz/LF+/IT5pwvipzWvrhoAbipqel1hNDuFYCT/dzbpgW5JKLR6I6KogjAlBwexthKwzAK7hVVVQ8nhPy9v6AQpz2VSo3PAzMWi/1QluU7K/UXUlXU5fSTwjpc1z3Ttm1xuLMlHo9fJ8uycImUFX/foDau655u23aJr2rBggUiK+S5ABfO/YZhFADc0NAgjRgx4g0AEIH/Lzy+YInruj9AqRu2E6dViOzegeV0At5hDihHCx0tV9xuYB0vAP/sfUBjpgDefvbnVSvO7pFmWa98cEEeuyq8qKMQtlmwYMG0UCj0L4SQVNyjR1rTuzjnj2YymQ9kWZ4sy/JZGOMGP2XO+SeO4+yWTCa78nWxWOwwRVEe9rf161eqql4tSdLZ/naU0ns45yLWmRe9AlNCAf93IpHIXhnz58+fEolEXvWDV9QJMDDG7mOMPYgxFkFe6jjOREVRDgGAhkwmc3hra+s60baxsTEWDoftIHBSSm3P824khLzHGNtVluVLEEL7+OfLGPuHYRjiuigUVVVPkSTpBn9bPwgbGxtnhMNhsY4Sq5gx9jyl9BLXddsBQMoZJL8URoSPJmeMtQlgpQBAiP5egSX0K2n2hSDPuShLh3/2AfD0FsATS3VK7nSB9/i54L16J6DQyF7JIkqvD5+x7sz8xDRN+x4hpEwBZ4xdaxhGyYbnRPvbuVSakrW5rvtN27YLvhFN064ihBQU9Hxjz/OOsCyrADhd15/CPgcx57yzvb19ov9q8W+QqqoPSZJ0RMAmb3EcZ+Hy5cuTFU9YrmLhwoWku7v7FYzxjABwLzVN8/Ti77mrW0h4kcJUKMJSdV13aiKRECDIlqDrTQDedd39E4nEP/LtKlnFnuedZllWCTArGDrCXHQEsMTgE/sEVnozKN95EMhu8ewc3BXngPfMtYAn7wtk+lEg/c8ZAFIYgLlA/3kHuG3n9R7eEQP6JJamaeI0nhxwqhpt2+4xRYuKqqo3S5J0go+pwsIqxP1Ena7rT2KM5/raZRzHmZZMJrNZF7FYrF6WZaGDlISROOfPNDc3fy6KA9ARjUZnKoryil/KCN+b0MGSyeSKvkAl6kX+mSzL9weAaqVpmoERkaamplaE0Hw/DxzHOSCvxAvAplKpNxBCU33tOhzHmVos3XVdvxVjXBbdyGQyByWTyVXF/XVdPx5jfKtvvgJY3Sh9w3YPcYDDAKA8wCd0Iy8DPL0JUGgUhH7+L0C1AoMAmXujwD9+BgBLwLs3AZlxFCiH/S3r78oCL3EyeK/c0etV6NexdF1/HmM8y7f4rZTSKZZlrfczPB6PnyPLcllMDyF0/KOPPvqXPGAURXkPAEYV92eMvWQYRuEaicVi82RZXjGQNB1N064khJzrn5/neXdalvXj/oBKtKlgtQlrt2xT8zRVVf2TJEm/CDhc82zbbhPfo9HodEVRxPVWcm1xzq3m5matuO+hhx4qkv1KriHO+fpNmzZNWblyZYlDW9f1szHGV/uBxTl/AqWWTvwpICJ8GDVlDBB61Y5zgUxfCEBdIHv3uHf45rWQuW2vnmCzkFIi+IwVCJ3wZtZCFMVbcyO4KxYBqulxPwQV5Lpq+Mz1dg4AQm8SEqNkHoyxVYZhHBTUv1JAlVL6Q9M0sw5fARhFUcokBqX0ZtM0CxuiquqFkiRd5h+nOOuh0jqCLM5ctsBsy7L6lTyoqup4QohYf4nPizG2xjCMMj9ZEbAWS5JUckXmXC8HJ5PJJ0U7TdNEtuxf/fOnlP7aNM1L89+F7y0SiQgjpyTQyxhbbhhG1N9f07RbCSF+6ZbxPO8clLpm9M6g1DwJCO1U2pFndajQMXZWaS85EZ+tBffJi4BvfAN49wbhNwBpv1NB2v9zNchtXQTeCzcVgFa2KZx307Q3pe7c9R05AOiKopR5jyml15mmeVYFYF0qSdIv/XWO4zQlEomslVEJMMXgE+10XW/GGOsl6+xHms6CBQu2C4VCQtfz6zntn3766ZTVq1cLHbbPoqpqlBCSCMi8uNKyrPMrEdA07XZCSIlUFJaF67r7JBKJl3PAuokQUpZr5nneIZZlFQ6dyP5QFOUB/1ie5/3Osqwe5bqoVLhhPk6lUguyCnt66aRlHJVG87OhLM6zPiu8w0GAt5sNeOzuAFKRQOEMeOrTrNRCStFBc7sgffssAFFXMcsBVtSc9rGwirJF07TLCSEX+Cfvuu53bNv+exBjK4BB6DV7JpNJYTKL6yUo7iisspn5NsIQqK+vF2GkklipyAXPpen0lolxACFkdYB+1aduVrwmTdMWEUKu86+TUvo90zQrpnc3NTWJsQ/wHYhNmzdvnpIPsDc1Nb0QYD1+JqznRCJRCIWpqnq9JEll2bmu68Zt2xZhq0IR3nlZlt/xHyhhERqGMa8npLN4wpGISGVIzVLJiKwFB4B6Pcr77ocDffsxwBO+AWiUT8iJ9l4KnMTJQF+///MEwCBUeOwnNYs6CiEWXdcf97sPhCc3nU7v3tLS8m8/iblz544fNWpU2dUBAO9u3bp1unD45SxHsfgSwHDO366pqZmxbNmybMyssbFxn3A4LJhfMgyl9HbTNHvNUYrFYnFZlq0ASdNqWVaPJ7kfRdf1azDGJZI5d502WJb1RBCJSjwoNjgaGhp2qKurExLV78N72jCMEoNG1/VnMMYlbgphFTuOMyWZTH7iA1bgDZO34HuyG5ZCKA2T3gCEdwnkgUiDAQ6hn7yQtfTS140DpelWIN84HrynLu5J8ouMA961DtgHK4BteA1QSBhXFQ46Zx+GN3ZMRxdD1jss0n/D4bBI7OtR0HKFMfayYRh+b3m2Nh6PXyTLckkoRXwvzl2vFHdkjN1rGMax+XEq6SCe551gWVZZoLx4jtFotElRFCEVS1jHGFttGMaB/cBUtkk0Gr0xFAqVWMS5GGJBCffTUlX155IklYWwXNe9wrbtC3N8+rYsy4/4+1JKrzZNs2BwRKPRCYqiiINakjnMGHvWMIwSiSho9XLDZC3yAjdS14/7PkjKXYGMEGkz9dMh9MNVQN81wXnwCAif8lH2msv8cRfgzpasdSgMSyRHctdlL1khnvuTmkXrC9IqFovNlWX5yYBTH5iHPm/evD1qa2vXIIRqi+eb88vsndctKsUdKaWnmKZZiEcGgTRHqySOGMQbXdfnYYzLjAPO+QbHcXYpNuV7A5mmadcRQsq87a7rHmvb9r3+viJvbNKkSa/l0qcL1WLemUxGvLZ5SXys9HbAcZzDE4lEAXC9SN7FlmWVzUvX9RUY43k+/nvd3d3TV6xY8W5pavLiCSYQqSRIme2YTZuRANdPA+50As9shtCxK4CtexGch78LKFzi+un9kDLeUnN6+4LiRrqun4cx/n3AqSpYd/m6XHhmOUJoD397xtgDhmEszH9vamq6GyH0PX+7TCazXzKZXJP/ruv6TRjjMuU2k8kc2lc6Ss7jLhIDywKinucdb1lW1u3RV9E07UxCyLUBPLjNNM2ybIsgN0PPVmVjdcW6a9DbgTSldFpxbpumaZcQQn7lHz/IKq50w4j0m+bmZuHcZSXA2np13QQpNOK5cgsxO2UAN5VzMYi8dhlADgNkPgsOMgdxkvOPGHW/WbtoQ8EjLJrpuv4IxqVpO+LhRCaT2XX58uXZ7Ic999xT2XHHHY8UzMcYlwRScwzt6uzsnNnW1pbPp8e6rr+OMS6JO3LOP+7s7JzS1tZWSEU+7LDDbmeMlfmbhKvDdd1j8k5UISXGjx8/gzE2Lu/0zHnLX8UYT/cvmXO+yfO8n6XTaTM/ntD7Ro4cOYNzvv/WrVvvyFuNldKxOefpdDp9VEtLS9bKFTpTJBK5OMDMz4aOPM870Lbt1bm2o+vq6oSKURJX8/vwcnvQgjEuADLHU9dxnD38j1fi8fgcSZKeCtBJ/2aaZjaBoCyMk1kyZiZDoccB4XG9njKRK5ZLAOxXMiTnn+IMnR8655OS17biiTchRCjY4jVMoQiLmXMuHHwbhG+Hcz4T42AdMOe3EQC4L08gF3cU4Y4SSUIpbTZNs+T5k67r4kVOVicJAIdwCgoLUyiaEwBgV855iW9JVdXLJEkK7C/oMcb+jRASSX0ypXQixnhH8b2zs3N8W1vbhhwIwsKHRAjJ1vmLsFABoAshNKNSfpfneUssyypYdZXA6vfh5SSQ0K9KHtFUsor789gkMD6Yua5+TyYpDwLCZddNr2CrVMn525iz74ROX/eqv8mCBQv2DoVCL/Y3oyBg48UpPcu27RJTvVLckVJ6gWmaJdeu0C8URSlJ3+ltnf7XQjnFV4C4xPjog1cisP410zQLKT7ioYcsy2Uuh/7wnDHWahiGyFIpZIdqmnY+IeQKf3+RfWDbdkGfrqTjVrKKdV1/GGMsojXFgqDksUnFwPPmK0aNCUVqlgDG25DnLZKu2N0OTZ026swtganDuq6fgTEupIz0h4n5NoyxTkrpScVMytcFPU6tZL6LVJFIJPI8IaRfvxHgnLe3t7dPLQ5Mx+NxkTrcjPp5QnJSthDPy82baJrW6n9P2RdPKKXGpk2bFvqdsUGPU0WmiOd5e9q2/Waerqqq50mSVKbjuq77M9u2byseX9wwCKG3/ZKVMfafrq6uqfkrv89/N6QXT4hxjH8JCM3tK7OmCL8AjD9FKb28LheyqcScWCz2W1mWf9PP/ciSyaWhPJjJZC4MSuoT5qmu629jjHfznSqns7NzYltb22b/fISlGYlE7ErXrf90Oo6zU173yteJlJdQKHQzxnjnvsAg6imlh5umWeIKmDVr1qiJEyfeizGO98UTxlja87zLE4nEJf7xDjrooBGjR49uxxiXWM4CAJFIZOe8D0/003X9CYzxt/xrTKfTe7W0tLxS/D0aje6vKMozAe4V2zCMguHXJ7DyRLuvrT8AySGhm4i43W6A0EiOQEScOebI5ZwJXeRd4Gwl5/BY5Ix1gemxQQw/5JBD9lIUZQHG+ADO+e4Y40kY4zDnPJuXhRCiIu0WANYyxp7yPO/+YqvOT1NV1ZGSJF1d5BQUvg+JUvqmYRhlm5DvLx7K1tXV/S8hRKRw7IIxrhE6GmPCUQfi8cMHAPAP13UTo0aNemLZsmVlT8HEho4aNUo4VY8QhgPGuI5zThBCItIi8vY3cM5f5pwnKKUPFXu+i9cRj8ePIYQcJ37GgjEW+UeCF1Qo8+IPOZzz5el0+g5h2gfxVFjPoVDoMjFuvl7wkzH2jGEYhfSXXObDVRjjcWKCubYi12xje3v7OWvWrHGL6eu6PhdjLGKshe8if87zvGXFh6TfwComnrpi9C507Og9HObUC82YQGiDu2nT22Mu6P2Fc39O8V577VU7fvz4KWPHjt3ZcRyxKUhRlM4tW7a8m0gkhAI7JGX27NlTJ0yYMLm+vj6yfv36LRs3bvx41apVAlj9LiKrYMSIEdNc1x1JCKEIoXUdHR2vrVq1qsSL3RvBhoaGqWPHjp3hed4IRVFS6XT6g8cee0w8mNjW52P9XsdAGg4IWAMZqNpneHGgCqzhtd9DttoqsIaM1cNroCqwhtd+D9lqq8AaMlYPr4GqwBpe+z1kq60Ca8hYPbwGqgJreO33kK22CqwhY/XwGqgKrOG130O22iqwhozVw2ugKrCG134P2WqrwBoyVg+vgarAGl77PWSrrQJryFg9vAaqAmt47feQrbYKrCFj9fAaqAqs4bXfQ7baKrCGjNXDa6AqsIbXfg/Zav8f7Mw5YlMDfzwAAAAASUVORK5CYII=
1199 - http://direct.yandex.com.tr/block/b-morda-main/screen/b-morda-main__screen_lang_tr.png
1200 - http://placehold.it/1920x425
1201 - http://services.google.com/fh/files/emails/Internet_Rek_Programi.png
1202 - http://www.diversitydernegi.org
1203 - http://www.habermatik.net
1204 - http://www.habermatik.net/wp-content/uploads/2014/05/habermatik-mobil.png
1205 - http://www.optimaldenetim.com
1206 - http://www.siyahistanbul.com
1207 - http://www.wpmatik.com
1208 - https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic,700,700italic,800,800italic
1209 - https://fonts.googleapis.com/css?family=Raleway:400,500,600,700,800,900,300,200,100
1210 - https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js
1211 - https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js
1212 - https://play.google.com/store/apps/details?id=net.akinmedya.webview
1213 - https://plus.google.com/+AkinmedyaTr
1214 - https://s.w.org/images/core/emoji/11/svg/1f1f9-1f1f7.svg
1215 - https://tr.jooble.org/i%C5%9F-ilanlar%C4%B1-web-tasar%C4%B1m
1216 - https://tr.linkedin.com/in/tahsinakin
1217 - https://twitter.com/AkinMedya
1218 - https://wa.me/905383302444
1219 - https://www.akinmedya.com.tr
1220 - https://www.akinmedya.com.tr/
1221 - https://www.akinmedya.com.tr/cart.php?a=add&pid=151
1222 - https://www.akinmedya.com.tr/cart.php?a=add&pid=152
1223 - https://www.akinmedya.com.tr/cart.php?a=add&pid=153
1224 - https://www.akinmedya.com.tr/cart.php?a=add&pid=154
1225 - https://www.akinmedya.com.tr/cart.php?a=add&pid=155
1226 - https://www.akinmedya.com.tr/cart.php?a=add&pid=156
1227 - https://www.akinmedya.com.tr/cart.php?a=add&pid=75
1228 - https://www.akinmedya.com.tr/clientarea.php
1229 - https://www.akinmedya.com.tr/contact.php
1230 - https://www.akinmedya.com.tr/dl.php?type=d&id=1
1231 - https://www.akinmedya.com.tr/dl.php?type=d&id=18
1232 - https://www.akinmedya.com.tr/dl.php?type=d&id=21
1233 - https://www.akinmedya.com.tr/dl.php?type=d&id=3
1234 - https://www.akinmedya.com.tr/dl.php?type=d&id=4
1235 - https://www.akinmedya.com.tr/hesap-numaralarimiz.html
1236 - https://www.akinmedya.com.tr/images/sliders/web-tasarim.jpg
1237 - https://www.akinmedya.com.tr/index.php
1238 - https://www.akinmedya.com.tr/index.php?rp=/announcements/1/WordPress-44-Surumu.html
1239 - https://www.akinmedya.com.tr/index.php?rp=/announcements/2/Planl-Bakm-Calmas.html
1240 - https://www.akinmedya.com.tr/index.php?rp=/announcements/3/Planl-Bakm-Calmas.html
1241 - https://www.akinmedya.com.tr/index.php?rp=/announcements/4/Ucretsiz-SSL-Sertifikas.html
1242 - https://www.akinmedya.com.tr/index.php?rp=/announcements/5/Bitcoin-Kripto-Para-le-Odeme.html
1243 - https://www.akinmedya.com.tr/index.php?rp=/announcements/6/Mobil-Uygulamamz-Yaynland.html
1244 - https://www.akinmedya.com.tr/kiralik-sunucular.html
1245 - https://www.akinmedya.com.tr/kurumsal-linux-ssd-hosting.html
1246 - https://www.akinmedya.com.tr/musteri-giris.html
1247 - https://www.akinmedya.com.tr/referanslarimiz.html
1248 - https://www.akinmedya.com.tr/ssd-sunucular.html
1249 - https://www.akinmedya.com.tr/ssl-guvenlik-sertifikasi.html
1250 - https://www.akinmedya.com.tr/web-tasarim.html
1251 - https://www.akinmedya.com.tr/wordpress-ssd-hosting.html
1252 - https://www.akinmedya.com.tr/yeni-musteri-kaydi.html
1253 - https://www.facebook.com/akinmedya
1254 - https://www.googletagmanager.com/gtag/js?id=AW-972466803
1255 - https://www.habermatik.net
1256 - https://www.habermatik.net/haber-sitesi-paketleri
1257 - https://www.wpmatik.com
1258 - https://www.youtube.com/channel/UCE6A09u0km0y03abIM9G1NA
1259 Total external links: 61
1260
1261+ Email addresses found:
1262 Total email address found: 0
1263
1264+ Directories found:
1265 - http://ns2.akinmedya.com.tr/assets/ (No open folder)
1266 - http://ns2.akinmedya.com.tr/assets/css/ (No open folder)
1267 - http://ns2.akinmedya.com.tr/assets/img/ (No open folder)
1268 - http://ns2.akinmedya.com.tr/assets/img/flags/ (No open folder)
1269 - http://ns2.akinmedya.com.tr/assets/js/ (No open folder)
1270 - http://ns2.akinmedya.com.tr/css/ (404 Not Found)
1271 - http://ns2.akinmedya.com.tr/images/ (No open folder)
1272 - http://ns2.akinmedya.com.tr/images/logos/ (404 Not Found)
1273 - http://ns2.akinmedya.com.tr/images/ref/ (404 Not Found)
1274 - http://ns2.akinmedya.com.tr/images/sliders/ (404 Not Found)
1275 - http://ns2.akinmedya.com.tr/index.php?rp=/ (No open folder)
1276 - http://ns2.akinmedya.com.tr/index.php?rp=/css/ (404 Not Found)
1277 - http://ns2.akinmedya.com.tr/index.php?rp=/images/ (404 Not Found)
1278 - http://ns2.akinmedya.com.tr/index.php?rp=/js/ (404 Not Found)
1279 - http://ns2.akinmedya.com.tr/index.php?rp=/js/accordion/ (404 Not Found)
1280 - http://ns2.akinmedya.com.tr/js/ (404 Not Found)
1281 - http://ns2.akinmedya.com.tr/js/accordion/ (404 Not Found)
1282 - http://ns2.akinmedya.com.tr/templates/ (No open folder)
1283 - http://ns2.akinmedya.com.tr/templates/orderforms/ (No open folder)
1284 - http://ns2.akinmedya.com.tr/templates/orderforms/akin/ (No open folder)
1285 - http://ns2.akinmedya.com.tr/templates/orderforms/akin/js/ (404 Not Found)
1286 - http://ns2.akinmedya.com.tr/templates/site/ (No open folder)
1287 - http://ns2.akinmedya.com.tr/templates/site/css/ (No open folder)
1288 - http://ns2.akinmedya.com.tr/templates/site/css/font-awesome/ (404 Not Found)
1289 - http://ns2.akinmedya.com.tr/templates/site/css/font-awesome/css/ (404 Not Found)
1290 - http://ns2.akinmedya.com.tr/templates/site/css/mainmenu/ (404 Not Found)
1291 - http://ns2.akinmedya.com.tr/templates/site/img/ (No open folder)
1292 - http://ns2.akinmedya.com.tr/templates/site/js/ (No open folder)
1293 - http://ns2.akinmedya.com.tr/templates/site/js/animations/ (404 Not Found)
1294 - http://ns2.akinmedya.com.tr/templates/site/js/owl-carousel/ (404 Not Found)
1295 - http://ns2.akinmedya.com.tr/templates/site/js/parallax-background/ (404 Not Found)
1296 - http://ns2.akinmedya.com.tr/templates/site/js/progressbar/ (404 Not Found)
1297 - http://ns2.akinmedya.com.tr/templates/site/js/scrolltotop/ (404 Not Found)
1298 - http://ns2.akinmedya.com.tr/templates/site/video/ (404 Not Found)
1299 - http://ns2.akinmedya.com.tr/translate.google.com/ (404 Not Found)
1300 - http://ns2.akinmedya.com.tr/translate.google.com/translate_a/ (404 Not Found)
1301 Total directories: 36
1302
1303+ Directory indexing found:
1304 Total directories with indexing: 0
1305
1306----------------------------------------------------------------------
1307
1308
1309 + URL to crawl: https://ns2.akinmedya.com.tr
1310 + Date: 2019-11-24
1311
1312 + Crawling URL: https://ns2.akinmedya.com.tr:
1313 + Links:
1314 + Crawling https://ns2.akinmedya.com.tr
1315 + Searching for directories...
1316 + Searching open folders...
1317
1318--Finished--
1319Summary information for domain turkmenajans.net.
1320-----------------------------------------
1321
1322 Domain Ips Information:
1323 IP: 176.53.25.90
1324 Type: SPF
1325 Is Active: True (reset ttl 64)
1326 IP: 144.76.114.219
1327 HostName: ns1.akinmedya.com.tr Type: NS
1328 HostName: ns1.akinmedya.com Type: PTR
1329 HostName: turkmenajans.net Type: MX
1330 Type: SPF
1331 HostName: www.turkmenajans.net. Type: A
1332 HostName: ftp.turkmenajans.net. Type: A
1333 HostName: mail.turkmenajans.net. Type: A
1334 HostName: webmail.turkmenajans.net. Type: A
1335 Country: Germany
1336 Is Active: True (reset ttl 64)
1337 IP: 144.76.144.147
1338 HostName: ns2.akinmedya.com.tr Type: NS
1339 HostName: akinmedya.com.tr Type: PTR
1340 Country: Germany
1341 Is Active: True (reset ttl 64)
1342 Port: 21/tcp open ftp syn-ack ttl 52 Pure-FTPd
1343 Script Info: | ssl-cert: Subject: commonName=server.akinmedya.com.tr
1344 Script Info: | Subject Alternative Name: DNS:server.akinmedya.com.tr, DNS:www.server.akinmedya.com.tr
1345 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1346 Script Info: | Public Key type: rsa
1347 Script Info: | Public Key bits: 2048
1348 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1349 Script Info: | Not valid before: 2019-10-19T00:00:00
1350 Script Info: | Not valid after: 2020-10-18T23:59:59
1351 Script Info: | MD5: bc3d f3ca 6005 4fdf dc83 fb32 c090 fdef
1352 Script Info: |_SHA-1: cdbb b6dd 0304 0e6f 5a16 5372 e5eb e51f 0739 ef86
1353 Port: 53/tcp open domain syn-ack ttl 52 ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
1354 Script Info: | dns-nsid:
1355 Script Info: |_ bind.version: 9.11.4-P2-RedHat-9.11.4-9.P2.el7
1356 Port: 80/tcp open http syn-ack ttl 52 LiteSpeed httpd
1357 Script Info: | http-methods:
1358 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1359 Script Info: |_http-server-header: LiteSpeed
1360 Script Info: |_http-title: Did not follow redirect to https://www.akinmedya.com.tr/index.php
1361 Port: 110/tcp open pop3 syn-ack ttl 52 Dovecot pop3d
1362 Script Info: |_pop3-capabilities: AUTH-RESP-CODE UIDL USER RESP-CODES STLS SASL(PLAIN LOGIN) CAPA TOP PIPELINING
1363 Script Info: | ssl-cert: Subject: commonName=server.akinmedya.com.tr
1364 Script Info: | Subject Alternative Name: DNS:server.akinmedya.com.tr, DNS:www.server.akinmedya.com.tr
1365 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1366 Script Info: | Public Key type: rsa
1367 Script Info: | Public Key bits: 2048
1368 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1369 Script Info: | Not valid before: 2019-10-19T00:00:00
1370 Script Info: | Not valid after: 2020-10-18T23:59:59
1371 Script Info: | MD5: bc3d f3ca 6005 4fdf dc83 fb32 c090 fdef
1372 Script Info: |_SHA-1: cdbb b6dd 0304 0e6f 5a16 5372 e5eb e51f 0739 ef86
1373 Port: 143/tcp open imap syn-ack ttl 52 Dovecot imapd
1374 Script Info: |_imap-capabilities: IMAP4rev1 capabilities Pre-login AUTH=LOGINA0001 post-login have LITERAL+ LOGIN-REFERRALS ENABLE more OK NAMESPACE STARTTLS IDLE AUTH=PLAIN SASL-IR listed ID
1375 Script Info: | ssl-cert: Subject: commonName=server.akinmedya.com.tr
1376 Script Info: | Subject Alternative Name: DNS:server.akinmedya.com.tr, DNS:www.server.akinmedya.com.tr
1377 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1378 Script Info: | Public Key type: rsa
1379 Script Info: | Public Key bits: 2048
1380 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1381 Script Info: | Not valid before: 2019-10-19T00:00:00
1382 Script Info: | Not valid after: 2020-10-18T23:59:59
1383 Script Info: | MD5: bc3d f3ca 6005 4fdf dc83 fb32 c090 fdef
1384 Script Info: |_SHA-1: cdbb b6dd 0304 0e6f 5a16 5372 e5eb e51f 0739 ef86
1385 Port: 443/tcp open ssl/http syn-ack ttl 52 LiteSpeed httpd
1386 Script Info: | http-methods:
1387 Script Info: |_ Supported Methods: GET HEAD POST
1388 Script Info: |_http-server-header: LiteSpeed
1389 Script Info: |_http-title: Kurumsal \xC3\x87\xC3\xB6z\xC3\xBCmler, Web Tasar\xC4\xB1m, E-Ticaret, Yaz\xC4\xB1l\xC4\xB1m, Mobi...
1390 Script Info: | ssl-cert: Subject: commonName=akinmedya.com.tr
1391 Script Info: | Subject Alternative Name: DNS:akinmedya.com.tr, DNS:cpanel.akinmedya.com.tr, DNS:mail.akinmedya.com.tr, DNS:webdisk.akinmedya.com.tr, DNS:webmail.akinmedya.com.tr, DNS:whm.akinmedya.com.tr, DNS:www.akinmedya.com.tr
1392 Script Info: | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
1393 Script Info: | Public Key type: rsa
1394 Script Info: | Public Key bits: 2048
1395 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1396 Script Info: | Not valid before: 2019-10-03T23:19:13
1397 Script Info: | Not valid after: 2020-01-01T23:19:13
1398 Script Info: | MD5: ec55 1457 fb3c d80e 0130 4126 f7f9 3092
1399 Script Info: |_SHA-1: 8250 b419 77ea df27 b2f2 e1eb 4a1f 9fbf 987a d760
1400 Port: 465/tcp open ssl/smtp syn-ack ttl 52 Exim smtpd 4.92
1401 Script Info: | smtp-commands: server.akinmedya.com.tr Hello nmap.scanme.org [176.113.74.110], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
1402 Script Info: |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1403 Script Info: | ssl-cert: Subject: commonName=server.akinmedya.com.tr
1404 Script Info: | Subject Alternative Name: DNS:server.akinmedya.com.tr, DNS:www.server.akinmedya.com.tr
1405 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1406 Script Info: | Public Key type: rsa
1407 Script Info: | Public Key bits: 2048
1408 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1409 Script Info: | Not valid before: 2019-10-19T00:00:00
1410 Script Info: | Not valid after: 2020-10-18T23:59:59
1411 Script Info: | MD5: bc3d f3ca 6005 4fdf dc83 fb32 c090 fdef
1412 Script Info: |_SHA-1: cdbb b6dd 0304 0e6f 5a16 5372 e5eb e51f 0739 ef86
1413 Script Info: | vulners:
1414 Script Info: | cpe:/a:exim:exim:4.92:
1415 Script Info: | CVE-2019-15846 10.0 https://vulners.com/cve/CVE-2019-15846
1416 Script Info: | CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
1417 Script Info: |_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
1418 Port: 587/tcp open smtp syn-ack ttl 52 Exim smtpd 4.92
1419 Script Info: | smtp-commands: server.akinmedya.com.tr Hello nmap.scanme.org [176.113.74.110], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP,
1420 Script Info: |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1421 Script Info: | ssl-cert: Subject: commonName=server.akinmedya.com.tr
1422 Script Info: | Subject Alternative Name: DNS:server.akinmedya.com.tr, DNS:www.server.akinmedya.com.tr
1423 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1424 Script Info: | Public Key type: rsa
1425 Script Info: | Public Key bits: 2048
1426 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1427 Script Info: | Not valid before: 2019-10-19T00:00:00
1428 Script Info: | Not valid after: 2020-10-18T23:59:59
1429 Script Info: | MD5: bc3d f3ca 6005 4fdf dc83 fb32 c090 fdef
1430 Script Info: |_SHA-1: cdbb b6dd 0304 0e6f 5a16 5372 e5eb e51f 0739 ef86
1431 Script Info: | vulners:
1432 Script Info: | cpe:/a:exim:exim:4.92:
1433 Script Info: | CVE-2019-15846 10.0 https://vulners.com/cve/CVE-2019-15846
1434 Script Info: | CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
1435 Script Info: |_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
1436 Port: 993/tcp open imaps? syn-ack ttl 52
1437 Script Info: |_imap-capabilities: IMAP4rev1 capabilities Pre-login listed post-login have LITERAL+ LOGIN-REFERRALS ENABLE OK NAMESPACE more IDLE AUTH=PLAIN SASL-IR AUTH=LOGINA0001 ID
1438 Script Info: | ssl-cert: Subject: commonName=server.akinmedya.com.tr
1439 Script Info: | Subject Alternative Name: DNS:server.akinmedya.com.tr, DNS:www.server.akinmedya.com.tr
1440 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1441 Script Info: | Public Key type: rsa
1442 Script Info: | Public Key bits: 2048
1443 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1444 Script Info: | Not valid before: 2019-10-19T00:00:00
1445 Script Info: | Not valid after: 2020-10-18T23:59:59
1446 Script Info: | MD5: bc3d f3ca 6005 4fdf dc83 fb32 c090 fdef
1447 Script Info: |_SHA-1: cdbb b6dd 0304 0e6f 5a16 5372 e5eb e51f 0739 ef86
1448 Port: 995/tcp open pop3s? syn-ack ttl 52
1449 Script Info: |_pop3-capabilities: SASL(PLAIN LOGIN) USER RESP-CODES TOP AUTH-RESP-CODE CAPA UIDL PIPELINING
1450 Script Info: | ssl-cert: Subject: commonName=server.akinmedya.com.tr
1451 Script Info: | Subject Alternative Name: DNS:server.akinmedya.com.tr, DNS:www.server.akinmedya.com.tr
1452 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1453 Script Info: | Public Key type: rsa
1454 Script Info: | Public Key bits: 2048
1455 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1456 Script Info: | Not valid before: 2019-10-19T00:00:00
1457 Script Info: | Not valid after: 2020-10-18T23:59:59
1458 Script Info: | MD5: bc3d f3ca 6005 4fdf dc83 fb32 c090 fdef
1459 Script Info: |_SHA-1: cdbb b6dd 0304 0e6f 5a16 5372 e5eb e51f 0739 ef86
1460 Port: 3306/tcp open mysql syn-ack ttl 52 MySQL 5.7.28
1461 Script Info: | mysql-info:
1462 Script Info: | Protocol: 10
1463 Script Info: | Version: 5.7.28
1464 Script Info: | Thread ID: 24479471
1465 Script Info: | Capabilities flags: 65535
1466 Script Info: | Some Capabilities: Speaks41ProtocolNew, LongPassword, Speaks41ProtocolOld, Support41Auth, ODBCClient, IgnoreSigpipes, FoundRows, InteractiveClient, SupportsLoadDataLocal, SwitchToSSLAfterHandshake, SupportsTransactions, IgnoreSpaceBeforeParenthesis, LongColumnFlag, ConnectWithDatabase, DontAllowDatabaseTableColumn, SupportsCompression, SupportsAuthPlugins, SupportsMultipleStatments, SupportsMultipleResults
1467 Script Info: | Status: Autocommit
1468 Script Info: | Salt: \x1CYAD\\x03({`\x14Pt\x1CLa\x12\x04%?\x1F
1469 Script Info: |_ Auth Plugin Name: mysql_native_password
1470 Port: 3389/tcp open ms-wbt-server syn-ack ttl 52 xrdp
1471 Os Info: Host: server.akinmedya.com.tr; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
1472######################################################################################################################################
1473dnsenum VERSION:1.2.6
1474
1475----- www.turkmenajans.net -----
1476
1477
1478Host's addresses:
1479__________________
1480
1481turkmenajans.net. 12204 IN A 144.76.114.219
1482
1483
1484Name Servers:
1485______________
1486
1487ns1.akinmedya.com.tr. 13578 IN A 144.76.114.219
1488ns2.akinmedya.com.tr. 13578 IN A 144.76.144.147
1489
1490
1491Mail (MX) Servers:
1492___________________
1493
1494turkmenajans.net. 12204 IN A 144.76.114.219
1495
1496
1497Trying Zone Transfers and getting Bind Versions:
1498_________________________________________________
1499
1500
1501Trying Zone Transfer for www.turkmenajans.net on ns1.akinmedya.com.tr ...
1502
1503Trying Zone Transfer for www.turkmenajans.net on ns2.akinmedya.com.tr ...
1504
1505
1506Brute forcing with /usr/share/dnsenum/dns.txt:
1507_______________________________________________
1508
1509
1510
1511www.turkmenajans.net class C netranges:
1512________________________________________
1513
1514
1515
1516Performing reverse lookup on 0 ip addresses:
1517_____________________________________________
1518
1519
15200 results out of 0 IP addresses.
1521
1522
1523www.turkmenajans.net ip blocks:
1524________________________________
1525
1526
1527done.
1528#######################################################################################################################################
1529URLCrazy Domain Report
1530Domain : www.turkmenajans.net
1531Keyboard : qwerty
1532At : 2019-11-24 18:16:50 -0500
1533
1534# Please wait. 202 hostnames to process
1535
1536Typo Type Typo DNS-A CC-A DNS-MX Extn
1537-----------------------------------------------------------------------------------------------------------
1538Character Omission ww.turkmenajans.net ? net
1539Character Omission www.trkmenajans.net ? net
1540Character Omission www.tukmenajans.net ? net
1541Character Omission www.turkenajans.net ? net
1542Character Omission www.turkmeajans.net ? net
1543Character Omission www.turkmenaans.net ? net
1544Character Omission www.turkmenajan.net ? net
1545Character Omission www.turkmenajans.ne ? ne
1546Character Omission www.turkmenajas.net ? net
1547Character Omission www.turkmenajns.net ? net
1548Character Omission www.turkmenjans.net ? net
1549Character Omission www.turkmnajans.net ? net
1550Character Omission www.turmenajans.net ? net
1551Character Omission www.urkmenajans.net ? net
1552Character Omission wwwturkmenajans.net ? net
1553Character Repeat www.tturkmenajans.net ? net
1554Character Repeat www.turkkmenajans.net ? net
1555Character Repeat www.turkmeenajans.net ? net
1556Character Repeat www.turkmenaajans.net ? net
1557Character Repeat www.turkmenajaans.net ? net
1558Character Repeat www.turkmenajanns.net ? net
1559Character Repeat www.turkmenajanss.net ? net
1560Character Repeat www.turkmenajjans.net ? net
1561Character Repeat www.turkmennajans.net ? net
1562Character Repeat www.turkmmenajans.net ? net
1563Character Repeat www.turrkmenajans.net ? net
1564Character Repeat www.tuurkmenajans.net ? net
1565Character Repeat wwww.turkmenajans.net ? net
1566Character Swap ww.wturkmenajans.net ? net
1567Character Swap www.trukmenajans.net ? net
1568Character Swap www.tukrmenajans.net ? net
1569Character Swap www.turkemnajans.net ? net
1570Character Swap www.turkmeanjans.net ? net
1571Character Swap www.turkmenaajns.net ? net
1572Character Swap www.turkmenajasn.net ? net
1573Character Swap www.turkmenajnas.net ? net
1574Character Swap www.turkmenjaans.net ? net
1575Character Swap www.turkmneajans.net ? net
1576Character Swap www.turmkenajans.net ? net
1577Character Swap www.utrkmenajans.net ? net
1578Character Swap wwwt.urkmenajans.net ? net
1579Character Replacement eww.turkmenajans.net ? net
1580Character Replacement qww.turkmenajans.net ? net
1581Character Replacement wew.turkmenajans.net ? net
1582Character Replacement wqw.turkmenajans.net ? net
1583Character Replacement wwe.turkmenajans.net ? net
1584Character Replacement wwq.turkmenajans.net ? net
1585Character Replacement www.rurkmenajans.net ? net
1586Character Replacement www.tirkmenajans.net ? net
1587Character Replacement www.tuekmenajans.net ? net
1588Character Replacement www.turjmenajans.net ? net
1589Character Replacement www.turkmebajans.net ? net
1590Character Replacement www.turkmemajans.net ? net
1591Character Replacement www.turkmenahans.net ? net
1592Character Replacement www.turkmenajabs.net ? net
1593Character Replacement www.turkmenajams.net ? net
1594Character Replacement www.turkmenajana.net ? net
1595Character Replacement www.turkmenajand.net ? net
1596Character Replacement www.turkmenajsns.net ? net
1597Character Replacement www.turkmenakans.net ? net
1598Character Replacement www.turkmensjans.net ? net
1599Character Replacement www.turkmrnajans.net ? net
1600Character Replacement www.turkmwnajans.net ? net
1601Character Replacement www.turknenajans.net ? net
1602Character Replacement www.turlmenajans.net ? net
1603Character Replacement www.tutkmenajans.net ? net
1604Character Replacement www.tyrkmenajans.net ? net
1605Character Replacement www.yurkmenajans.net ? net
1606Double Character Replacement eew.turkmenajans.net ? net
1607Double Character Replacement qqw.turkmenajans.net ? net
1608Double Character Replacement wee.turkmenajans.net ? net
1609Double Character Replacement wqq.turkmenajans.net ? net
1610Character Insertion weww.turkmenajans.net ? net
1611Character Insertion wqww.turkmenajans.net ? net
1612Character Insertion wwew.turkmenajans.net ? net
1613Character Insertion wwqw.turkmenajans.net ? net
1614Character Insertion www.trurkmenajans.net ? net
1615Character Insertion www.tuirkmenajans.net ? net
1616Character Insertion www.turekmenajans.net ? net
1617Character Insertion www.turkjmenajans.net ? net
1618Character Insertion www.turklmenajans.net ? net
1619Character Insertion www.turkmenajanbs.net ? net
1620Character Insertion www.turkmenajanms.net ? net
1621Character Insertion www.turkmenajansa.net ? net
1622Character Insertion www.turkmenajansd.net ? net
1623Character Insertion www.turkmenajasns.net ? net
1624Character Insertion www.turkmenajhans.net ? net
1625Character Insertion www.turkmenajkans.net ? net
1626Character Insertion www.turkmenasjans.net ? net
1627Character Insertion www.turkmenbajans.net ? net
1628Character Insertion www.turkmenmajans.net ? net
1629Character Insertion www.turkmernajans.net ? net
1630Character Insertion www.turkmewnajans.net ? net
1631Character Insertion www.turkmnenajans.net ? net
1632Character Insertion www.turtkmenajans.net ? net
1633Character Insertion www.tuyrkmenajans.net ? net
1634Character Insertion www.tyurkmenajans.net ? net
1635Character Insertion wwwe.turkmenajans.net ? net
1636Character Insertion wwwq.turkmenajans.net ? net
1637Missing Dot wwwwww.turkmenajans.net ? net
1638Singular or Pluralise turkmenajan.net ? net
1639Singular or Pluralise turkmenajans.net 144.76.114.219 DE,GERMANY turkmenajans.net net
1640Vowel Swap www.tarkmenajans.net ? net
1641Vowel Swap www.terkmenajans.net ? net
1642Vowel Swap www.torkmenajans.net ? net
1643Vowel Swap www.turkmenejens.net ? net
1644Vowel Swap www.turkmenijins.net ? net
1645Vowel Swap www.turkmenojons.net ? net
1646Vowel Swap www.turkmenujuns.net ? net
1647Bit Flipping 7ww.turkmenajans.net ? net
1648Bit Flipping gww.turkmenajans.net ? net
1649Bit Flipping sww.turkmenajans.net ? net
1650Bit Flipping uww.turkmenajans.net ? net
1651Bit Flipping vww.turkmenajans.net ? net
1652Bit Flipping w7w.turkmenajans.net ? net
1653Bit Flipping wgw.turkmenajans.net ? net
1654Bit Flipping wsw.turkmenajans.net ? net
1655Bit Flipping wuw.turkmenajans.net ? net
1656Bit Flipping wvw.turkmenajans.net ? net
1657Bit Flipping ww7.turkmenajans.net ? net
1658Bit Flipping wwg.turkmenajans.net ? net
1659Bit Flipping wws.turkmenajans.net ? net
1660Bit Flipping wwu.turkmenajans.net ? net
1661Bit Flipping wwv.turkmenajans.net ? net
1662Bit Flipping www.4urkmenajans.net ? net
1663Bit Flipping www.durkmenajans.net ? net
1664Bit Flipping www.purkmenajans.net ? net
1665Bit Flipping www.t5rkmenajans.net ? net
1666Bit Flipping www.tqrkmenajans.net ? net
1667Bit Flipping www.ttrkmenajans.net ? net
1668Bit Flipping www.tu2kmenajans.net ? net
1669Bit Flipping www.tubkmenajans.net ? net
1670Bit Flipping www.tupkmenajans.net ? net
1671Bit Flipping www.turcmenajans.net ? net
1672Bit Flipping www.turimenajans.net ? net
1673Bit Flipping www.turk-enajans.net ? net
1674Bit Flipping www.turkeenajans.net ? net
1675Bit Flipping www.turkienajans.net ? net
1676Bit Flipping www.turklenajans.net ? net
1677Bit Flipping www.turkmanajans.net ? net
1678Bit Flipping www.turkmdnajans.net ? net
1679Bit Flipping www.turkme.ajans.net ? net
1680Bit Flipping www.turkmefajans.net ? net
1681Bit Flipping www.turkmejajans.net ? net
1682Bit Flipping www.turkmelajans.net ? net
1683Bit Flipping www.turkmenabans.net ? net
1684Bit Flipping www.turkmenaja.s.net ? net
1685Bit Flipping www.turkmenajafs.net ? net
1686Bit Flipping www.turkmenajajs.net ? net
1687Bit Flipping www.turkmenajals.net ? net
1688Bit Flipping www.turkmenajan3.net ? net
1689Bit Flipping www.turkmenajanc.net ? net
1690Bit Flipping www.turkmenajanq.net ? net
1691Bit Flipping www.turkmenajanr.net ? net
1692Bit Flipping www.turkmenajanw.net ? net
1693Bit Flipping www.turkmenajaos.net ? net
1694Bit Flipping www.turkmenajcns.net ? net
1695Bit Flipping www.turkmenajens.net ? net
1696Bit Flipping www.turkmenajins.net ? net
1697Bit Flipping www.turkmenajqns.net ? net
1698Bit Flipping www.turkmenanans.net ? net
1699Bit Flipping www.turkmenazans.net ? net
1700Bit Flipping www.turkmencjans.net ? net
1701Bit Flipping www.turkmenejans.net ? net
1702Bit Flipping www.turkmenijans.net ? net
1703Bit Flipping www.turkmenqjans.net ? net
1704Bit Flipping www.turkmeoajans.net ? net
1705Bit Flipping www.turkmgnajans.net ? net
1706Bit Flipping www.turkmmnajans.net ? net
1707Bit Flipping www.turkmunajans.net ? net
1708Bit Flipping www.turkoenajans.net ? net
1709Bit Flipping www.turomenajans.net ? net
1710Bit Flipping www.tuskmenajans.net ? net
1711Bit Flipping www.tuvkmenajans.net ? net
1712Bit Flipping www.tuzkmenajans.net ? net
1713Bit Flipping www.twrkmenajans.net ? net
1714Bit Flipping www.uurkmenajans.net ? net
1715Bit Flipping www.vurkmenajans.net ? net
1716Bit Flipping wwwnturkmenajans.net ? net
1717Homoglyphs vvvvvv.turkmenajans.net ? net
1718Homoglyphs vvvvw.turkmenajans.net ? net
1719Homoglyphs vvwvv.turkmenajans.net ? net
1720Homoglyphs vvww.turkmenajans.net ? net
1721Homoglyphs wvvvv.turkmenajans.net ? net
1722Homoglyphs wvvw.turkmenajans.net ? net
1723Homoglyphs wwvv.turkmenajans.net ? net
1724Homoglyphs www.turkrnenajans.net ? net
1725Wrong TLD turkmenajans.ca ? ca
1726Wrong TLD turkmenajans.ch ? ch
1727Wrong TLD turkmenajans.com ? com
1728Wrong TLD turkmenajans.de ? de
1729Wrong TLD turkmenajans.edu ? edu
1730Wrong TLD turkmenajans.es ? es
1731Wrong TLD turkmenajans.fr ? fr
1732Wrong TLD turkmenajans.it ? it
1733Wrong TLD turkmenajans.jp ? jp
1734Wrong TLD turkmenajans.nl ? nl
1735Wrong TLD turkmenajans.no ? no
1736Wrong TLD turkmenajans.org ? org
1737Wrong TLD turkmenajans.ru ? ru
1738Wrong TLD turkmenajans.se ? se
1739Wrong TLD turkmenajans.us ? us
1740#######################################################################################################################################
1741===============================================
1742-=Subfinder v1.1.3 github.com/subfinder/subfinder
1743===============================================
1744
1745
1746Running Source: Ask
1747Running Source: Archive.is
1748Running Source: Baidu
1749Running Source: Bing
1750Running Source: CertDB
1751Running Source: CertificateTransparency
1752Running Source: Certspotter
1753Running Source: Commoncrawl
1754Running Source: Crt.sh
1755Running Source: Dnsdb
1756Running Source: DNSDumpster
1757Running Source: DNSTable
1758Running Source: Dogpile
1759Running Source: Exalead
1760Running Source: Findsubdomains
1761Running Source: Googleter
1762Running Source: Hackertarget
1763Running Source: Ipv4Info
1764Running Source: PTRArchive
1765Running Source: Sitedossier
1766Running Source: Threatcrowd
1767Running Source: ThreatMiner
1768Running Source: WaybackArchive
1769Running Source: Yahoo
1770
1771Running enumeration on www.turkmenajans.net
1772
1773dnsdb: Unexpected return status 404
1774
1775
1776Starting Bruteforcing of www.turkmenajans.net with 9985 words
1777
1778Total 1 Unique subdomains found for www.turkmenajans.net
1779
1780.www.turkmenajans.net
1781######################################################################################################################################
1782[*] Processing domain www.turkmenajans.net
1783[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
1784[+] Getting nameservers
1785144.76.114.219 - ns1.akinmedya.com.tr
1786144.76.144.147 - ns2.akinmedya.com.tr
1787[-] Zone transfer failed
1788
1789[+] TXT records found
1790"v=spf1 ip4:144.76.114.219 +a +mx +ip4:176.53.25.90 ~all"
1791
1792[+] MX records found, added to target list
17930 turkmenajans.net.
1794
1795[*] Scanning www.turkmenajans.net for A records
1796144.76.114.219 - www.turkmenajans.net
1797#######################################################################################################################################
1798Privileges have been dropped to "nobody:nogroup" for security reasons.
1799
1800Processed queries: 0
1801Received packets: 0
1802Progress: 0.00% (00 h 00 min 00 sec / 00 h 00 min 00 sec)
1803Current incoming rate: 0 pps, average: 0 pps
1804Current success rate: 0 pps, average: 0 pps
1805Finished total: 0, success: 0 (0.00%)
1806Mismatched domains: 0 (0.00%), IDs: 0 (0.00%)
1807Failures: 0: 0.00%, 1: 0.00%, 2: 0.00%, 3: 0.00%, 4: 0.00%, 5: 0.00%, 6: 0.00%, 7: 0.00%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1808Response: | Success: | Total:
1809OK: | 0 ( 0.00%) | 0 ( 0.00%)
1810NXDOMAIN: | 0 ( 0.00%) | 0 ( 0.00%)
1811SERVFAIL: | 0 ( 0.00%) | 0 ( 0.00%)
1812REFUSED: | 0 ( 0.00%) | 0 ( 0.00%)
1813FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1814
1815
1816
1817Processed queries: 1919
1818Received packets: 254
1819Progress: 100.00% (00 h 00 min 01 sec / 00 h 00 min 01 sec)
1820Current incoming rate: 253 pps, average: 253 pps
1821Current success rate: 171 pps, average: 171 pps
1822Finished total: 172, success: 172 (100.00%)
1823Mismatched domains: 0 (0.00%), IDs: 0 (0.00%)
1824Failures: 0: 19.77%, 1: 1050.00%, 2: 45.93%, 3: 0.00%, 4: 0.00%, 5: 0.00%, 6: 0.00%, 7: 0.00%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1825Response: | Success: | Total:
1826OK: | 18 ( 10.47%) | 18 ( 7.17%)
1827NXDOMAIN: | 149 ( 86.63%) | 149 ( 59.36%)
1828SERVFAIL: | 5 ( 2.91%) | 5 ( 1.99%)
1829REFUSED: | 0 ( 0.00%) | 79 ( 31.47%)
1830FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1831
1832
1833
1834Processed queries: 1919
1835Received packets: 2593
1836Progress: 100.00% (00 h 00 min 02 sec / 00 h 00 min 02 sec)
1837Current incoming rate: 2334 pps, average: 1294 pps
1838Current success rate: 1164 pps, average: 668 pps
1839Finished total: 1339, success: 1339 (100.00%)
1840Mismatched domains: 707 (27.41%), IDs: 0 (0.00%)
1841Failures: 0: 2.54%, 1: 10.31%, 2: 40.85%, 3: 65.42%, 4: 21.88%, 5: 2.32%, 6: 0.00%, 7: 0.00%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1842Response: | Success: | Total:
1843OK: | 128 ( 9.56%) | 180 ( 6.98%)
1844NXDOMAIN: | 1177 ( 87.90%) | 1609 ( 62.39%)
1845SERVFAIL: | 34 ( 2.54%) | 49 ( 1.90%)
1846REFUSED: | 0 ( 0.00%) | 741 ( 28.73%)
1847FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1848
1849
1850
1851Processed queries: 1919
1852Received packets: 4469
1853Progress: 100.00% (00 h 00 min 03 sec / 00 h 00 min 03 sec)
1854Current incoming rate: 1872 pps, average: 1487 pps
1855Current success rate: 523 pps, average: 620 pps
1856Finished total: 1864, success: 1864 (100.00%)
1857Mismatched domains: 1815 (40.80%), IDs: 0 (0.00%)
1858Failures: 0: 1.82%, 1: 7.40%, 2: 29.35%, 3: 30.42%, 4: 16.90%, 5: 10.25%, 6: 4.72%, 7: 1.77%, 8: 0.32%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1859Response: | Success: | Total:
1860OK: | 175 ( 9.39%) | 294 ( 6.61%)
1861NXDOMAIN: | 1643 ( 88.14%) | 2840 ( 63.85%)
1862SERVFAIL: | 46 ( 2.47%) | 74 ( 1.66%)
1863REFUSED: | 0 ( 0.00%) | 1240 ( 27.88%)
1864FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1865
1866
1867
1868Processed queries: 1919
1869Received packets: 4557
1870Progress: 100.00% (00 h 00 min 04 sec / 00 h 00 min 04 sec)
1871Current incoming rate: 87 pps, average: 1137 pps
1872Current success rate: 40 pps, average: 475 pps
1873Finished total: 1905, success: 1905 (100.00%)
1874Mismatched domains: 1852 (40.85%), IDs: 0 (0.00%)
1875Failures: 0: 1.78%, 1: 7.24%, 2: 28.71%, 3: 29.76%, 4: 16.54%, 5: 9.45%, 6: 3.99%, 7: 1.94%, 8: 0.84%, 9: 0.31%, 10: 0.16%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1876Response: | Success: | Total:
1877OK: | 179 ( 9.40%) | 303 ( 6.68%)
1878NXDOMAIN: | 1679 ( 88.14%) | 2906 ( 64.09%)
1879SERVFAIL: | 47 ( 2.47%) | 75 ( 1.65%)
1880REFUSED: | 0 ( 0.00%) | 1250 ( 27.57%)
1881FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1882
1883
1884
1885Processed queries: 1919
1886Received packets: 4580
1887Progress: 100.00% (00 h 00 min 05 sec / 00 h 00 min 05 sec)
1888Current incoming rate: 22 pps, average: 914 pps
1889Current success rate: 9 pps, average: 382 pps
1890Finished total: 1915, success: 1915 (100.00%)
1891Mismatched domains: 1861 (40.84%), IDs: 0 (0.00%)
1892Failures: 0: 1.78%, 1: 7.21%, 2: 28.56%, 3: 29.61%, 4: 16.45%, 5: 9.40%, 6: 3.97%, 7: 1.78%, 8: 0.73%, 9: 0.42%, 10: 0.16%, 11: 0.10%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1893Response: | Success: | Total:
1894OK: | 179 ( 9.35%) | 303 ( 6.65%)
1895NXDOMAIN: | 1689 ( 88.20%) | 2924 ( 64.17%)
1896SERVFAIL: | 47 ( 2.45%) | 75 ( 1.65%)
1897REFUSED: | 0 ( 0.00%) | 1255 ( 27.54%)
1898FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1899
1900
1901
1902Processed queries: 1919
1903Received packets: 4603
1904Progress: 100.00% (00 h 00 min 06 sec / 00 h 00 min 06 sec)
1905Current incoming rate: 22 pps, average: 765 pps
1906Current success rate: 1 pps, average: 318 pps
1907Finished total: 1917, success: 1917 (100.00%)
1908Mismatched domains: 1882 (41.09%), IDs: 0 (0.00%)
1909Failures: 0: 1.77%, 1: 7.20%, 2: 28.53%, 3: 29.58%, 4: 16.43%, 5: 9.39%, 6: 3.96%, 7: 1.77%, 8: 0.73%, 9: 0.31%, 10: 0.16%, 11: 0.16%, 12: 0.05%, 13: 0.00%, 14: 0.05%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1910Response: | Success: | Total:
1911OK: | 179 ( 9.34%) | 303 ( 6.62%)
1912NXDOMAIN: | 1691 ( 88.21%) | 2945 ( 64.30%)
1913SERVFAIL: | 47 ( 2.45%) | 76 ( 1.66%)
1914REFUSED: | 0 ( 0.00%) | 1255 ( 27.40%)
1915FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1916
1917
1918
1919Processed queries: 1919
1920Received packets: 4609
1921Progress: 100.00% (00 h 00 min 07 sec / 00 h 00 min 07 sec)
1922Current incoming rate: 5 pps, average: 657 pps
1923Current success rate: 0 pps, average: 273 pps
1924Finished total: 1918, success: 1918 (100.00%)
1925Mismatched domains: 1887 (41.15%), IDs: 0 (0.00%)
1926Failures: 0: 1.77%, 1: 7.19%, 2: 28.52%, 3: 29.56%, 4: 16.42%, 5: 9.38%, 6: 3.96%, 7: 1.77%, 8: 0.73%, 9: 0.31%, 10: 0.16%, 11: 0.10%, 12: 0.05%, 13: 0.05%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1927Response: | Success: | Total:
1928OK: | 179 ( 9.33%) | 303 ( 6.61%)
1929NXDOMAIN: | 1692 ( 88.22%) | 2949 ( 64.30%)
1930SERVFAIL: | 47 ( 2.45%) | 76 ( 1.66%)
1931REFUSED: | 0 ( 0.00%) | 1257 ( 27.41%)
1932FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1933
1934
1935
1936Processed queries: 1919
1937Received packets: 4610
1938Progress: 100.00% (00 h 00 min 08 sec / 00 h 00 min 08 sec)
1939Current incoming rate: 0 pps, average: 575 pps
1940Current success rate: 0 pps, average: 239 pps
1941Finished total: 1918, success: 1918 (100.00%)
1942Mismatched domains: 1888 (41.16%), IDs: 0 (0.00%)
1943Failures: 0: 1.77%, 1: 7.19%, 2: 28.52%, 3: 29.56%, 4: 16.42%, 5: 9.38%, 6: 3.96%, 7: 1.77%, 8: 0.73%, 9: 0.31%, 10: 0.16%, 11: 0.10%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.10%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1944Response: | Success: | Total:
1945OK: | 179 ( 9.33%) | 303 ( 6.61%)
1946NXDOMAIN: | 1692 ( 88.22%) | 2949 ( 64.29%)
1947SERVFAIL: | 47 ( 2.45%) | 76 ( 1.66%)
1948REFUSED: | 0 ( 0.00%) | 1258 ( 27.43%)
1949FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1950
1951
1952
1953Processed queries: 1919
1954Received packets: 4616
1955Progress: 100.00% (00 h 00 min 09 sec / 00 h 00 min 09 sec)
1956Current incoming rate: 5 pps, average: 511 pps
1957Current success rate: 0 pps, average: 212 pps
1958Finished total: 1918, success: 1918 (100.00%)
1959Mismatched domains: 1894 (41.24%), IDs: 0 (0.00%)
1960Failures: 0: 1.77%, 1: 7.19%, 2: 28.52%, 3: 29.56%, 4: 16.42%, 5: 9.38%, 6: 3.96%, 7: 1.77%, 8: 0.73%, 9: 0.31%, 10: 0.16%, 11: 0.10%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.05%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1961Response: | Success: | Total:
1962OK: | 179 ( 9.33%) | 303 ( 6.60%)
1963NXDOMAIN: | 1692 ( 88.22%) | 2952 ( 64.27%)
1964SERVFAIL: | 47 ( 2.45%) | 77 ( 1.68%)
1965REFUSED: | 0 ( 0.00%) | 1259 ( 27.41%)
1966FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1967
1968
1969
1970Processed queries: 1919
1971Received packets: 4617
1972Progress: 100.00% (00 h 00 min 10 sec / 00 h 00 min 10 sec)
1973Current incoming rate: 0 pps, average: 460 pps
1974Current success rate: 0 pps, average: 191 pps
1975Finished total: 1918, success: 1918 (100.00%)
1976Mismatched domains: 1895 (41.25%), IDs: 0 (0.00%)
1977Failures: 0: 1.77%, 1: 7.19%, 2: 28.52%, 3: 29.56%, 4: 16.42%, 5: 9.38%, 6: 3.96%, 7: 1.77%, 8: 0.73%, 9: 0.31%, 10: 0.16%, 11: 0.10%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.05%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1978Response: | Success: | Total:
1979OK: | 179 ( 9.33%) | 303 ( 6.60%)
1980NXDOMAIN: | 1692 ( 88.22%) | 2952 ( 64.26%)
1981SERVFAIL: | 47 ( 2.45%) | 77 ( 1.68%)
1982REFUSED: | 0 ( 0.00%) | 1260 ( 27.43%)
1983FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1984
1985
1986
1987Processed queries: 1919
1988Received packets: 4622
1989Progress: 100.00% (00 h 00 min 11 sec / 00 h 00 min 11 sec)
1990Current incoming rate: 4 pps, average: 419 pps
1991Current success rate: 0 pps, average: 174 pps
1992Finished total: 1918, success: 1918 (100.00%)
1993Mismatched domains: 1900 (41.31%), IDs: 0 (0.00%)
1994Failures: 0: 1.77%, 1: 7.19%, 2: 28.52%, 3: 29.56%, 4: 16.42%, 5: 9.38%, 6: 3.96%, 7: 1.77%, 8: 0.73%, 9: 0.31%, 10: 0.16%, 11: 0.10%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.05%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1995Response: | Success: | Total:
1996OK: | 179 ( 9.33%) | 303 ( 6.59%)
1997NXDOMAIN: | 1692 ( 88.22%) | 2954 ( 64.23%)
1998SERVFAIL: | 47 ( 2.45%) | 78 ( 1.70%)
1999REFUSED: | 0 ( 0.00%) | 1262 ( 27.44%)
2000FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
2001
2002
2003
2004Processed queries: 1919
2005Received packets: 4629
2006Progress: 100.00% (00 h 00 min 12 sec / 00 h 00 min 12 sec)
2007Current incoming rate: 6 pps, average: 385 pps
2008Current success rate: 0 pps, average: 159 pps
2009Finished total: 1918, success: 1918 (100.00%)
2010Mismatched domains: 1907 (41.40%), IDs: 0 (0.00%)
2011Failures: 0: 1.77%, 1: 7.19%, 2: 28.52%, 3: 29.56%, 4: 16.42%, 5: 9.38%, 6: 3.96%, 7: 1.77%, 8: 0.73%, 9: 0.31%, 10: 0.16%, 11: 0.10%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.05%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
2012Response: | Success: | Total:
2013OK: | 179 ( 9.33%) | 303 ( 6.58%)
2014NXDOMAIN: | 1692 ( 88.22%) | 2954 ( 64.13%)
2015SERVFAIL: | 47 ( 2.45%) | 83 ( 1.80%)
2016REFUSED: | 0 ( 0.00%) | 1264 ( 27.44%)
2017FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
2018
2019
2020
2021Processed queries: 1919
2022Received packets: 4635
2023Progress: 100.00% (00 h 00 min 13 sec / 00 h 00 min 13 sec)
2024Current incoming rate: 5 pps, average: 355 pps
2025Current success rate: 0 pps, average: 147 pps
2026Finished total: 1918, success: 1918 (100.00%)
2027Mismatched domains: 1913 (41.48%), IDs: 0 (0.00%)
2028Failures: 0: 1.77%, 1: 7.19%, 2: 28.52%, 3: 29.56%, 4: 16.42%, 5: 9.38%, 6: 3.96%, 7: 1.77%, 8: 0.73%, 9: 0.31%, 10: 0.16%, 11: 0.10%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.05%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
2029Response: | Success: | Total:
2030OK: | 179 ( 9.33%) | 303 ( 6.57%)
2031NXDOMAIN: | 1692 ( 88.22%) | 2954 ( 64.05%)
2032SERVFAIL: | 47 ( 2.45%) | 88 ( 1.91%)
2033REFUSED: | 0 ( 0.00%) | 1265 ( 27.43%)
2034FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
2035
2036
2037
2038Processed queries: 1919
2039Received packets: 4636
2040Progress: 100.00% (00 h 00 min 14 sec / 00 h 00 min 14 sec)
2041Current incoming rate: 0 pps, average: 330 pps
2042Current success rate: 0 pps, average: 136 pps
2043Finished total: 1918, success: 1918 (100.00%)
2044Mismatched domains: 1914 (41.49%), IDs: 0 (0.00%)
2045Failures: 0: 1.77%, 1: 7.19%, 2: 28.52%, 3: 29.56%, 4: 16.42%, 5: 9.38%, 6: 3.96%, 7: 1.77%, 8: 0.73%, 9: 0.31%, 10: 0.16%, 11: 0.10%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.05%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
2046Response: | Success: | Total:
2047OK: | 179 ( 9.33%) | 303 ( 6.57%)
2048NXDOMAIN: | 1692 ( 88.22%) | 2954 ( 64.04%)
2049SERVFAIL: | 47 ( 2.45%) | 89 ( 1.93%)
2050REFUSED: | 0 ( 0.00%) | 1265 ( 27.42%)
2051FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
2052
2053
2054
2055Processed queries: 1919
2056Received packets: 4641
2057Progress: 100.00% (00 h 00 min 15 sec / 00 h 00 min 15 sec)
2058Current incoming rate: 4 pps, average: 308 pps
2059Current success rate: 0 pps, average: 127 pps
2060Finished total: 1918, success: 1918 (100.00%)
2061Mismatched domains: 1919 (41.55%), IDs: 0 (0.00%)
2062Failures: 0: 1.77%, 1: 7.19%, 2: 28.52%, 3: 29.56%, 4: 16.42%, 5: 9.38%, 6: 3.96%, 7: 1.77%, 8: 0.73%, 9: 0.31%, 10: 0.16%, 11: 0.10%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.05%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
2063Response: | Success: | Total:
2064OK: | 179 ( 9.33%) | 303 ( 6.56%)
2065NXDOMAIN: | 1692 ( 88.22%) | 2957 ( 64.03%)
2066SERVFAIL: | 47 ( 2.45%) | 89 ( 1.93%)
2067REFUSED: | 0 ( 0.00%) | 1267 ( 27.44%)
2068FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
2069
2070
2071
2072Processed queries: 1919
2073Received packets: 4643
2074Progress: 100.00% (00 h 00 min 16 sec / 00 h 00 min 16 sec)
2075Current incoming rate: 1 pps, average: 289 pps
2076Current success rate: 0 pps, average: 119 pps
2077Finished total: 1918, success: 1918 (100.00%)
2078Mismatched domains: 1921 (41.58%), IDs: 0 (0.00%)
2079Failures: 0: 1.77%, 1: 7.19%, 2: 28.52%, 3: 29.56%, 4: 16.42%, 5: 9.38%, 6: 3.96%, 7: 1.77%, 8: 0.73%, 9: 0.31%, 10: 0.16%, 11: 0.10%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.05%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
2080Response: | Success: | Total:
2081OK: | 179 ( 9.33%) | 303 ( 6.56%)
2082NXDOMAIN: | 1692 ( 88.22%) | 2958 ( 64.03%)
2083SERVFAIL: | 47 ( 2.45%) | 90 ( 1.95%)
2084REFUSED: | 0 ( 0.00%) | 1267 ( 27.42%)
2085FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
2086
2087
2088
2089Processed queries: 1919
2090Received packets: 4645
2091Progress: 100.00% (00 h 00 min 17 sec / 00 h 00 min 17 sec)
2092Current incoming rate: 1 pps, average: 272 pps
2093Current success rate: 0 pps, average: 112 pps
2094Finished total: 1918, success: 1918 (100.00%)
2095Mismatched domains: 1923 (41.61%), IDs: 0 (0.00%)
2096Failures: 0: 1.77%, 1: 7.19%, 2: 28.52%, 3: 29.56%, 4: 16.42%, 5: 9.38%, 6: 3.96%, 7: 1.77%, 8: 0.73%, 9: 0.31%, 10: 0.16%, 11: 0.10%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.05%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
2097Response: | Success: | Total:
2098OK: | 179 ( 9.33%) | 303 ( 6.56%)
2099NXDOMAIN: | 1692 ( 88.22%) | 2958 ( 64.00%)
2100SERVFAIL: | 47 ( 2.45%) | 90 ( 1.95%)
2101REFUSED: | 0 ( 0.00%) | 1269 ( 27.46%)
2102FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
2103
2104
2105
2106Processed queries: 1919
2107Received packets: 4646
2108Progress: 100.00% (00 h 00 min 18 sec / 00 h 00 min 18 sec)
2109Current incoming rate: 0 pps, average: 257 pps
2110Current success rate: 0 pps, average: 106 pps
2111Finished total: 1918, success: 1918 (100.00%)
2112Mismatched domains: 1924 (41.62%), IDs: 0 (0.00%)
2113Failures: 0: 1.77%, 1: 7.19%, 2: 28.52%, 3: 29.56%, 4: 16.42%, 5: 9.38%, 6: 3.96%, 7: 1.77%, 8: 0.73%, 9: 0.31%, 10: 0.16%, 11: 0.10%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.05%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
2114Response: | Success: | Total:
2115OK: | 179 ( 9.33%) | 303 ( 6.55%)
2116NXDOMAIN: | 1692 ( 88.22%) | 2958 ( 63.98%)
2117SERVFAIL: | 47 ( 2.45%) | 90 ( 1.95%)
2118REFUSED: | 0 ( 0.00%) | 1270 ( 27.47%)
2119FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
2120
2121
2122
2123Processed queries: 1919
2124Received packets: 4646
2125Progress: 100.00% (00 h 00 min 19 sec / 00 h 00 min 19 sec)
2126Current incoming rate: 0 pps, average: 244 pps
2127Current success rate: 0 pps, average: 100 pps
2128Finished total: 1918, success: 1918 (100.00%)
2129Mismatched domains: 1924 (41.62%), IDs: 0 (0.00%)
2130Failures: 0: 1.77%, 1: 7.19%, 2: 28.52%, 3: 29.56%, 4: 16.42%, 5: 9.38%, 6: 3.96%, 7: 1.77%, 8: 0.73%, 9: 0.31%, 10: 0.16%, 11: 0.10%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.05%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
2131Response: | Success: | Total:
2132OK: | 179 ( 9.33%) | 303 ( 6.55%)
2133NXDOMAIN: | 1692 ( 88.22%) | 2958 ( 63.98%)
2134SERVFAIL: | 47 ( 2.45%) | 90 ( 1.95%)
2135REFUSED: | 0 ( 0.00%) | 1270 ( 27.47%)
2136FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
2137
2138
2139
2140Processed queries: 1919
2141Received packets: 4648
2142Progress: 100.00% (00 h 00 min 20 sec / 00 h 00 min 20 sec)
2143Current incoming rate: 1 pps, average: 231 pps
2144Current success rate: 0 pps, average: 95 pps
2145Finished total: 1918, success: 1918 (100.00%)
2146Mismatched domains: 1926 (41.64%), IDs: 0 (0.00%)
2147Failures: 0: 1.77%, 1: 7.19%, 2: 28.52%, 3: 29.56%, 4: 16.42%, 5: 9.38%, 6: 3.96%, 7: 1.77%, 8: 0.73%, 9: 0.31%, 10: 0.16%, 11: 0.10%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.05%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
2148Response: | Success: | Total:
2149OK: | 179 ( 9.33%) | 303 ( 6.55%)
2150NXDOMAIN: | 1692 ( 88.22%) | 2958 ( 63.96%)
2151SERVFAIL: | 47 ( 2.45%) | 90 ( 1.95%)
2152REFUSED: | 0 ( 0.00%) | 1272 ( 27.50%)
2153FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
2154
2155
2156
2157Processed queries: 1919
2158Received packets: 4652
2159Progress: 100.00% (00 h 00 min 21 sec / 00 h 00 min 21 sec)
2160Current incoming rate: 3 pps, average: 221 pps
2161Current success rate: 0 pps, average: 91 pps
2162Finished total: 1918, success: 1918 (100.00%)
2163Mismatched domains: 1930 (41.69%), IDs: 0 (0.00%)
2164Failures: 0: 1.77%, 1: 7.19%, 2: 28.52%, 3: 29.56%, 4: 16.42%, 5: 9.38%, 6: 3.96%, 7: 1.77%, 8: 0.73%, 9: 0.31%, 10: 0.16%, 11: 0.10%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.05%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
2165Response: | Success: | Total:
2166OK: | 179 ( 9.33%) | 303 ( 6.55%)
2167NXDOMAIN: | 1692 ( 88.22%) | 2958 ( 63.90%)
2168SERVFAIL: | 47 ( 2.45%) | 92 ( 1.99%)
2169REFUSED: | 0 ( 0.00%) | 1274 ( 27.52%)
2170FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
2171
2172
2173
2174Processed queries: 1919
2175Received packets: 4656
2176Progress: 100.00% (00 h 00 min 22 sec / 00 h 00 min 22 sec)
2177Current incoming rate: 3 pps, average: 211 pps
2178Current success rate: 0 pps, average: 87 pps
2179Finished total: 1918, success: 1918 (100.00%)
2180Mismatched domains: 1934 (41.74%), IDs: 0 (0.00%)
2181Failures: 0: 1.77%, 1: 7.19%, 2: 28.52%, 3: 29.56%, 4: 16.42%, 5: 9.38%, 6: 3.96%, 7: 1.77%, 8: 0.73%, 9: 0.31%, 10: 0.16%, 11: 0.10%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.05%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
2182Response: | Success: | Total:
2183OK: | 179 ( 9.33%) | 303 ( 6.54%)
2184NXDOMAIN: | 1692 ( 88.22%) | 2958 ( 63.85%)
2185SERVFAIL: | 47 ( 2.45%) | 95 ( 2.05%)
2186REFUSED: | 0 ( 0.00%) | 1275 ( 27.52%)
2187FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
2188
2189
2190
2191Processed queries: 1919
2192Received packets: 4660
2193Progress: 100.00% (00 h 00 min 23 sec / 00 h 00 min 23 sec)
2194Current incoming rate: 3 pps, average: 202 pps
2195Current success rate: 0 pps, average: 83 pps
2196Finished total: 1918, success: 1918 (100.00%)
2197Mismatched domains: 1938 (41.79%), IDs: 0 (0.00%)
2198Failures: 0: 1.77%, 1: 7.19%, 2: 28.52%, 3: 29.56%, 4: 16.42%, 5: 9.38%, 6: 3.96%, 7: 1.77%, 8: 0.73%, 9: 0.31%, 10: 0.16%, 11: 0.10%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.05%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
2199Response: | Success: | Total:
2200OK: | 179 ( 9.33%) | 303 ( 6.53%)
2201NXDOMAIN: | 1692 ( 88.22%) | 2958 ( 63.79%)
2202SERVFAIL: | 47 ( 2.45%) | 97 ( 2.09%)
2203REFUSED: | 0 ( 0.00%) | 1277 ( 27.54%)
2204FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
2205
2206
2207
2208Processed queries: 1919
2209Received packets: 4663
2210Progress: 100.00% (00 h 00 min 24 sec / 00 h 00 min 24 sec)
2211Current incoming rate: 2 pps, average: 193 pps
2212Current success rate: 0 pps, average: 79 pps
2213Finished total: 1918, success: 1918 (100.00%)
2214Mismatched domains: 1941 (41.83%), IDs: 0 (0.00%)
2215Failures: 0: 1.77%, 1: 7.19%, 2: 28.52%, 3: 29.56%, 4: 16.42%, 5: 9.38%, 6: 3.96%, 7: 1.77%, 8: 0.73%, 9: 0.31%, 10: 0.16%, 11: 0.10%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.05%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
2216Response: | Success: | Total:
2217OK: | 179 ( 9.33%) | 303 ( 6.53%)
2218NXDOMAIN: | 1692 ( 88.22%) | 2959 ( 63.77%)
2219SERVFAIL: | 47 ( 2.45%) | 97 ( 2.09%)
2220REFUSED: | 0 ( 0.00%) | 1279 ( 27.56%)
2221FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
2222
2223
2224
2225Processed queries: 1919
2226Received packets: 4665
2227Progress: 100.00% (00 h 00 min 25 sec / 00 h 00 min 25 sec)
2228Current incoming rate: 1 pps, average: 186 pps
2229Current success rate: 0 pps, average: 76 pps
2230Finished total: 1918, success: 1918 (100.00%)
2231Mismatched domains: 1943 (41.86%), IDs: 0 (0.00%)
2232Failures: 0: 1.77%, 1: 7.19%, 2: 28.52%, 3: 29.56%, 4: 16.42%, 5: 9.38%, 6: 3.96%, 7: 1.77%, 8: 0.73%, 9: 0.31%, 10: 0.16%, 11: 0.10%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.05%, 50: 0.00%,
2233Response: | Success: | Total:
2234OK: | 179 ( 9.33%) | 303 ( 6.53%)
2235NXDOMAIN: | 1692 ( 88.22%) | 2959 ( 63.74%)
2236SERVFAIL: | 47 ( 2.45%) | 97 ( 2.09%)
2237REFUSED: | 0 ( 0.00%) | 1281 ( 27.60%)
2238FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
2239
2240
2241
2242Processed queries: 1919
2243Received packets: 4665
2244Progress: 100.00% (00 h 00 min 25 sec / 00 h 00 min 25 sec)
2245Current incoming rate: 0 pps, average: 185 pps
2246Current success rate: 0 pps, average: 76 pps
2247Finished total: 1919, success: 1918 (99.95%)
2248Mismatched domains: 1943 (41.86%), IDs: 0 (0.00%)
2249Failures: 0: 1.77%, 1: 7.19%, 2: 28.50%, 3: 29.55%, 4: 16.41%, 5: 9.38%, 6: 3.96%, 7: 1.77%, 8: 0.73%, 9: 0.31%, 10: 0.16%, 11: 0.10%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.05%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.05%,
2250Response: | Success: | Total:
2251OK: | 179 ( 9.33%) | 303 ( 6.53%)
2252NXDOMAIN: | 1692 ( 88.22%) | 2959 ( 63.74%)
2253SERVFAIL: | 47 ( 2.45%) | 97 ( 2.09%)
2254REFUSED: | 0 ( 0.00%) | 1281 ( 27.60%)
2255FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
2256www.turkmenajans.net
2257turkmenajans.net.
2258######################################################################################################################################
2259[*] Found SPF record:
2260[*] v=spf1 ip4:144.76.114.219 +a +mx +ip4:176.53.25.90 ~all
2261[*] SPF record contains an All item: ~all
2262[*] No DMARC record found. Looking for organizational record
2263[+] No organizational DMARC record
2264[+] Spoofing possible for www.turkmenajans.net!
2265######################################################################################################################################
2266WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
2267Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-24 18:26 EST
2268Nmap scan report for www.turkmenajans.net (144.76.114.219)
2269Host is up (0.28s latency).
2270rDNS record for 144.76.114.219: ns1.akinmedya.com
2271Not shown: 483 closed ports
2272PORT STATE SERVICE
227321/tcp open ftp
227453/tcp open domain
227580/tcp open http
2276110/tcp open pop3
2277143/tcp open imap
2278443/tcp open https
2279465/tcp open smtps
2280587/tcp open submission
2281993/tcp open imaps
2282995/tcp open pop3s
22833306/tcp open mysql
22843389/tcp open ms-wbt-server
22857080/tcp open empowerid
2286
2287Nmap done: 1 IP address (1 host up) scanned in 2.51 seconds
2288######################################################################################################################################
2289Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-24 18:26 EST
2290Nmap scan report for www.turkmenajans.net (144.76.114.219)
2291Host is up (0.16s latency).
2292rDNS record for 144.76.114.219: ns1.akinmedya.com
2293Not shown: 11 closed ports, 2 filtered ports
2294PORT STATE SERVICE
229553/udp open domain
229667/udp open|filtered dhcps
2297
2298Nmap done: 1 IP address (1 host up) scanned in 6.30 seconds
2299######################################################################################################################################
2300Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-24 18:26 EST
2301Stats: 0:01:45 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
2302NSE Timing: About 75.00% done; ETC: 18:28 (0:00:33 remaining)
2303Stats: 0:05:41 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
2304NSE Timing: About 78.79% done; ETC: 18:33 (0:01:30 remaining)
2305NSE: [ftp-brute] usernames: Time limit 10m00s exceeded.
2306NSE: [ftp-brute] usernames: Time limit 10m00s exceeded.
2307NSE: [ftp-brute] passwords: Time limit 10m00s exceeded.
2308Nmap scan report for www.turkmenajans.net (144.76.114.219)
2309Host is up (0.17s latency).
2310rDNS record for 144.76.114.219: ns1.akinmedya.com
2311
2312PORT STATE SERVICE VERSION
231321/tcp open ftp Pure-FTPd
2314| ftp-brute:
2315| Accounts: No valid accounts found
2316|_ Statistics: Performed 12801 guesses in 604 seconds, average tps: 19.8
2317| vulscan: VulDB - https://vuldb.com:
2318| [102925] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface pureftpd.passwd HTTP Request privilege escalation
2319| [57510] Pureftpd Pure-FTPd up to 0.x Memory Consumption denial of service
2320| [57504] Pureftpd Pure-FTPd up to 0.x ftp_parser.c Cleartext unknown vulnerability
2321|
2322| MITRE CVE - https://cve.mitre.org:
2323| [CVE-2004-0656] The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.
2324|
2325| SecurityFocus - https://www.securityfocus.com/bid/:
2326| [10664] PureFTPd Accept_Client Remote Denial of Service Vulnerability
2327|
2328| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2329| No findings
2330|
2331| Exploit-DB - https://www.exploit-db.com:
2332| No findings
2333|
2334| OpenVAS (Nessus) - http://www.openvas.org:
2335| No findings
2336|
2337| SecurityTracker - https://www.securitytracker.com:
2338| [1010701] PureFTPd Logic Bug in accept_client() Lets Remote Users Crash the FTP Daemon
2339| [1008135] (Claim is Retracted) PureFTPd Buffer Overflow in displayrate() Lets Remote Users Crash the Service
2340| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
2341| [1001126] PureFTPd May Allow Remote Users to Deny Service on the Server
2342|
2343| OSVDB - http://www.osvdb.org:
2344| No findings
2345|_
2346Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2347Aggressive OS guesses: Linux 3.10 - 4.11 (95%), Linux 3.2 - 4.9 (95%), Linux 3.18 (93%), Linux 3.16 (93%), Oracle VM Server 3.4.2 (Linux 4.1) (92%), ASUS RT-N56U WAP (Linux 3.4) (92%), Linux 3.1 (92%), Linux 3.2 (92%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (92%), HP P2000 G3 NAS device (91%)
2348No exact OS matches for host (test conditions non-ideal).
2349Network Distance: 13 hops
2350
2351TRACEROUTE (using port 21/tcp)
2352HOP RTT ADDRESS
23531 39.75 ms 10.242.204.1
23542 40.37 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
23553 50.33 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
23564 43.84 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
23575 75.70 ms motl-b1-link.telia.net (62.115.162.41)
23586 162.71 ms nyk-bb3-link.telia.net (62.115.137.142)
23597 162.71 ms ldn-bb4-link.telia.net (62.115.112.245)
23608 141.31 ms hbg-bb4-link.telia.net (62.115.122.160)
23619 162.70 ms nug-b1-link.telia.net (62.115.113.175)
236210 162.67 ms hetzner-ic-340780-nug-b1.c.telia.net (213.248.70.1)
236311 162.79 ms core23.fsn1.hetzner.com (213.239.252.230)
236412 162.83 ms ex9k2.dc10.fsn1.hetzner.com (213.239.229.62)
236513 141.37 ms ns1.akinmedya.com (144.76.114.219)
2366######################################################################################################################################
2367HTTP/1.1 200 OK
2368Connection: Keep-Alive
2369Content-Type: text/html; charset=UTF-8
2370Link: <https://www.turkmenajans.net/wp-json/>; rel="https://api.w.org/"
2371Etag: "472-1574415520;;;"
2372X-LiteSpeed-Cache: hit
2373Date: Sun, 24 Nov 2019 23:37:33 GMT
2374Server: LiteSpeed
2375
2376Allow: OPTIONS,HEAD,GET,POST
2377######################################################################################################################################
2378<!-- All in One SEO Pack 2.12 by Michael Torbert of Semper Fi Web Design[273,296] -->
2379<!-- /all in one seo pack -->
2380<!-- HaberMatik Mobil -->
2381<!-- HaberMatik V2.3 -->
2382<!--
2383 <!-- /#Header -->
2384 <!-- Üst Haberler -->
2385 <!-- /#Üst Haberler -->
2386 <!-- index.php -->
2387 <!-- Manşetler -->
2388 <!-- /#Manşetler -->
2389 <!-- Alt Manşet -->
2390 </div> <!-- /#Alt Manşet -->
2391 <!-- Güncel Haberler -->
2392 <div class="clear"></div> <!-- /#Güncel Haberler-->
2393 <!-- Foto Galeri -->
2394 <!-- /#FOTO GALERİ -->
2395 <!-- Renkli Tablar -->
2396 <!-- /#Renkli Tablar -->
2397 <!-- Video Galeri -->
2398 <!-- /#Video Galeri -->
2399 <!-- /#index.php container wrap630 fLeft -->
2400 <!-- // SİDEBAR \\-->
2401 <!-- Döviz -->
2402 <!-- /#Döviz -->
2403 <!-- Köşe Yazarları -->
2404 <!-- /#Köşe Yazarları -->
2405 <!-- \\ /#SİDEBAR //-->
2406 </div> <!-- /#globalContainer -->
2407</div> <!-- /#pageFull -->
2408<!-- = FOOTER = -->
2409<!-- Page generated by LiteSpeed Cache 2.9.8.6 on 2019-11-22 11:38:40 -->
2410######################################################################################################################################
2411 />
2412https://plus.google.com/+HüseyinBozan
2413https://www.turkmenajans.net
2414https://www.turkmenajans.net/
2415https://www.turkmenajans.net/bati-turkmeneli-dernegi-yeni-yerine-tasindi/
2416https://www.turkmenajans.net/bir-defter-bir-kalem-ile-bir-cocuk-okut/
2417https://www.turkmenajans.net/cobanbeyde-7000-kisiye-istihdam-saglayacak-dev-proje/
2418https://www.turkmenajans.net/cobanbey-saldirisini-planlayan-teroristler-yakalandi/
2419https://www.turkmenajans.net/cumhurbaskani-erdogan-suriye-konulu-uclu-zirve-sonrasi-aciklama-yapti-erdogan-suriyede-cozum-umudu-hic-bu-kadar-filizlenmedi-dedi-cumhurbaskani-erdogan-suriyede-cozum-umudu-hic-bu-kadar/
2420https://www.turkmenajans.net/feed
2421https://www.turkmenajans.net/firat-kalkani-harekatiyla-terorden-temizlenen-bolgelerde-suc-orani-yuzde-2ye-dustu/
2422https://www.turkmenajans.net/giris
2423https://www.turkmenajans.net/hersey-vatan-icin/
2424https://www.turkmenajans.net/iki-farkli-besiktas/
2425https://www.turkmenajans.net/iletisim
2426https://www.turkmenajans.net/kunye
2427https://www.turkmenajans.net/menbic-de-firatin-dogusu-da-bizi-ve-turkiyeyi-dort-gozle-bekliyor/
2428https://www.turkmenajans.net/operasyona-haziriz-emir-bekliyoruz/
2429https://www.turkmenajans.net/rusya-ile-iranin-hakimiyet-kavgasi-devam-ediyor/
2430https://www.turkmenajans.net/sitene-ekle
2431https://www.turkmenajans.net/suriye-lirasi-karsisinda-doviz-kurlari-ne-kadar/
2432https://www.turkmenajans.net/telaferden-ayrilan-turkmenlerin-yuzde-35i-bolgeye-donebildi/
2433https://www.turkmenajans.net/teror-orgutu-ypg-pkk-roj-multeci-kampinda-cocuklari-tutukladi/
2434https://www.turkmenajans.net/turkmenler-dernek-acilisinda-toplandi/
2435https://www.turkmenajans.net/turkmen-meclisi-baskani-genclerle-bulustu/
2436https://www.turkmenajans.net/wp-content/uploads/2019/02/1011146-300x166.jpg
2437https://www.turkmenajans.net/wp-content/uploads/2019/02/bbb731a01ff7eaefb17e572764526883_XL-300x177.jpg
2438http://www.facebook.com/turkmenajans1
2439http://www.turkmenajans.net/wp-content/themes/HaberMatikV2/images/icon/rss.png
2440http://www.turkmenajans.net/wp-content/themes/HaberMatikV2/lib/faziletapi.php
2441http://www.turkmenajans.net/wp-content/themes/HaberMatikV2/lib/hava.php?sehir=
2442http://www.w3.org/1999/xhtml
2443text/css
2444text/javascript
2445-//W3C//DTD XHTML 1.0 Transitional//EN
2446www.twitter.com/turkmenajans
2447######################################################################################################################################
2448http://www.turkmenajans.net [200 OK] All-in-one-SEO-Pack[2.12], Country[GERMANY][DE], HTTPServer[LiteSpeed], IP[144.76.114.219], JQuery[1.7.2], LiteSpeed, Open-Graph-Protocol[article], Script[JavaScript,text/javascript], Title[Türkmen Ajans |], UncommonHeaders[link,x-litespeed-cache], WordPress
2449######################################################################################################################################
2450
2451wig - WebApp Information Gatherer
2452
2453
2454Scanning http://www.turkmenajans.net...
2455_______________________________ SITE INFO _______________________________
2456IP Title
2457144.76.114.219 Türkmen Ajans |
2458
2459________________________________ VERSION ________________________________
2460Name Versions Type
2461WordPress 5.1.1 CMS
2462litespeed Platform
2463
2464______________________________ INTERESTING ______________________________
2465URL Note Type
2466/readme.html Readme file Interesting
2467/robots.txt robots.txt index Interesting
2468/login/ Login Page Interesting
2469
2470_________________________________ TOOLS _________________________________
2471Name Link Software
2472wpscan https://github.com/wpscanteam/wpscan WordPress
2473CMSmap https://github.com/Dionach/CMSmap WordPress
2474
2475_________________________________________________________________________
2476Time: 46.8 sec Urls: 272 Fingerprints: 40401
2477######################################################################################################################################
2478Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-24 18:40 EST
2479NSE: Loaded 163 scripts for scanning.
2480NSE: Script Pre-scanning.
2481Initiating NSE at 18:40
2482Completed NSE at 18:40, 0.00s elapsed
2483Initiating NSE at 18:40
2484Completed NSE at 18:40, 0.00s elapsed
2485Initiating Parallel DNS resolution of 1 host. at 18:40
2486Completed Parallel DNS resolution of 1 host. at 18:40, 0.03s elapsed
2487Initiating SYN Stealth Scan at 18:40
2488Scanning www.turkmenajans.net (144.76.114.219) [1 port]
2489Discovered open port 80/tcp on 144.76.114.219
2490Completed SYN Stealth Scan at 18:40, 0.33s elapsed (1 total ports)
2491Initiating Service scan at 18:40
2492Scanning 1 service on www.turkmenajans.net (144.76.114.219)
2493Completed Service scan at 18:40, 6.30s elapsed (1 service on 1 host)
2494Initiating OS detection (try #1) against www.turkmenajans.net (144.76.114.219)
2495Retrying OS detection (try #2) against www.turkmenajans.net (144.76.114.219)
2496Initiating Traceroute at 18:40
2497Completed Traceroute at 18:40, 3.01s elapsed
2498Initiating Parallel DNS resolution of 12 hosts. at 18:40
2499Completed Parallel DNS resolution of 12 hosts. at 18:40, 0.15s elapsed
2500NSE: Script scanning 144.76.114.219.
2501Initiating NSE at 18:40
2502NSE: [http-wordpress-enum 144.76.114.219:80] got no answers from pipelined queries
2503Completed NSE at 18:46, 333.52s elapsed
2504Initiating NSE at 18:46
2505Completed NSE at 18:46, 0.82s elapsed
2506Nmap scan report for www.turkmenajans.net (144.76.114.219)
2507Host is up (0.17s latency).
2508rDNS record for 144.76.114.219: ns1.akinmedya.com
2509
2510PORT STATE SERVICE VERSION
251180/tcp open http LiteSpeed httpd
2512| http-brute:
2513|_ Path "/" does not require authentication
2514|_http-chrono: Request times for /; avg: 8847.92ms; min: 8481.99ms; max: 9859.15ms
2515| http-csrf:
2516| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=www.turkmenajans.net
2517| Found the following possible CSRF vulnerabilities:
2518|
2519| Path: http://www.turkmenajans.net:80/
2520| Form id:
2521|_ Form action: https://www.turkmenajans.net/
2522|_http-date: Sun, 24 Nov 2019 23:40:38 GMT; -1s from local time.
2523|_http-devframework: Wordpress detected. Found common traces on /
2524|_http-dombased-xss: Couldn't find any DOM based XSS.
2525|_http-errors: ERROR: Script execution failed (use -d to debug)
2526|_http-feed: ERROR: Script execution failed (use -d to debug)
2527|_http-fetch: Please enter the complete path of the directory to save data in.
2528| http-headers:
2529| Connection: close
2530| Content-Type: text/html; charset=UTF-8
2531| Link: <https://www.turkmenajans.net/wp-json/>; rel="https://api.w.org/"
2532| Etag: "472-1574415520;;;"
2533| X-LiteSpeed-Cache: hit
2534| Date: Sun, 24 Nov 2019 23:40:37 GMT
2535| Server: LiteSpeed
2536|
2537|_ (Request type: HEAD)
2538|_http-jsonp-detection: Couldn't find any JSONP endpoints.
2539| http-methods:
2540|_ Supported Methods: OPTIONS HEAD GET POST
2541|_http-mobileversion-checker: No mobile version detected.
2542| http-php-version: Logo query returned unknown hash c9909b880c84eb70a076816da4c717c8
2543|_Credits query returned unknown hash 48b5c29b830fd31d5db6c1ec54a45f1d
2544|_http-phpself-xss: ERROR: Script execution failed (use -d to debug)
2545| http-robots.txt: 1 disallowed entry
2546|_/wp-admin/
2547|_http-security-headers:
2548|_http-server-header: LiteSpeed
2549| http-sitemap-generator:
2550| Directory structure:
2551| /
2552| Other: 1
2553| Longest directory structure:
2554| Depth: 0
2555| Dir: /
2556| Total files found (by extension):
2557|_ Other: 1
2558|_http-sql-injection: ERROR: Script execution failed (use -d to debug)
2559|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
2560|_http-title: T\xC3\xBCrkmen Ajans |
2561| http-vhosts:
2562|_127 names had status 200
2563|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
2564|_http-xssed: No previously reported XSS vuln.
2565| vulscan: VulDB - https://vuldb.com:
2566| [127415] LiteSpeed OpenLiteSpeed up to 1.5.0 RC5 Byte Sequence Request privilege escalation
2567| [106897] Open Litespeed up to 1.3.9 Use-After-Free memory corruption
2568| [62114] Litespeedtech LiteSpeed Web Server 4.1.11 cross site scripting
2569| [53729] Litespeedtech LiteSpeed Web Server information disclosure
2570| [39420] Litespeed Technologies LiteSpeed Web Server up to 3.2.2 php%00.txt information disclosure
2571|
2572| MITRE CVE - https://cve.mitre.org:
2573| [CVE-2012-4871] Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.
2574| [CVE-2010-2333] LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
2575| [CVE-2007-5654] LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection."
2576| [CVE-2005-3695] Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter.
2577|
2578| SecurityFocus - https://www.securityfocus.com/bid/:
2579| [82240] PHP LiteSpeed SAPI Out of Bounds Read Memory Corruption Vulnerability
2580| [82027] PHP 'sapi/litespeed/lsapilib.c' Information Disclosure Vulnerability
2581| [74806] OpenLiteSpeed Heap Based Buffer Overflow and Denial of Service Vulnerabilities
2582| [74207] LiteSpeed Web Server 'httpreq.cpp' Use After Free Denial of Service Vulnerability
2583| [63484] LiteSpeed Web Server Local Privilege Escalation Vulnerability
2584| [63481] LiteSpeed Web Server Race Condition Insecure Temporary File Creation Vulnerability
2585| [55946] LiteSpeed Web Server 'gtitle' parameter Cross Site Scripting Vulnerability
2586| [45382] PHP LiteSpeed SAPI Arbitrary Code Execution Vulnerability
2587| [40815] LiteSpeed Web Server Source Code Information Disclosure Vulnerability
2588| [38317] LiteSpeed Web Server Cross Site Scripting and Request Forgery Vulnerabilities
2589| [36268] LiteSpeed Web Server Multiple Unspecified Remote Security Vulnerabilities
2590| [26163] LiteSpeed Web Server Null-Byte Handling Information Disclosure Vulnerability
2591| [15485] LiteSpeed ConfMgr.php Cross-Site Scripting Vulnerability
2592|
2593| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2594| [74144] LiteSpeed graph_html.php cross-site scripting
2595| [63979] LiteSpeed Web Server Null buffer overflow
2596| [59385] LiteSpeed Web Server information disclosure
2597| [56389] LiteSpeed Web Server Admin interface cross-site scripting
2598| [56388] LiteSpeed Web Server confMgr.php cross-site request forgery
2599| [54537] LiteSpeed Web Server post-authentication code execution
2600| [54536] LiteSpeed Web Server Lshttpd denial of service
2601| [37380] LiteSpeed Web Server mime-type information disclosure
2602| [23086] LiteSpeed Web Server /admin/config/confMgr.php cross-site scripting
2603|
2604| Exploit-DB - https://www.exploit-db.com:
2605| [26535] LiteSpeed 2.1.5 ConfMgr.php Cross-Site Scripting Vulnerability
2606| [15723] FreeBSD LiteSpeed Web Server 4.0.17 with PHP - Remote Exploit
2607| [13850] Litespeed Technologies Web Server Remote Poison null byte Exploit
2608| [11503] Litespeed Web Server 4.0.12 - (Add Admin) CSRF and XSS Vulnerabilities
2609| [4556] LiteSpeed Web Server <= 3.2.3 - Remote Source Code Disclosure Vuln
2610|
2611| OpenVAS (Nessus) - http://www.openvas.org:
2612| [100744] LiteSpeed Web Server Source Code Information Disclosure Vulnerability
2613|
2614| SecurityTracker - https://www.securitytracker.com:
2615| [1015234] LiteSpeed Web Server Input Validation Flaw in 'confMgr.php' Permits Cross-Site Scripting Attacks
2616|
2617| OSVDB - http://www.osvdb.org:
2618| [80213] LiteSpeed Web Server Admin Panel service/graph_html.php gtitle Parameter XSS
2619| [69916] LiteSpeed Web Server HTTP Header LSAPI PHP Extension Processing Overflow
2620| [65476] LiteSpeed Web Server Script Source Code Information Disclosure
2621| [62449] LiteSpeed Web Server Admin User Creation CSRF
2622| [57910] LiteSpeed Web Server Unspecified Post-authentication Issue
2623| [57909] LiteSpeed Web Server lshttpd Unspecified Infinite Loop DoS
2624| [41867] LiteSpeed Web Server MIME Type Injection Null Byte Script Source Code Disclosure
2625| [20908] LiteSpeed Web Server WebAdmin confMgr.php m Parameter XSS
2626|_
2627Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2628Aggressive OS guesses: Linux 3.10 - 4.11 (95%), Linux 3.18 (95%), Linux 3.2 - 4.9 (95%), Linux 3.16 (95%), ASUS RT-N56U WAP (Linux 3.4) (94%), Oracle VM Server 3.4.2 (Linux 4.1) (92%), Linux 3.1 (92%), Linux 3.2 (92%), Linux 3.12 (92%), Linux 3.13 (92%)
2629No exact OS matches for host (test conditions non-ideal).
2630Uptime guess: 16.626 days (since Fri Nov 8 03:44:51 2019)
2631Network Distance: 13 hops
2632TCP Sequence Prediction: Difficulty=260 (Good luck!)
2633IP ID Sequence Generation: All zeros
2634
2635TRACEROUTE (using port 80/tcp)
2636HOP RTT ADDRESS
26371 56.32 ms 10.242.204.1
26382 55.60 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
26393 38.15 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
26404 42.06 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
26415 24.77 ms motl-b1-link.telia.net (62.115.183.72)
26426 ...
26437 156.55 ms ldn-bb4-link.telia.net (62.115.112.245)
26448 127.17 ms hbg-bb4-link.telia.net (62.115.122.160)
26459 136.52 ms nug-b1-link.telia.net (62.115.113.175)
264610 136.55 ms hetzner-ic-340780-nug-b1.c.telia.net (213.248.70.1)
264711 136.57 ms core24.fsn1.hetzner.com (213.239.252.234)
264812 136.72 ms ex9k2.dc10.fsn1.hetzner.com (213.239.229.58)
264913 136.62 ms ns1.akinmedya.com (144.76.114.219)
2650
2651NSE: Script Post-scanning.
2652Initiating NSE at 18:46
2653Completed NSE at 18:46, 0.00s elapsed
2654Initiating NSE at 18:46
2655Completed NSE at 18:46, 0.00s elapsed
2656######################################################################################################################################
2657------------------------------------------------------------------------------------------------------------------------
2658
2659[ ! ] Starting SCANNER INURLBR 2.1 at [24-11-2019 18:46:28]
2660[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
2661It is the end user's responsibility to obey all applicable local, state and federal laws.
2662Developers assume no liability and are not responsible for any misuse or damage caused by this program
2663
2664[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.turkmenajans.net/output/inurlbr-www.turkmenajans.net ]
2665[ INFO ][ DORK ]::[ site:www.turkmenajans.net ]
2666[ INFO ][ SEARCHING ]:: {
2667[ INFO ][ ENGINE ]::[ GOOGLE - www.google.at ]
2668
2669[ INFO ][ SEARCHING ]::
2670-[:::]
2671[ INFO ][ ENGINE ]::[ GOOGLE API ]
2672
2673[ INFO ][ SEARCHING ]::
2674-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
2675[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.cn ID: 003917828085772992913:gmoeray5sa8 ]
2676
2677[ INFO ][ SEARCHING ]::
2678-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
2679
2680[ INFO ][ TOTAL FOUND VALUES ]:: [ 37 ]
2681
2682
2683 _[ - ]::--------------------------------------------------------------------------------------------------------------
2684|_[ + ] [ 0 / 37 ]-[18:46:45] [ - ]
2685|_[ + ] Target:: [ https://www.turkmenajans.net/ ]
2686|_[ + ] Exploit::
2687|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2688|_[ + ] More details:: / - / , ISP:
2689|_[ + ] Found:: UNIDENTIFIED
2690
2691 _[ - ]::--------------------------------------------------------------------------------------------------------------
2692|_[ + ] [ 1 / 37 ]-[18:46:46] [ - ]
2693|_[ + ] Target:: [ https://www.turkmenajans.net/kunye/ ]
2694|_[ + ] Exploit::
2695|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2696|_[ + ] More details:: / - / , ISP:
2697|_[ + ] Found:: UNIDENTIFIED
2698
2699 _[ - ]::--------------------------------------------------------------------------------------------------------------
2700|_[ + ] [ 2 / 37 ]-[18:46:48] [ - ]
2701|_[ + ] Target:: [ https://www.turkmenajans.net/giris/ ]
2702|_[ + ] Exploit::
2703|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2704|_[ + ] More details:: / - / , ISP:
2705|_[ + ] Found:: UNIDENTIFIED
2706
2707 _[ - ]::--------------------------------------------------------------------------------------------------------------
2708|_[ + ] [ 3 / 37 ]-[18:46:53] [ - ]
2709|_[ + ] Target:: [ https://www.turkmenajans.net/iletisim/ ]
2710|_[ + ] Exploit::
2711|_[ + ] Information Server:: , , IP::0
2712|_[ + ] More details::
2713|_[ + ] Found:: UNIDENTIFIED
2714
2715 _[ - ]::--------------------------------------------------------------------------------------------------------------
2716|_[ + ] [ 4 / 37 ]-[18:46:54] [ - ]
2717|_[ + ] Target:: [ https://www.turkmenajans.net/dsc_4007/ ]
2718|_[ + ] Exploit::
2719|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2720|_[ + ] More details:: / - / , ISP:
2721|_[ + ] Found:: UNIDENTIFIED
2722
2723 _[ - ]::--------------------------------------------------------------------------------------------------------------
2724|_[ + ] [ 5 / 37 ]-[18:46:56] [ - ]
2725|_[ + ] Target:: [ https://www.turkmenajans.net/sitene-ekle/ ]
2726|_[ + ] Exploit::
2727|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2728|_[ + ] More details:: / - / , ISP:
2729|_[ + ] Found:: UNIDENTIFIED
2730
2731 _[ - ]::--------------------------------------------------------------------------------------------------------------
2732|_[ + ] [ 6 / 37 ]-[18:46:57] [ - ]
2733|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/cerablus/ ]
2734|_[ + ] Exploit::
2735|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2736|_[ + ] More details:: / - / , ISP:
2737|_[ + ] Found:: UNIDENTIFIED
2738
2739 _[ - ]::--------------------------------------------------------------------------------------------------------------
2740|_[ + ] [ 7 / 37 ]-[18:46:58] [ - ]
2741|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/teroristler/ ]
2742|_[ + ] Exploit::
2743|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2744|_[ + ] More details:: / - / , ISP:
2745|_[ + ] Found:: UNIDENTIFIED
2746
2747 _[ - ]::--------------------------------------------------------------------------------------------------------------
2748|_[ + ] [ 8 / 37 ]-[18:46:59] [ - ]
2749|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/iran/ ]
2750|_[ + ] Exploit::
2751|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2752|_[ + ] More details:: / - / , ISP:
2753|_[ + ] Found:: UNIDENTIFIED
2754
2755 _[ - ]::--------------------------------------------------------------------------------------------------------------
2756|_[ + ] [ 9 / 37 ]-[18:47:01] [ - ]
2757|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/adalet/ ]
2758|_[ + ] Exploit::
2759|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2760|_[ + ] More details:: / - / , ISP:
2761|_[ + ] Found:: UNIDENTIFIED
2762
2763 _[ - ]::--------------------------------------------------------------------------------------------------------------
2764|_[ + ] [ 10 / 37 ]-[18:47:02] [ - ]
2765|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/turkiye/ ]
2766|_[ + ] Exploit::
2767|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2768|_[ + ] More details:: / - / , ISP:
2769|_[ + ] Found:: UNIDENTIFIED
2770
2771 _[ - ]::--------------------------------------------------------------------------------------------------------------
2772|_[ + ] [ 11 / 37 ]-[18:47:03] [ - ]
2773|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/itc/ ]
2774|_[ + ] Exploit::
2775|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2776|_[ + ] More details:: / - / , ISP:
2777|_[ + ] Found:: UNIDENTIFIED
2778
2779 _[ - ]::--------------------------------------------------------------------------------------------------------------
2780|_[ + ] [ 12 / 37 ]-[18:47:04] [ - ]
2781|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/hama/ ]
2782|_[ + ] Exploit::
2783|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2784|_[ + ] More details:: / - / , ISP:
2785|_[ + ] Found:: UNIDENTIFIED
2786
2787 _[ - ]::--------------------------------------------------------------------------------------------------------------
2788|_[ + ] [ 13 / 37 ]-[18:47:11] [ - ]
2789|_[ + ] Target:: [ https://www.turkmenajans.net/tum-yazarlar/ ]
2790|_[ + ] Exploit::
2791|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2792|_[ + ] More details:: / - / , ISP:
2793|_[ + ] Found:: UNIDENTIFIED
2794
2795 _[ - ]::--------------------------------------------------------------------------------------------------------------
2796|_[ + ] [ 14 / 37 ]-[18:47:12] [ - ]
2797|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/tsk/ ]
2798|_[ + ] Exploit::
2799|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2800|_[ + ] More details:: / - / , ISP:
2801|_[ + ] Found:: UNIDENTIFIED
2802
2803 _[ - ]::--------------------------------------------------------------------------------------------------------------
2804|_[ + ] [ 15 / 37 ]-[18:47:13] [ - ]
2805|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/bagcilar/ ]
2806|_[ + ] Exploit::
2807|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2808|_[ + ] More details:: / - / , ISP:
2809|_[ + ] Found:: UNIDENTIFIED
2810
2811 _[ - ]::--------------------------------------------------------------------------------------------------------------
2812|_[ + ] [ 16 / 37 ]-[18:47:14] [ - ]
2813|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/oso/ ]
2814|_[ + ] Exploit::
2815|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2816|_[ + ] More details:: / - / , ISP:
2817|_[ + ] Found:: UNIDENTIFIED
2818
2819 _[ - ]::--------------------------------------------------------------------------------------------------------------
2820|_[ + ] [ 17 / 37 ]-[18:47:15] [ - ]
2821|_[ + ] Target:: [ https://www.turkmenajans.net/gazete-mansetleri/ ]
2822|_[ + ] Exploit::
2823|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2824|_[ + ] More details:: / - / , ISP:
2825|_[ + ] Found:: UNIDENTIFIED
2826
2827 _[ - ]::--------------------------------------------------------------------------------------------------------------
2828|_[ + ] [ 18 / 37 ]-[18:47:16] [ - ]
2829|_[ + ] Target:: [ https://www.turkmenajans.net/kayit-ol/ ]
2830|_[ + ] Exploit::
2831|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2832|_[ + ] More details:: / - / , ISP:
2833|_[ + ] Found:: UNIDENTIFIED
2834
2835 _[ - ]::--------------------------------------------------------------------------------------------------------------
2836|_[ + ] [ 19 / 37 ]-[18:47:18] [ - ]
2837|_[ + ] Target:: [ https://www.turkmenajans.net/hersey-vatan-icin/ ]
2838|_[ + ] Exploit::
2839|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2840|_[ + ] More details:: / - / , ISP:
2841|_[ + ] Found:: UNIDENTIFIED
2842
2843 _[ - ]::--------------------------------------------------------------------------------------------------------------
2844|_[ + ] [ 20 / 37 ]-[18:47:19] [ - ]
2845|_[ + ] Target:: [ https://www.turkmenajans.net/iki-farkli-besiktas/ ]
2846|_[ + ] Exploit::
2847|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2848|_[ + ] More details:: / - / , ISP:
2849|_[ + ] Found:: UNIDENTIFIED
2850
2851 _[ - ]::--------------------------------------------------------------------------------------------------------------
2852|_[ + ] [ 21 / 37 ]-[18:47:20] [ - ]
2853|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/turkmen-ajans/ ]
2854|_[ + ] Exploit::
2855|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2856|_[ + ] More details:: / - / , ISP:
2857|_[ + ] Found:: UNIDENTIFIED
2858
2859 _[ - ]::--------------------------------------------------------------------------------------------------------------
2860|_[ + ] [ 22 / 37 ]-[18:47:21] [ - ]
2861|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/el-muhaberat/ ]
2862|_[ + ] Exploit::
2863|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2864|_[ + ] More details:: / - / , ISP:
2865|_[ + ] Found:: UNIDENTIFIED
2866
2867 _[ - ]::--------------------------------------------------------------------------------------------------------------
2868|_[ + ] [ 23 / 37 ]-[18:47:23] [ - ]
2869|_[ + ] Target:: [ https://www.turkmenajans.net/turkmenler-dernek-acilisinda-toplandi/ ]
2870|_[ + ] Exploit::
2871|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2872|_[ + ] More details:: / - / , ISP:
2873|_[ + ] Found:: UNIDENTIFIED
2874
2875 _[ - ]::--------------------------------------------------------------------------------------------------------------
2876|_[ + ] [ 24 / 37 ]-[18:47:24] [ - ]
2877|_[ + ] Target:: [ https://www.turkmenajans.net/operasyona-haziriz-emir-bekliyoruz/ ]
2878|_[ + ] Exploit::
2879|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2880|_[ + ] More details:: / - / , ISP:
2881|_[ + ] Found:: UNIDENTIFIED
2882
2883 _[ - ]::--------------------------------------------------------------------------------------------------------------
2884|_[ + ] [ 25 / 37 ]-[18:47:26] [ - ]
2885|_[ + ] Target:: [ https://www.turkmenajans.net/cobanbey-saldirisini-planlayan-teroristler-yakalandi/ ]
2886|_[ + ] Exploit::
2887|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2888|_[ + ] More details:: / - / , ISP:
2889|_[ + ] Found:: UNIDENTIFIED
2890
2891 _[ - ]::--------------------------------------------------------------------------------------------------------------
2892|_[ + ] [ 26 / 37 ]-[18:47:27] [ - ]
2893|_[ + ] Target:: [ http://www.turkmenajans.net/bati-turkmeneli-dernegi-yeni-yerine-tasindi/ ]
2894|_[ + ] Exploit::
2895|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:80
2896|_[ + ] More details:: / - / , ISP:
2897|_[ + ] Found:: UNIDENTIFIED
2898
2899 _[ - ]::--------------------------------------------------------------------------------------------------------------
2900|_[ + ] [ 27 / 37 ]-[18:47:29] [ - ]
2901|_[ + ] Target:: [ https://www.turkmenajans.net/oruc-dis-sagligi-icin-firsat-olabilir/ ]
2902|_[ + ] Exploit::
2903|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2904|_[ + ] More details:: / - / , ISP:
2905|_[ + ] Found:: UNIDENTIFIED
2906
2907 _[ - ]::--------------------------------------------------------------------------------------------------------------
2908|_[ + ] [ 28 / 37 ]-[18:47:32] [ - ]
2909|_[ + ] Target:: [ https://www.turkmenajans.net/rusya-ile-iranin-hakimiyet-kavgasi-devam-ediyor/ ]
2910|_[ + ] Exploit::
2911|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2912|_[ + ] More details:: / - / , ISP:
2913|_[ + ] Found:: UNIDENTIFIED
2914
2915 _[ - ]::--------------------------------------------------------------------------------------------------------------
2916|_[ + ] [ 29 / 37 ]-[18:47:34] [ - ]
2917|_[ + ] Target:: [ https://www.turkmenajans.net/cobanbeyde-7000-kisiye-istihdam-saglayacak-dev-proje/ ]
2918|_[ + ] Exploit::
2919|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2920|_[ + ] More details:: / - / , ISP:
2921|_[ + ] Found:: UNIDENTIFIED
2922
2923 _[ - ]::--------------------------------------------------------------------------------------------------------------
2924|_[ + ] [ 30 / 37 ]-[18:47:35] [ - ]
2925|_[ + ] Target:: [ https://www.turkmenajans.net/telaferden-ayrilan-turkmenlerin-yuzde-35i-bolgeye-donebildi/ ]
2926|_[ + ] Exploit::
2927|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2928|_[ + ] More details:: / - / , ISP:
2929|_[ + ] Found:: UNIDENTIFIED
2930
2931 _[ - ]::--------------------------------------------------------------------------------------------------------------
2932|_[ + ] [ 31 / 37 ]-[18:47:36] [ - ]
2933|_[ + ] Target:: [ https://www.turkmenajans.net/suriye-lirasi-karsisinda-doviz-kurlari-ne-kadar/ ]
2934|_[ + ] Exploit::
2935|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2936|_[ + ] More details:: / - / , ISP:
2937|_[ + ] Found:: UNIDENTIFIED
2938
2939 _[ - ]::--------------------------------------------------------------------------------------------------------------
2940|_[ + ] [ 32 / 37 ]-[18:47:37] [ - ]
2941|_[ + ] Target:: [ https://www.turkmenajans.net/bir-defter-bir-kalem-ile-bir-cocuk-okut/ ]
2942|_[ + ] Exploit::
2943|_[ + ] Information Server:: HTTP/2 200 , , IP:144.76.114.219:443
2944|_[ + ] More details:: / - / , ISP:
2945|_[ + ] Found:: UNIDENTIFIED
2946
2947 _[ - ]::--------------------------------------------------------------------------------------------------------------
2948|_[ + ] [ 33 / 37 ]-[18:47:38] [ - ]
2949|_[ + ] Target:: [ https://www.turkmenajans.net/teror-orgutu-ypg-pkk-roj-multeci-kampinda-cocuklari-tutukladi/ ]
2950|_[ + ] Exploit::
2951|_[ + ] Information Server:: , , IP:144.76.114.219:443
2952|_[ + ] More details:: / - / , ISP:
2953|_[ + ] Found:: UNIDENTIFIED
2954
2955 _[ - ]::--------------------------------------------------------------------------------------------------------------
2956|_[ + ] [ 34 / 37 ]-[18:47:39] [ - ]
2957|_[ + ] Target:: [ https://www.turkmenajans.net/menbic-de-firatin-dogusu-da-bizi-ve-turkiyeyi-dort-gozle-bekliyor/ ]
2958|_[ + ] Exploit::
2959|_[ + ] Information Server:: , , IP:144.76.114.219:443
2960|_[ + ] More details:: / - / , ISP:
2961|_[ + ] Found:: UNIDENTIFIED
2962
2963 _[ - ]::--------------------------------------------------------------------------------------------------------------
2964|_[ + ] [ 35 / 37 ]-[18:47:40] [ - ]
2965|_[ + ] Target:: [ https://www.turkmenajans.net/firat-kalkani-harekatiyla-terorden-temizlenen-bolgelerde-suc-orani-yuzde-2ye-dustu/ ]
2966|_[ + ] Exploit::
2967|_[ + ] Information Server:: , , IP:144.76.114.219:443
2968|_[ + ] More details:: / - / , ISP:
2969|_[ + ] Found:: UNIDENTIFIED
2970
2971 _[ - ]::--------------------------------------------------------------------------------------------------------------
2972|_[ + ] [ 36 / 37 ]-[18:47:48] [ - ]
2973|_[ + ] Target:: [ https://www.turkmenajans.net/cumhurbaskani-erdogan-suriye-konulu-uclu-zirve-sonrasi-aciklama-yapti-erdogan-suriyede-cozum-umudu-hic-bu-kadar-filizlenmedi-dedi-cumhurbaskani-erdogan-suriyede-cozum-umudu-hic-bu-kadar/ ]
2974|_[ + ] Exploit::
2975|_[ + ] Information Server:: , , IP::0
2976|_[ + ] More details::
2977|_[ + ] Found:: UNIDENTIFIED
2978
2979[ INFO ] [ Shutting down ]
2980[ INFO ] [ End of process INURLBR at [24-11-2019 18:47:48]
2981[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
2982[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.turkmenajans.net/output/inurlbr-www.turkmenajans.net ]
2983|_________________________________________________________________________________________
2984
2985\_________________________________________________________________________________________/
2986######################################################################################################################################
2987tee: /usr/share/sniper/loot/workspace/www.turkmenajans.net/output/nmap-www.turkmenajans.net-port110.txt: Aucun fichier ou dossier de ce type
2988Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-24 18:47 EST
2989Stats: 0:07:22 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
2990NSE Timing: About 69.12% done; ETC: 18:58 (0:03:12 remaining)
2991NSE: [pop3-brute] usernames: Time limit 10m00s exceeded.
2992NSE: [pop3-brute] usernames: Time limit 10m00s exceeded.
2993NSE: [pop3-brute] passwords: Time limit 10m00s exceeded.
2994Nmap scan report for www.turkmenajans.net (144.76.114.219)
2995Host is up (0.17s latency).
2996rDNS record for 144.76.114.219: ns1.akinmedya.com
2997
2998PORT STATE SERVICE VERSION
2999110/tcp open pop3 Dovecot pop3d
3000| pop3-brute:
3001| Accounts: No valid accounts found
3002|_ Statistics: Performed 697 guesses in 617 seconds, average tps: 1.1
3003|_pop3-capabilities: TOP USER PIPELINING RESP-CODES SASL(PLAIN LOGIN) AUTH-RESP-CODE UIDL CAPA STLS
3004| vulscan: VulDB - https://vuldb.com:
3005| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
3006| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
3007| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
3008| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
3009| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
3010| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
3011| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
3012| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
3013| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
3014| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
3015| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
3016| [69835] Dovecot 2.2.0/2.2.1 denial of service
3017| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
3018| [65684] Dovecot up to 2.2.6 unknown vulnerability
3019| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
3020| [63692] Dovecot up to 2.0.15 spoofing
3021| [7062] Dovecot 2.1.10 mail-search.c denial of service
3022| [57517] Dovecot up to 2.0.12 Login directory traversal
3023| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
3024| [57515] Dovecot up to 2.0.12 Crash denial of service
3025| [54944] Dovecot up to 1.2.14 denial of service
3026| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
3027| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
3028| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
3029| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
3030| [53277] Dovecot up to 1.2.10 denial of service
3031| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
3032| [45256] Dovecot up to 1.1.5 directory traversal
3033| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
3034| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
3035| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
3036| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
3037| [40356] Dovecot 1.0.9 Cache unknown vulnerability
3038| [38222] Dovecot 1.0.2 directory traversal
3039| [36376] Dovecot up to 1.0.x directory traversal
3040| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
3041|
3042| MITRE CVE - https://cve.mitre.org:
3043| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
3044| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
3045| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
3046| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
3047| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
3048| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
3049| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
3050| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
3051| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
3052| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
3053| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
3054| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
3055| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
3056| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
3057| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
3058| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
3059| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
3060| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
3061| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
3062| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
3063| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
3064| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
3065| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
3066| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
3067| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
3068| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
3069| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
3070| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
3071| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
3072| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
3073| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
3074| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
3075| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
3076| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
3077| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
3078| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
3079| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
3080|
3081| SecurityFocus - https://www.securityfocus.com/bid/:
3082| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
3083| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
3084| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
3085| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
3086| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
3087| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
3088| [67306] Dovecot Denial of Service Vulnerability
3089| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
3090| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
3091| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
3092| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
3093| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
3094| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
3095| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
3096| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
3097| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
3098| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
3099| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
3100| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
3101| [39838] tpop3d Remote Denial of Service Vulnerability
3102| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
3103| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
3104| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
3105| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
3106| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
3107| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
3108| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
3109| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
3110| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
3111| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
3112| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
3113| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
3114| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
3115| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
3116| [17961] Dovecot Remote Information Disclosure Vulnerability
3117| [16672] Dovecot Double Free Denial of Service Vulnerability
3118| [8495] akpop3d User Name SQL Injection Vulnerability
3119| [8473] Vpop3d Remote Denial Of Service Vulnerability
3120| [3990] ZPop3D Bad Login Logging Failure Vulnerability
3121| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
3122|
3123| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3124| [86382] Dovecot POP3 Service denial of service
3125| [84396] Dovecot IMAP APPEND denial of service
3126| [80453] Dovecot mail-search.c denial of service
3127| [71354] Dovecot SSL Common Name (CN) weak security
3128| [67675] Dovecot script-login security bypass
3129| [67674] Dovecot script-login directory traversal
3130| [67589] Dovecot header name denial of service
3131| [63267] Apple Mac OS X Dovecot information disclosure
3132| [62340] Dovecot mailbox security bypass
3133| [62339] Dovecot IMAP or POP3 denial of service
3134| [62256] Dovecot mailbox security bypass
3135| [62255] Dovecot ACL entry security bypass
3136| [60639] Dovecot ACL plugin weak security
3137| [57267] Apple Mac OS X Dovecot Kerberos security bypass
3138| [56763] Dovecot header denial of service
3139| [54363] Dovecot base_dir privilege escalation
3140| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
3141| [46323] Dovecot dovecot.conf information disclosure
3142| [46227] Dovecot message parsing denial of service
3143| [45669] Dovecot ACL mailbox security bypass
3144| [45667] Dovecot ACL plugin rights security bypass
3145| [41085] Dovecot TAB characters authentication bypass
3146| [41009] Dovecot mail_extra_groups option unauthorized access
3147| [39342] Dovecot LDAP auth cache configuration security bypass
3148| [35767] Dovecot ACL plugin security bypass
3149| [34082] Dovecot mbox-storage.c directory traversal
3150| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
3151| [26578] Cyrus IMAP pop3d buffer overflow
3152| [26536] Dovecot IMAP LIST information disclosure
3153| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
3154| [24709] Dovecot APPEND command denial of service
3155| [13018] akpop3d authentication code SQL injection
3156| [7345] Slackware Linux imapd and ipop3d core dump
3157| [6269] imap, ipop2d and ipop3d buffer overflows
3158| [5923] Linuxconf vpop3d symbolic link
3159| [4918] IPOP3D, Buffer overflow attack
3160| [1560] IPOP3D, user login successful
3161| [1559] IPOP3D user login to remote host successful
3162| [1525] IPOP3D, user logout
3163| [1524] IPOP3D, user auto-logout
3164| [1523] IPOP3D, user login failure
3165| [1522] IPOP3D, brute force attack
3166| [1521] IPOP3D, user kiss of death logout
3167| [418] pop3d mktemp creates insecure temporary files
3168|
3169| Exploit-DB - https://www.exploit-db.com:
3170| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
3171| [23053] Vpop3d Remote Denial of Service Vulnerability
3172| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
3173| [11893] tPop3d 1.5.3 DoS
3174| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
3175| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
3176| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
3177| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
3178|
3179| OpenVAS (Nessus) - http://www.openvas.org:
3180| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
3181| [901025] Dovecot Version Detection
3182| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
3183| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
3184| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
3185| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
3186| [870607] RedHat Update for dovecot RHSA-2011:0600-01
3187| [870471] RedHat Update for dovecot RHSA-2011:1187-01
3188| [870153] RedHat Update for dovecot RHSA-2008:0297-02
3189| [863272] Fedora Update for dovecot FEDORA-2011-7612
3190| [863115] Fedora Update for dovecot FEDORA-2011-7258
3191| [861525] Fedora Update for dovecot FEDORA-2007-664
3192| [861394] Fedora Update for dovecot FEDORA-2007-493
3193| [861333] Fedora Update for dovecot FEDORA-2007-1485
3194| [860845] Fedora Update for dovecot FEDORA-2008-9202
3195| [860663] Fedora Update for dovecot FEDORA-2008-2475
3196| [860169] Fedora Update for dovecot FEDORA-2008-2464
3197| [860089] Fedora Update for dovecot FEDORA-2008-9232
3198| [840950] Ubuntu Update for dovecot USN-1295-1
3199| [840668] Ubuntu Update for dovecot USN-1143-1
3200| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
3201| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
3202| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
3203| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
3204| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
3205| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
3206| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
3207| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
3208| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
3209| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
3210| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
3211| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
3212| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
3213| [70259] FreeBSD Ports: dovecot
3214| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
3215| [66522] FreeBSD Ports: dovecot
3216| [65010] Ubuntu USN-838-1 (dovecot)
3217| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
3218| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
3219| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
3220| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
3221| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
3222| [62854] FreeBSD Ports: dovecot-managesieve
3223| [61916] FreeBSD Ports: dovecot
3224| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
3225| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
3226| [60528] FreeBSD Ports: dovecot
3227| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
3228| [60089] FreeBSD Ports: dovecot
3229| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
3230| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
3231|
3232| SecurityTracker - https://www.securitytracker.com:
3233| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
3234| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
3235| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
3236|
3237| OSVDB - http://www.osvdb.org:
3238| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
3239| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
3240| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
3241| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
3242| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
3243| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
3244| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
3245| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
3246| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
3247| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
3248| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
3249| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
3250| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
3251| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
3252| [66113] Dovecot Mail Root Directory Creation Permission Weakness
3253| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
3254| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
3255| [66110] Dovecot Multiple Unspecified Buffer Overflows
3256| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
3257| [64783] Dovecot E-mail Message Header Unspecified DoS
3258| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
3259| [62796] Dovecot mbox Format Email Header Handling DoS
3260| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
3261| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
3262| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
3263| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
3264| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
3265| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
3266| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
3267| [43137] Dovecot mail_extra_groups Symlink File Manipulation
3268| [42979] Dovecot passdbs Argument Injection Authentication Bypass
3269| [39876] Dovecot LDAP Auth Cache Security Bypass
3270| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
3271| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
3272| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
3273| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
3274| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
3275| [23281] Dovecot imap/pop3-login dovecot-auth DoS
3276| [23280] Dovecot Malformed APPEND Command DoS
3277| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
3278| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
3279| [5857] Linux pop3d Arbitrary Mail File Access
3280| [2471] akpop3d username SQL Injection
3281|_
3282Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
3283Aggressive OS guesses: Linux 3.10 - 4.11 (95%), Linux 3.18 (95%), Linux 3.2 - 4.9 (95%), Linux 3.16 (95%), ASUS RT-N56U WAP (Linux 3.4) (94%), Oracle VM Server 3.4.2 (Linux 4.1) (92%), Linux 3.1 (92%), Linux 3.2 (92%), Linux 3.12 (92%), Linux 3.13 (92%)
3284No exact OS matches for host (test conditions non-ideal).
3285Network Distance: 13 hops
3286
3287TRACEROUTE (using port 80/tcp)
3288HOP RTT ADDRESS
32891 50.00 ms 10.242.204.1
32902 52.55 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
32913 110.84 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
32924 54.81 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
32935 54.85 ms motl-b1-link.telia.net (62.115.183.72)
32946 151.99 ms nyk-bb3-link.telia.net (62.115.137.142)
32957 152.03 ms ldn-bb4-link.telia.net (62.115.112.245)
32968 132.36 ms hbg-bb4-link.telia.net (62.115.122.160)
32979 152.00 ms nug-b1-link.telia.net (62.115.113.175)
329810 151.99 ms hetzner-ic-340780-nug-b1.c.telia.net (213.248.70.1)
329911 152.17 ms core23.fsn1.hetzner.com (213.239.252.230)
330012 152.20 ms ex9k2.dc10.fsn1.hetzner.com (213.239.229.62)
330113 152.15 ms ns1.akinmedya.com (144.76.114.219)
3302######################################################################################################################################
3303HTTP/2 200
3304content-type: text/html; charset=UTF-8
3305link: <https://www.turkmenajans.net/wp-json/>; rel="https://api.w.org/"
3306etag: "482-1574445755;;;"
3307x-litespeed-cache: hit
3308date: Sun, 24 Nov 2019 23:58:22 GMT
3309server: LiteSpeed
3310alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
3311
3312Allow: OPTIONS,HEAD,GET,POST
3313######################################################################################################################################
3314<!-- All in One SEO Pack 2.12 by Michael Torbert of Semper Fi Web Design[273,296] -->
3315<!-- /all in one seo pack -->
3316<!-- HaberMatik Mobil -->
3317<!-- HaberMatik V2.3 -->
3318<!--
3319 <!-- /#Header -->
3320 <!-- Üst Haberler -->
3321 <!-- /#Üst Haberler -->
3322 <!-- index.php -->
3323 <!-- Manşetler -->
3324 <!-- /#Manşetler -->
3325 <!-- Alt Manşet -->
3326 </div> <!-- /#Alt Manşet -->
3327 <!-- Güncel Haberler -->
3328 <div class="clear"></div> <!-- /#Güncel Haberler-->
3329 <!-- Foto Galeri -->
3330 <!-- /#FOTO GALERİ -->
3331 <!-- Renkli Tablar -->
3332 <!-- /#Renkli Tablar -->
3333 <!-- Video Galeri -->
3334 <!-- /#Video Galeri -->
3335 <!-- /#index.php container wrap630 fLeft -->
3336 <!-- // SİDEBAR \\-->
3337 <!-- Döviz -->
3338 <!-- /#Döviz -->
3339 <!-- Köşe Yazarları -->
3340 <!-- /#Köşe Yazarları -->
3341 <!-- \\ /#SİDEBAR //-->
3342 </div> <!-- /#globalContainer -->
3343</div> <!-- /#pageFull -->
3344<!-- = FOOTER = -->
3345<!-- Page generated by LiteSpeed Cache 2.9.8.6 on 2019-11-22 20:02:35 -->
3346######################################################################################################################################
3347 />
3348https://plus.google.com/+HüseyinBozan
3349https://www.turkmenajans.net
3350https://www.turkmenajans.net/
3351https://www.turkmenajans.net/bati-turkmeneli-dernegi-yeni-yerine-tasindi/
3352https://www.turkmenajans.net/bir-defter-bir-kalem-ile-bir-cocuk-okut/
3353https://www.turkmenajans.net/cobanbeyde-7000-kisiye-istihdam-saglayacak-dev-proje/
3354https://www.turkmenajans.net/cobanbey-saldirisini-planlayan-teroristler-yakalandi/
3355https://www.turkmenajans.net/cumhurbaskani-erdogan-suriye-konulu-uclu-zirve-sonrasi-aciklama-yapti-erdogan-suriyede-cozum-umudu-hic-bu-kadar-filizlenmedi-dedi-cumhurbaskani-erdogan-suriyede-cozum-umudu-hic-bu-kadar/
3356https://www.turkmenajans.net/feed
3357https://www.turkmenajans.net/firat-kalkani-harekatiyla-terorden-temizlenen-bolgelerde-suc-orani-yuzde-2ye-dustu/
3358https://www.turkmenajans.net/giris
3359https://www.turkmenajans.net/hersey-vatan-icin/
3360https://www.turkmenajans.net/iki-farkli-besiktas/
3361https://www.turkmenajans.net/iletisim
3362https://www.turkmenajans.net/kunye
3363https://www.turkmenajans.net/menbic-de-firatin-dogusu-da-bizi-ve-turkiyeyi-dort-gozle-bekliyor/
3364https://www.turkmenajans.net/operasyona-haziriz-emir-bekliyoruz/
3365https://www.turkmenajans.net/rusya-ile-iranin-hakimiyet-kavgasi-devam-ediyor/
3366https://www.turkmenajans.net/sitene-ekle
3367https://www.turkmenajans.net/suriye-lirasi-karsisinda-doviz-kurlari-ne-kadar/
3368https://www.turkmenajans.net/telaferden-ayrilan-turkmenlerin-yuzde-35i-bolgeye-donebildi/
3369https://www.turkmenajans.net/teror-orgutu-ypg-pkk-roj-multeci-kampinda-cocuklari-tutukladi/
3370https://www.turkmenajans.net/turkmenler-dernek-acilisinda-toplandi/
3371https://www.turkmenajans.net/turkmen-meclisi-baskani-genclerle-bulustu/
3372https://www.turkmenajans.net/wp-content/themes/HaberMatikV2/images/icon/rss.png
3373https://www.turkmenajans.net/wp-content/themes/HaberMatikV2/lib/faziletapi.php
3374https://www.turkmenajans.net/wp-content/themes/HaberMatikV2/lib/hava.php?sehir=
3375https://www.turkmenajans.net/wp-content/uploads/2019/02/1011146-300x166.jpg
3376https://www.turkmenajans.net/wp-content/uploads/2019/02/bbb731a01ff7eaefb17e572764526883_XL-300x177.jpg
3377http://www.facebook.com/turkmenajans1
3378http://www.w3.org/1999/xhtml
3379text/css
3380text/javascript
3381-//W3C//DTD XHTML 1.0 Transitional//EN
3382www.twitter.com/turkmenajans
3383######################################################################################################################################
3384https://www.turkmenajans.net [200 OK] All-in-one-SEO-Pack[2.12], Country[GERMANY][DE], HTTPServer[LiteSpeed], IP[144.76.114.219], JQuery[1.7.2], LiteSpeed, Open-Graph-Protocol[article], Script[JavaScript,text/javascript], Title[Türkmen Ajans |], UncommonHeaders[link,x-litespeed-cache,alt-svc], WordPress
3385######################################################################################################################################
3386
3387wig - WebApp Information Gatherer
3388
3389
3390Scanning https://www.turkmenajans.net...
3391_______________________________ SITE INFO _______________________________
3392IP Title
3393144.76.114.219 Türkmen Ajans |
3394
3395________________________________ VERSION ________________________________
3396Name Versions Type
3397WordPress 5.1.1 CMS
3398litespeed Platform
3399
3400______________________________ INTERESTING ______________________________
3401URL Note Type
3402/readme.html Readme file Interesting
3403/robots.txt robots.txt index Interesting
3404/login/ Login Page Interesting
3405
3406_________________________________ TOOLS _________________________________
3407Name Link Software
3408wpscan https://github.com/wpscanteam/wpscan WordPress
3409CMSmap https://github.com/Dionach/CMSmap WordPress
3410
3411_________________________________________________________________________
3412Time: 61.2 sec Urls: 268 Fingerprints: 40401
3413######################################################################################################################################
3414tee: /usr/share/sniper/loot/workspace/www.turkmenajans.net/output/nmap-www.turkmenajans.net-port443: Aucun fichier ou dossier de ce type
3415Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-24 19:01 EST
3416NSE: Loaded 163 scripts for scanning.
3417NSE: Script Pre-scanning.
3418Initiating NSE at 19:01
3419Completed NSE at 19:01, 0.00s elapsed
3420Initiating NSE at 19:01
3421Completed NSE at 19:01, 0.00s elapsed
3422Initiating Parallel DNS resolution of 1 host. at 19:01
3423Completed Parallel DNS resolution of 1 host. at 19:01, 0.03s elapsed
3424Initiating SYN Stealth Scan at 19:01
3425Scanning www.turkmenajans.net (144.76.114.219) [1 port]
3426Discovered open port 443/tcp on 144.76.114.219
3427Completed SYN Stealth Scan at 19:01, 0.16s elapsed (1 total ports)
3428Initiating Service scan at 19:01
3429Scanning 1 service on www.turkmenajans.net (144.76.114.219)
3430Completed Service scan at 19:01, 12.97s elapsed (1 service on 1 host)
3431Initiating OS detection (try #1) against www.turkmenajans.net (144.76.114.219)
3432Retrying OS detection (try #2) against www.turkmenajans.net (144.76.114.219)
3433Initiating Traceroute at 19:01
3434Completed Traceroute at 19:01, 0.16s elapsed
3435Initiating Parallel DNS resolution of 13 hosts. at 19:01
3436Completed Parallel DNS resolution of 13 hosts. at 19:01, 2.69s elapsed
3437NSE: Script scanning 144.76.114.219.
3438Initiating NSE at 19:01
3439Completed NSE at 19:03, 118.44s elapsed
3440Initiating NSE at 19:03
3441Completed NSE at 19:03, 2.40s elapsed
3442Nmap scan report for www.turkmenajans.net (144.76.114.219)
3443Host is up (0.16s latency).
3444rDNS record for 144.76.114.219: ns1.akinmedya.com
3445
3446PORT STATE SERVICE VERSION
3447443/tcp open ssl/http LiteSpeed httpd
3448|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
3449| http-brute:
3450|_ Path "/" does not require authentication
3451|_http-chrono: Request times for /; avg: 1223.07ms; min: 1150.65ms; max: 1278.54ms
3452|_http-csrf: Couldn't find any CSRF vulnerabilities.
3453|_http-date: Mon, 25 Nov 2019 00:01:53 GMT; 0s from local time.
3454|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
3455|_http-dombased-xss: Couldn't find any DOM based XSS.
3456|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
3457|_http-errors: Couldn't find any error pages.
3458|_http-feed: Couldn't find any feeds.
3459|_http-fetch: Please enter the complete path of the directory to save data in.
3460| http-headers:
3461| Connection: close
3462| Content-Type: text/html; charset=UTF-8
3463| Link: <https://www.turkmenajans.net/wp-json/>; rel="https://api.w.org/"
3464| Etag: "482-1574445755;;;"
3465| X-LiteSpeed-Cache: hit
3466| Date: Mon, 25 Nov 2019 00:02:03 GMT
3467| Server: LiteSpeed
3468| Alt-Svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
3469|
3470|_ (Request type: HEAD)
3471|_http-jsonp-detection: Couldn't find any JSONP endpoints.
3472| http-methods:
3473|_ Supported Methods: GET HEAD POST OPTIONS
3474|_http-mobileversion-checker: Found mobile version: https://www.turkmenajans.net/ (Redirected to a different host)
3475|_http-passwd: ERROR: Script execution failed (use -d to debug)
3476| http-php-version: Logo query returned unknown hash 76a7999a0cea5f506f8b920161b0d067
3477|_Credits query returned unknown hash c631df8c614799c4ebd899c045d59db6
3478| http-robots.txt: 1 disallowed entry
3479|_/wp-admin/
3480| http-security-headers:
3481| Strict_Transport_Security:
3482|_ HSTS not configured in HTTPS Server
3483|_http-server-header: LiteSpeed
3484| http-sitemap-generator:
3485| Directory structure:
3486| Longest directory structure:
3487| Depth: 0
3488| Dir: /
3489| Total files found (by extension):
3490|_
3491|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
3492|_http-title: T\xC3\xBCrkmen Ajans |
3493| http-vhosts:
3494| ftp0.turkmenajans.net : 301 -> https://ftp0.turkmenajans.net/
3495| ops.turkmenajans.net : 301 -> https://ops.turkmenajans.net/
3496| 123 names had status 500
3497| www.turkmenajans.net : 200
3498|_mail.turkmenajans.net : 200
3499| http-wordpress-brute:
3500| Accounts: No valid accounts found
3501| Statistics: Performed 0 guesses in 1 seconds, average tps: 0.0
3502|_ ERROR: The service seems to have failed or is heavily firewalled...
3503| http-wordpress-enum:
3504| Search limited to top 100 themes/plugins
3505| themes
3506| responsive
3507| atahualpa
3508| evolve
3509| mh-magazine-lite
3510| coraline
3511| make
3512| alexandria
3513| point
3514| swift-basic
3515| sliding-door
3516| p2
3517| moesia
3518| accesspress-lite
3519| duster
3520| swift
3521| pink-touch-2
3522| plugins
3523| akismet
3524| nextgen-gallery
3525| better-wp-security
3526| wp-pagenavi
3527| add-to-any
3528| buddypress
3529| black-studio-tinymce-widget
3530| backwpup
3531| bbpress
3532| wp-optimize
3533| backupwordpress
3534| wp-maintenance-mode
3535| wp-to-twitter
3536| share-this
3537| gtranslate
3538| iwp-client
3539| squirrly-seo
3540|_ youtube-embed-plus
3541| http-wordpress-users:
3542| Username found: admin/page/2/' />
3543|
3544| <link rel="canonical" href="https://www.turkmenajans.net/author/admin/" />
3545| <!-- /all in one seo pack -->
3546| <link rel='dns-prefetch' href='//s.w.org' />
3547| <link rel="alternate" type="application/rss+xml" title="admin beslemesi i\xC3\xA7in T\xC3\xBCrkmen Ajans » yaz\xC4\xB1lar\xC4\xB1" href="https://www.turkmenajans.net/author/admin
3548| Username found: demo
3549|_Search stopped at ID #25. Increase the upper limit if necessary with 'http-wordpress-users.limit'
3550|_http-xssed: No previously reported XSS vuln.
3551| vulscan: VulDB - https://vuldb.com:
3552| [127415] LiteSpeed OpenLiteSpeed up to 1.5.0 RC5 Byte Sequence Request privilege escalation
3553| [106897] Open Litespeed up to 1.3.9 Use-After-Free memory corruption
3554| [62114] Litespeedtech LiteSpeed Web Server 4.1.11 cross site scripting
3555| [53729] Litespeedtech LiteSpeed Web Server information disclosure
3556| [39420] Litespeed Technologies LiteSpeed Web Server up to 3.2.2 php%00.txt information disclosure
3557|
3558| MITRE CVE - https://cve.mitre.org:
3559| [CVE-2012-4871] Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.
3560| [CVE-2010-2333] LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
3561| [CVE-2007-5654] LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection."
3562| [CVE-2005-3695] Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter.
3563|
3564| SecurityFocus - https://www.securityfocus.com/bid/:
3565| [82240] PHP LiteSpeed SAPI Out of Bounds Read Memory Corruption Vulnerability
3566| [82027] PHP 'sapi/litespeed/lsapilib.c' Information Disclosure Vulnerability
3567| [74806] OpenLiteSpeed Heap Based Buffer Overflow and Denial of Service Vulnerabilities
3568| [74207] LiteSpeed Web Server 'httpreq.cpp' Use After Free Denial of Service Vulnerability
3569| [63484] LiteSpeed Web Server Local Privilege Escalation Vulnerability
3570| [63481] LiteSpeed Web Server Race Condition Insecure Temporary File Creation Vulnerability
3571| [55946] LiteSpeed Web Server 'gtitle' parameter Cross Site Scripting Vulnerability
3572| [45382] PHP LiteSpeed SAPI Arbitrary Code Execution Vulnerability
3573| [40815] LiteSpeed Web Server Source Code Information Disclosure Vulnerability
3574| [38317] LiteSpeed Web Server Cross Site Scripting and Request Forgery Vulnerabilities
3575| [36268] LiteSpeed Web Server Multiple Unspecified Remote Security Vulnerabilities
3576| [26163] LiteSpeed Web Server Null-Byte Handling Information Disclosure Vulnerability
3577| [15485] LiteSpeed ConfMgr.php Cross-Site Scripting Vulnerability
3578|
3579| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3580| [74144] LiteSpeed graph_html.php cross-site scripting
3581| [63979] LiteSpeed Web Server Null buffer overflow
3582| [59385] LiteSpeed Web Server information disclosure
3583| [56389] LiteSpeed Web Server Admin interface cross-site scripting
3584| [56388] LiteSpeed Web Server confMgr.php cross-site request forgery
3585| [54537] LiteSpeed Web Server post-authentication code execution
3586| [54536] LiteSpeed Web Server Lshttpd denial of service
3587| [37380] LiteSpeed Web Server mime-type information disclosure
3588| [23086] LiteSpeed Web Server /admin/config/confMgr.php cross-site scripting
3589|
3590| Exploit-DB - https://www.exploit-db.com:
3591| [26535] LiteSpeed 2.1.5 ConfMgr.php Cross-Site Scripting Vulnerability
3592| [15723] FreeBSD LiteSpeed Web Server 4.0.17 with PHP - Remote Exploit
3593| [13850] Litespeed Technologies Web Server Remote Poison null byte Exploit
3594| [11503] Litespeed Web Server 4.0.12 - (Add Admin) CSRF and XSS Vulnerabilities
3595| [4556] LiteSpeed Web Server <= 3.2.3 - Remote Source Code Disclosure Vuln
3596|
3597| OpenVAS (Nessus) - http://www.openvas.org:
3598| [100744] LiteSpeed Web Server Source Code Information Disclosure Vulnerability
3599|
3600| SecurityTracker - https://www.securitytracker.com:
3601| [1015234] LiteSpeed Web Server Input Validation Flaw in 'confMgr.php' Permits Cross-Site Scripting Attacks
3602|
3603| OSVDB - http://www.osvdb.org:
3604| [80213] LiteSpeed Web Server Admin Panel service/graph_html.php gtitle Parameter XSS
3605| [69916] LiteSpeed Web Server HTTP Header LSAPI PHP Extension Processing Overflow
3606| [65476] LiteSpeed Web Server Script Source Code Information Disclosure
3607| [62449] LiteSpeed Web Server Admin User Creation CSRF
3608| [57910] LiteSpeed Web Server Unspecified Post-authentication Issue
3609| [57909] LiteSpeed Web Server lshttpd Unspecified Infinite Loop DoS
3610| [41867] LiteSpeed Web Server MIME Type Injection Null Byte Script Source Code Disclosure
3611| [20908] LiteSpeed Web Server WebAdmin confMgr.php m Parameter XSS
3612|_
3613Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
3614Aggressive OS guesses: Linux 3.10 - 4.11 (95%), Linux 3.2 - 4.9 (95%), Linux 3.16 (95%), ASUS RT-N56U WAP (Linux 3.4) (94%), Linux 3.18 (94%), Oracle VM Server 3.4.2 (Linux 4.1) (92%), Linux 3.1 (92%), Linux 3.2 (92%), Linux 3.12 (92%), Linux 3.13 (92%)
3615No exact OS matches for host (test conditions non-ideal).
3616Uptime guess: 16.638 days (since Fri Nov 8 03:44:50 2019)
3617Network Distance: 13 hops
3618TCP Sequence Prediction: Difficulty=265 (Good luck!)
3619IP ID Sequence Generation: All zeros
3620
3621TRACEROUTE (using port 443/tcp)
3622HOP RTT ADDRESS
36231 30.09 ms 10.242.204.1
36242 60.93 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
36253 36.96 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
36264 45.58 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
36275 45.54 ms motl-b1-link.telia.net (62.115.183.72)
36286 139.78 ms nyk-bb3-link.telia.net (62.115.137.142)
36297 139.79 ms ldn-bb4-link.telia.net (62.115.112.245)
36308 139.73 ms hbg-bb4-link.telia.net (62.115.122.160)
36319 159.48 ms nug-b1-link.telia.net (62.115.113.175)
363210 139.82 ms hetzner-ic-340780-nug-b1.c.telia.net (213.248.70.1)
363311 139.80 ms core24.fsn1.hetzner.com (213.239.252.234)
363412 159.52 ms ex9k2.dc10.fsn1.hetzner.com (213.239.229.62)
363513 139.87 ms ns1.akinmedya.com (144.76.114.219)
3636
3637NSE: Script Post-scanning.
3638Initiating NSE at 19:03
3639Completed NSE at 19:03, 0.00s elapsed
3640Initiating NSE at 19:03
3641Completed NSE at 19:03, 0.00s elapsed
3642######################################################################################################################################
3643Version: 1.11.13-static
3644OpenSSL 1.0.2-chacha (1.0.2g-dev)
3645
3646Connected to 144.76.114.219
3647
3648Testing SSL server www.turkmenajans.net on port 443 using SNI name www.turkmenajans.net
3649
3650 TLS Fallback SCSV:
3651Server does not support TLS Fallback SCSV
3652
3653 TLS renegotiation:
3654Session renegotiation not supported
3655
3656 TLS Compression:
3657Compression disabled
3658
3659 Heartbleed:
3660TLS 1.2 not vulnerable to heartbleed
3661TLS 1.1 not vulnerable to heartbleed
3662TLS 1.0 not vulnerable to heartbleed
3663
3664 Supported Server Cipher(s):
3665Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
3666Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
3667Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
3668
3669 SSL Certificate:
3670Signature Algorithm: sha256WithRSAEncryption
3671RSA Key Strength: 2048
3672
3673Subject: turkmenajans.net
3674Altnames: DNS:cpanel.turkmenajans.net, DNS:mail.turkmenajans.net, DNS:turkmenajans.net, DNS:webdisk.turkmenajans.net, DNS:webmail.turkmenajans.net, DNS:www.turkmenajans.net
3675Issuer: Let's Encrypt Authority X3
3676
3677Not valid before: Oct 31 00:37:34 2019 GMT
3678Not valid after: Jan 29 00:37:34 2020 GMT
3679######################################################################################################################################
3680------------------------------------------------------------------------------------------------------------------------
3681
3682[ ! ] Starting SCANNER INURLBR 2.1 at [24-11-2019 19:04:26]
3683[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
3684It is the end user's responsibility to obey all applicable local, state and federal laws.
3685Developers assume no liability and are not responsible for any misuse or damage caused by this program
3686
3687[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.turkmenajans.net/output/inurlbr-www.turkmenajans.net ]
3688[ INFO ][ DORK ]::[ site:www.turkmenajans.net ]
3689[ INFO ][ SEARCHING ]:: {
3690[ INFO ][ ENGINE ]::[ GOOGLE - www.google.bj ]
3691
3692[ INFO ][ SEARCHING ]::
3693-[:::]
3694[ INFO ][ ENGINE ]::[ GOOGLE API ]
3695
3696[ INFO ][ SEARCHING ]::
3697-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
3698[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.com.ng ID: 007843865286850066037:3ajwn2jlweq ]
3699
3700[ INFO ][ SEARCHING ]::
3701-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
3702
3703[ INFO ][ TOTAL FOUND VALUES ]:: [ 36 ]
3704
3705
3706 _[ - ]::--------------------------------------------------------------------------------------------------------------
3707|_[ + ] [ 0 / 36 ]-[19:04:50] [ - ]
3708|_[ + ] Target:: [ https://www.turkmenajans.net/ ]
3709|_[ + ] Exploit::
3710|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3711|_[ + ] More details:: / - / , ISP:
3712|_[ + ] Found:: UNIDENTIFIED
3713
3714 _[ - ]::--------------------------------------------------------------------------------------------------------------
3715|_[ + ] [ 1 / 36 ]-[19:04:52] [ - ]
3716|_[ + ] Target:: [ https://www.turkmenajans.net/kunye/ ]
3717|_[ + ] Exploit::
3718|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3719|_[ + ] More details:: / - / , ISP:
3720|_[ + ] Found:: UNIDENTIFIED
3721
3722 _[ - ]::--------------------------------------------------------------------------------------------------------------
3723|_[ + ] [ 2 / 36 ]-[19:04:53] [ - ]
3724|_[ + ] Target:: [ https://www.turkmenajans.net/giris/ ]
3725|_[ + ] Exploit::
3726|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3727|_[ + ] More details:: / - / , ISP:
3728|_[ + ] Found:: UNIDENTIFIED
3729
3730 _[ - ]::--------------------------------------------------------------------------------------------------------------
3731|_[ + ] [ 3 / 36 ]-[19:04:54] [ - ]
3732|_[ + ] Target:: [ https://www.turkmenajans.net/iletisim/ ]
3733|_[ + ] Exploit::
3734|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3735|_[ + ] More details:: / - / , ISP:
3736|_[ + ] Found:: UNIDENTIFIED
3737
3738 _[ - ]::--------------------------------------------------------------------------------------------------------------
3739|_[ + ] [ 4 / 36 ]-[19:04:55] [ - ]
3740|_[ + ] Target:: [ https://www.turkmenajans.net/sitene-ekle/ ]
3741|_[ + ] Exploit::
3742|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3743|_[ + ] More details:: / - / , ISP:
3744|_[ + ] Found:: UNIDENTIFIED
3745
3746 _[ - ]::--------------------------------------------------------------------------------------------------------------
3747|_[ + ] [ 5 / 36 ]-[19:04:57] [ - ]
3748|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/cerablus/ ]
3749|_[ + ] Exploit::
3750|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3751|_[ + ] More details:: / - / , ISP:
3752|_[ + ] Found:: UNIDENTIFIED
3753
3754 _[ - ]::--------------------------------------------------------------------------------------------------------------
3755|_[ + ] [ 6 / 36 ]-[19:04:58] [ - ]
3756|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/teroristler/ ]
3757|_[ + ] Exploit::
3758|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3759|_[ + ] More details:: / - / , ISP:
3760|_[ + ] Found:: UNIDENTIFIED
3761
3762 _[ - ]::--------------------------------------------------------------------------------------------------------------
3763|_[ + ] [ 7 / 36 ]-[19:04:59] [ - ]
3764|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/iran/ ]
3765|_[ + ] Exploit::
3766|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3767|_[ + ] More details:: / - / , ISP:
3768|_[ + ] Found:: UNIDENTIFIED
3769
3770 _[ - ]::--------------------------------------------------------------------------------------------------------------
3771|_[ + ] [ 8 / 36 ]-[19:05:01] [ - ]
3772|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/adalet/ ]
3773|_[ + ] Exploit::
3774|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3775|_[ + ] More details:: / - / , ISP:
3776|_[ + ] Found:: UNIDENTIFIED
3777
3778 _[ - ]::--------------------------------------------------------------------------------------------------------------
3779|_[ + ] [ 9 / 36 ]-[19:05:02] [ - ]
3780|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/turkiye/ ]
3781|_[ + ] Exploit::
3782|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3783|_[ + ] More details:: / - / , ISP:
3784|_[ + ] Found:: UNIDENTIFIED
3785
3786 _[ - ]::--------------------------------------------------------------------------------------------------------------
3787|_[ + ] [ 10 / 36 ]-[19:05:03] [ - ]
3788|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/itc/ ]
3789|_[ + ] Exploit::
3790|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3791|_[ + ] More details:: / - / , ISP:
3792|_[ + ] Found:: UNIDENTIFIED
3793
3794 _[ - ]::--------------------------------------------------------------------------------------------------------------
3795|_[ + ] [ 11 / 36 ]-[19:05:04] [ - ]
3796|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/hama/ ]
3797|_[ + ] Exploit::
3798|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3799|_[ + ] More details:: / - / , ISP:
3800|_[ + ] Found:: UNIDENTIFIED
3801
3802 _[ - ]::--------------------------------------------------------------------------------------------------------------
3803|_[ + ] [ 12 / 36 ]-[19:05:05] [ - ]
3804|_[ + ] Target:: [ https://www.turkmenajans.net/tum-yazarlar/ ]
3805|_[ + ] Exploit::
3806|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3807|_[ + ] More details:: / - / , ISP:
3808|_[ + ] Found:: UNIDENTIFIED
3809
3810 _[ - ]::--------------------------------------------------------------------------------------------------------------
3811|_[ + ] [ 13 / 36 ]-[19:05:07] [ - ]
3812|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/tsk/ ]
3813|_[ + ] Exploit::
3814|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3815|_[ + ] More details:: / - / , ISP:
3816|_[ + ] Found:: UNIDENTIFIED
3817
3818 _[ - ]::--------------------------------------------------------------------------------------------------------------
3819|_[ + ] [ 14 / 36 ]-[19:05:08] [ - ]
3820|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/bagcilar/ ]
3821|_[ + ] Exploit::
3822|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3823|_[ + ] More details:: / - / , ISP:
3824|_[ + ] Found:: UNIDENTIFIED
3825
3826 _[ - ]::--------------------------------------------------------------------------------------------------------------
3827|_[ + ] [ 15 / 36 ]-[19:05:09] [ - ]
3828|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/halep/ ]
3829|_[ + ] Exploit::
3830|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3831|_[ + ] More details:: / - / , ISP:
3832|_[ + ] Found:: UNIDENTIFIED
3833
3834 _[ - ]::--------------------------------------------------------------------------------------------------------------
3835|_[ + ] [ 16 / 36 ]-[19:05:10] [ - ]
3836|_[ + ] Target:: [ https://www.turkmenajans.net/gazete-mansetleri/ ]
3837|_[ + ] Exploit::
3838|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3839|_[ + ] More details:: / - / , ISP:
3840|_[ + ] Found:: UNIDENTIFIED
3841
3842 _[ - ]::--------------------------------------------------------------------------------------------------------------
3843|_[ + ] [ 17 / 36 ]-[19:05:11] [ - ]
3844|_[ + ] Target:: [ https://www.turkmenajans.net/kayit-ol/ ]
3845|_[ + ] Exploit::
3846|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3847|_[ + ] More details:: / - / , ISP:
3848|_[ + ] Found:: UNIDENTIFIED
3849
3850 _[ - ]::--------------------------------------------------------------------------------------------------------------
3851|_[ + ] [ 18 / 36 ]-[19:05:13] [ - ]
3852|_[ + ] Target:: [ https://www.turkmenajans.net/hersey-vatan-icin/ ]
3853|_[ + ] Exploit::
3854|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3855|_[ + ] More details:: / - / , ISP:
3856|_[ + ] Found:: UNIDENTIFIED
3857
3858 _[ - ]::--------------------------------------------------------------------------------------------------------------
3859|_[ + ] [ 19 / 36 ]-[19:05:14] [ - ]
3860|_[ + ] Target:: [ https://www.turkmenajans.net/iki-farkli-besiktas/ ]
3861|_[ + ] Exploit::
3862|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3863|_[ + ] More details:: / - / , ISP:
3864|_[ + ] Found:: UNIDENTIFIED
3865
3866 _[ - ]::--------------------------------------------------------------------------------------------------------------
3867|_[ + ] [ 20 / 36 ]-[19:05:19] [ - ]
3868|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/turkmen-ajans/ ]
3869|_[ + ] Exploit::
3870|_[ + ] Information Server:: , , IP::0
3871|_[ + ] More details::
3872|_[ + ] Found:: UNIDENTIFIED
3873
3874 _[ - ]::--------------------------------------------------------------------------------------------------------------
3875|_[ + ] [ 21 / 36 ]-[19:05:21] [ - ]
3876|_[ + ] Target:: [ https://www.turkmenajans.net/etiket/el-muhaberat/ ]
3877|_[ + ] Exploit::
3878|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3879|_[ + ] More details:: / - / , ISP:
3880|_[ + ] Found:: UNIDENTIFIED
3881
3882 _[ - ]::--------------------------------------------------------------------------------------------------------------
3883|_[ + ] [ 22 / 36 ]-[19:05:22] [ - ]
3884|_[ + ] Target:: [ https://www.turkmenajans.net/turkmenler-dernek-acilisinda-toplandi/ ]
3885|_[ + ] Exploit::
3886|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3887|_[ + ] More details:: / - / , ISP:
3888|_[ + ] Found:: UNIDENTIFIED
3889
3890 _[ - ]::--------------------------------------------------------------------------------------------------------------
3891|_[ + ] [ 23 / 36 ]-[19:05:23] [ - ]
3892|_[ + ] Target:: [ https://www.turkmenajans.net/operasyona-haziriz-emir-bekliyoruz/ ]
3893|_[ + ] Exploit::
3894|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3895|_[ + ] More details:: / - / , ISP:
3896|_[ + ] Found:: UNIDENTIFIED
3897
3898 _[ - ]::--------------------------------------------------------------------------------------------------------------
3899|_[ + ] [ 24 / 36 ]-[19:05:25] [ - ]
3900|_[ + ] Target:: [ https://www.turkmenajans.net/cobanbey-saldirisini-planlayan-teroristler-yakalandi/ ]
3901|_[ + ] Exploit::
3902|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3903|_[ + ] More details:: / - / , ISP:
3904|_[ + ] Found:: UNIDENTIFIED
3905
3906 _[ - ]::--------------------------------------------------------------------------------------------------------------
3907|_[ + ] [ 25 / 36 ]-[19:05:25] [ - ]
3908|_[ + ] Target:: [ http://www.turkmenajans.net/bati-turkmeneli-dernegi-yeni-yerine-tasindi/ ]
3909|_[ + ] Exploit::
3910|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:80
3911|_[ + ] More details:: / - / , ISP:
3912|_[ + ] Found:: UNIDENTIFIED
3913
3914 _[ - ]::--------------------------------------------------------------------------------------------------------------
3915|_[ + ] [ 26 / 36 ]-[19:05:27] [ - ]
3916|_[ + ] Target:: [ https://www.turkmenajans.net/oruc-dis-sagligi-icin-firsat-olabilir/ ]
3917|_[ + ] Exploit::
3918|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3919|_[ + ] More details:: / - / , ISP:
3920|_[ + ] Found:: UNIDENTIFIED
3921
3922 _[ - ]::--------------------------------------------------------------------------------------------------------------
3923|_[ + ] [ 27 / 36 ]-[19:05:28] [ - ]
3924|_[ + ] Target:: [ https://www.turkmenajans.net/rusya-ile-iranin-hakimiyet-kavgasi-devam-ediyor/ ]
3925|_[ + ] Exploit::
3926|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3927|_[ + ] More details:: / - / , ISP:
3928|_[ + ] Found:: UNIDENTIFIED
3929
3930 _[ - ]::--------------------------------------------------------------------------------------------------------------
3931|_[ + ] [ 28 / 36 ]-[19:05:29] [ - ]
3932|_[ + ] Target:: [ https://www.turkmenajans.net/cobanbeyde-7000-kisiye-istihdam-saglayacak-dev-proje/ ]
3933|_[ + ] Exploit::
3934|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3935|_[ + ] More details:: / - / , ISP:
3936|_[ + ] Found:: UNIDENTIFIED
3937
3938 _[ - ]::--------------------------------------------------------------------------------------------------------------
3939|_[ + ] [ 29 / 36 ]-[19:05:31] [ - ]
3940|_[ + ] Target:: [ https://www.turkmenajans.net/telaferden-ayrilan-turkmenlerin-yuzde-35i-bolgeye-donebildi/ ]
3941|_[ + ] Exploit::
3942|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3943|_[ + ] More details:: / - / , ISP:
3944|_[ + ] Found:: UNIDENTIFIED
3945
3946 _[ - ]::--------------------------------------------------------------------------------------------------------------
3947|_[ + ] [ 30 / 36 ]-[19:05:32] [ - ]
3948|_[ + ] Target:: [ https://www.turkmenajans.net/suriye-lirasi-karsisinda-doviz-kurlari-ne-kadar/ ]
3949|_[ + ] Exploit::
3950|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3951|_[ + ] More details:: / - / , ISP:
3952|_[ + ] Found:: UNIDENTIFIED
3953
3954 _[ - ]::--------------------------------------------------------------------------------------------------------------
3955|_[ + ] [ 31 / 36 ]-[19:05:33] [ - ]
3956|_[ + ] Target:: [ https://www.turkmenajans.net/bir-defter-bir-kalem-ile-bir-cocuk-okut/ ]
3957|_[ + ] Exploit::
3958|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3959|_[ + ] More details:: / - / , ISP:
3960|_[ + ] Found:: UNIDENTIFIED
3961
3962 _[ - ]::--------------------------------------------------------------------------------------------------------------
3963|_[ + ] [ 32 / 36 ]-[19:05:34] [ - ]
3964|_[ + ] Target:: [ https://www.turkmenajans.net/teror-orgutu-ypg-pkk-roj-multeci-kampinda-cocuklari-tutukladi/ ]
3965|_[ + ] Exploit::
3966|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3967|_[ + ] More details:: / - / , ISP:
3968|_[ + ] Found:: UNIDENTIFIED
3969
3970 _[ - ]::--------------------------------------------------------------------------------------------------------------
3971|_[ + ] [ 33 / 36 ]-[19:05:36] [ - ]
3972|_[ + ] Target:: [ https://www.turkmenajans.net/menbic-de-firatin-dogusu-da-bizi-ve-turkiyeyi-dort-gozle-bekliyor/ ]
3973|_[ + ] Exploit::
3974|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3975|_[ + ] More details:: / - / , ISP:
3976|_[ + ] Found:: UNIDENTIFIED
3977
3978 _[ - ]::--------------------------------------------------------------------------------------------------------------
3979|_[ + ] [ 34 / 36 ]-[19:05:37] [ - ]
3980|_[ + ] Target:: [ https://www.turkmenajans.net/firat-kalkani-harekatiyla-terorden-temizlenen-bolgelerde-suc-orani-yuzde-2ye-dustu/ ]
3981|_[ + ] Exploit::
3982|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3983|_[ + ] More details:: / - / , ISP:
3984|_[ + ] Found:: UNIDENTIFIED
3985
3986 _[ - ]::--------------------------------------------------------------------------------------------------------------
3987|_[ + ] [ 35 / 36 ]-[19:05:39] [ - ]
3988|_[ + ] Target:: [ https://www.turkmenajans.net/cumhurbaskani-erdogan-suriye-konulu-uclu-zirve-sonrasi-aciklama-yapti-erdogan-suriyede-cozum-umudu-hic-bu-kadar-filizlenmedi-dedi-cumhurbaskani-erdogan-suriyede-cozum-umudu-hic-bu-kadar/ ]
3989|_[ + ] Exploit::
3990|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: LiteSpeed , IP:144.76.114.219:443
3991|_[ + ] More details:: / - / , ISP:
3992|_[ + ] Found:: UNIDENTIFIED
3993
3994[ INFO ] [ Shutting down ]
3995[ INFO ] [ End of process INURLBR at [24-11-2019 19:05:39]
3996[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
3997[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.turkmenajans.net/output/inurlbr-www.turkmenajans.net ]
3998|_________________________________________________________________________________________
3999
4000\_________________________________________________________________________________________/
4001#######################################################################################################################################
4002tee: /usr/share/sniper/loot/workspace/www.turkmenajans.net/output/nmap-www.turkmenajans.net-port3389.txt: Aucun fichier ou dossier de ce type
4003Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-24 19:06 EST
4004Nmap scan report for www.turkmenajans.net (144.76.114.219)
4005Host is up (0.19s latency).
4006rDNS record for 144.76.114.219: ns1.akinmedya.com
4007
4008PORT STATE SERVICE VERSION
40093389/tcp open ms-wbt-server xrdp
4010| rdp-enum-encryption:
4011| Security layer
4012| CredSSP (NLA): SUCCESS
4013| CredSSP with Early User Auth: SUCCESS
4014| Native RDP: SUCCESS
4015| RDSTLS: SUCCESS
4016| SSL: SUCCESS
4017| RDP Encryption level: High
4018| 128-bit RC4: SUCCESS
4019|_ RDP Protocol Version: RDP 5.x, 6.x, 7.x, or 8.x server
4020|_rdp-vuln-ms12-020: ERROR: Script execution failed (use -d to debug)
4021| vulscan: VulDB - https://vuldb.com:
4022| [98230] xrdp 0.9.1 PAM Session Module auth_start_session privilege escalation
4023| [45914] xrdp 0.3/0.3.1/0.3.2/0.4/0.4.1 rdp_rdp_process_color_pointer_pdu memory corruption
4024| [45913] xrdp 0.3/0.3.1/0.3.2/0.4/0.4.1 xrdp_bitmap_def_proc memory corruption
4025| [45912] xrdp 0.3/0.3.1/0.3.2/0.4/0.4.1 xrdp_bitmap_invalidate memory corruption
4026|
4027| MITRE CVE - https://cve.mitre.org:
4028| [CVE-2010-3376] The (1) proofserv, (2) xrdcp, (3) xrdpwdadmin, and (4) xrd scripts in ROOT 5.18/00 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
4029| [CVE-2008-5904] The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow.
4030| [CVE-2008-5903] Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via vectors that manipulate the value of the edit_pos structure member.
4031| [CVE-2008-5902] Buffer overflow in the xrdp_bitmap_invalidate function in xrdp/xrdp_bitmap.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via a crafted request.
4032|
4033| SecurityFocus - https://www.securityfocus.com/bid/:
4034| [94958] xrdp CVE-2013-1430 Information Disclosure Vulnerability
4035| [72667] xrdp 'sesman/verify_user.c' Remote Denial of Service Vulnerability
4036| [33371] xrdp 'xrdp_bitmap_def_proc()' Memory Corruption Vulnerability
4037| [32565] xrdp Multiple Buffer Overflow Vulnerabilities
4038|
4039| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4040| [48094] xrdp rdp_rdp_process_color_pointer_pdu buffer overflow
4041| [48093] xrdp xrdp_bitmap_def_proc code execution
4042| [47004] xrdp xrdp_bitmap_invalidate() buffer overflow
4043|
4044| Exploit-DB - https://www.exploit-db.com:
4045| [8469] XRDP <= 0.4.1 - Remote Buffer Overflow PoC (pre-auth)
4046|
4047| OpenVAS (Nessus) - http://www.openvas.org:
4048| No findings
4049|
4050| SecurityTracker - https://www.securitytracker.com:
4051| No findings
4052|
4053| OSVDB - http://www.osvdb.org:
4054| [53313] xrdp rdp/rdp_rdp.c rdp_rdp_process_color_pointer_pdu Function Unspecified Remote Overflow
4055| [51558] xrdp xrdp/funcs.c xrdp_bitmap_def_proc Function Arbitrary Code Execution
4056| [51407] xrdp xrdp/xrdp_bitmap.c xrdp_bitmap_invalidate Function Remote Overflow
4057|_
4058Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
4059Aggressive OS guesses: Linux 3.10 - 4.11 (95%), Linux 3.2 - 4.9 (95%), Linux 3.16 (95%), Linux 3.18 (94%), ASUS RT-N56U WAP (Linux 3.4) (94%), Linux 3.1 (92%), Linux 3.2 (92%), Linux 3.13 (92%), DD-WRT (Linux 3.18) (92%), DD-WRT v3.0 (Linux 4.4.2) (92%)
4060No exact OS matches for host (test conditions non-ideal).
4061Network Distance: 13 hops
4062
4063TRACEROUTE (using port 3389/tcp)
4064HOP RTT ADDRESS
40651 48.91 ms 10.242.204.1
40662 35.99 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
40673 54.04 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
40684 38.05 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
40695 38.10 ms motl-b1-link.telia.net (62.115.162.41)
40706 130.10 ms nyk-bb3-link.telia.net (62.115.137.142)
40717 148.18 ms ldn-bb4-link.telia.net (62.115.112.245)
40728 130.05 ms hbg-bb4-link.telia.net (62.115.122.160)
40739 148.23 ms nug-b1-link.telia.net (62.115.113.175)
407410 230.84 ms hetzner-ic-340780-nug-b1.c.telia.net (213.248.70.1)
407511 148.14 ms core23.fsn1.hetzner.com (213.239.252.230)
407612 130.19 ms ex9k2.dc10.fsn1.hetzner.com (213.239.229.58)
407713 148.33 ms ns1.akinmedya.com (144.76.114.219)
4078######################################################################################################################################
4079ATTENTION! The server uses and invalid security certificate which can not be trusted for
4080the following identified reasons(s);
4081
4082 1. Certificate issuer is not trusted by this system.
4083
4084 Issuer: CN=XRDP
4085
4086
4087Review the following certificate info before you trust it to be added as an exception.
4088If you do not trust the certificate the connection atempt will be aborted:
4089
4090 Subject: CN=XRDP
4091 Issuer: CN=XRDP
4092 Valid From: Wed Oct 16 09:35:56 2019
4093 To: Mon Oct 15 09:35:56 2029
4094
4095 Certificate fingerprints:
4096
4097 sha1: db2a99b3e0c465ad4c3977f5624c71af7756b0de
4098 sha256: 84ecad85369b65a96bb7bb161050936665640dfff109ea02305a7638e3d6a03d
4099
4100
4101--------------------------------------------------------
4102<<<Yasuo discovered following vulnerable applications>>>
4103--------------------------------------------------------
4104+----------+----------------------------------+----------------------------------------------+----------+----------+
4105| App Name | URL to Application | Potential Exploit | Username | Password |
4106+----------+----------------------------------+----------------------------------------------+----------+----------+
4107| SVN | https://144.76.114.219:443/.svn/ | ./auxiliary/scanner/http/svn_wcdb_scanner.rb | | |
4108+----------+----------------------------------+----------------------------------------------+----------+----------+
4109#######################################################################################################################################
4110WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
4111Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-24 18:34 EST
4112Nmap scan report for ns1.akinmedya.com (144.76.114.219)
4113Host is up (0.24s latency).
4114Not shown: 483 closed ports
4115PORT STATE SERVICE
411621/tcp open ftp
411753/tcp open domain
411880/tcp open http
4119110/tcp open pop3
4120143/tcp open imap
4121443/tcp open https
4122465/tcp open smtps
4123587/tcp open submission
4124993/tcp open imaps
4125995/tcp open pop3s
41263306/tcp open mysql
41273389/tcp open ms-wbt-server
41287080/tcp open empowerid
4129
4130Nmap done: 1 IP address (1 host up) scanned in 3.12 seconds
4131#######################################################################################################################################
4132Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-24 18:34 EST
4133Nmap scan report for ns1.akinmedya.com (144.76.114.219)
4134Host is up (0.16s latency).
4135Not shown: 11 closed ports, 2 filtered ports
4136PORT STATE SERVICE
413753/udp open domain
413867/udp open|filtered dhcps
4139
4140Nmap done: 1 IP address (1 host up) scanned in 6.22 seconds
4141#######################################################################################################################################
4142Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-24 18:34 EST
4143NSE: [ftp-brute] usernames: Time limit 10m00s exceeded.
4144NSE: [ftp-brute] usernames: Time limit 10m00s exceeded.
4145NSE: [ftp-brute] passwords: Time limit 10m00s exceeded.
4146Nmap scan report for ns1.akinmedya.com (144.76.114.219)
4147Host is up (0.18s latency).
4148
4149PORT STATE SERVICE VERSION
415021/tcp open ftp Pure-FTPd
4151| ftp-brute:
4152| Accounts: No valid accounts found
4153|_ Statistics: Performed 13577 guesses in 604 seconds, average tps: 23.4
4154| vulscan: VulDB - https://vuldb.com:
4155| [102925] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface pureftpd.passwd HTTP Request privilege escalation
4156| [57510] Pureftpd Pure-FTPd up to 0.x Memory Consumption denial of service
4157| [57504] Pureftpd Pure-FTPd up to 0.x ftp_parser.c Cleartext unknown vulnerability
4158|
4159| MITRE CVE - https://cve.mitre.org:
4160| [CVE-2004-0656] The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.
4161|
4162| SecurityFocus - https://www.securityfocus.com/bid/:
4163| [10664] PureFTPd Accept_Client Remote Denial of Service Vulnerability
4164|
4165| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4166| No findings
4167|
4168| Exploit-DB - https://www.exploit-db.com:
4169| No findings
4170|
4171| OpenVAS (Nessus) - http://www.openvas.org:
4172| No findings
4173|
4174| SecurityTracker - https://www.securitytracker.com:
4175| [1010701] PureFTPd Logic Bug in accept_client() Lets Remote Users Crash the FTP Daemon
4176| [1008135] (Claim is Retracted) PureFTPd Buffer Overflow in displayrate() Lets Remote Users Crash the Service
4177| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
4178| [1001126] PureFTPd May Allow Remote Users to Deny Service on the Server
4179|
4180| OSVDB - http://www.osvdb.org:
4181| No findings
4182|_
4183Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
4184Aggressive OS guesses: Linux 3.10 - 4.11 (95%), Linux 3.2 - 4.9 (95%), Linux 3.16 (95%), ASUS RT-N56U WAP (Linux 3.4) (94%), Linux 3.18 (94%), Oracle VM Server 3.4.2 (Linux 4.1) (92%), Linux 3.1 (92%), Linux 3.2 (92%), Linux 3.12 (92%), Linux 3.13 (92%)
4185No exact OS matches for host (test conditions non-ideal).
4186Network Distance: 13 hops
4187
4188TRACEROUTE (using port 21/tcp)
4189HOP RTT ADDRESS
41901 45.77 ms 10.242.204.1
41912 81.56 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
41923 81.61 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
41934 97.79 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
41945 97.84 ms motl-b1-link.telia.net (62.115.162.41)
41956 198.80 ms nyk-bb3-link.telia.net (62.115.137.142)
41967 ...
41978 169.33 ms hbg-bb4-link.telia.net (62.115.122.160)
41989 182.88 ms nug-b1-link.telia.net (62.115.113.175)
419910 182.70 ms hetzner-ic-340780-nug-b1.c.telia.net (213.248.70.1)
420011 198.89 ms core23.fsn1.hetzner.com (213.239.252.230)
420112 198.88 ms ex9k2.dc10.fsn1.hetzner.com (213.239.229.62)
420213 182.82 ms ns1.akinmedya.com (144.76.114.219)
4203#######################################################################################################################################
4204Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-24 18:46 EST
4205Nmap scan report for ns1.akinmedya.com (144.76.114.219)
4206Host is up (0.15s latency).
4207
4208PORT STATE SERVICE VERSION
420953/tcp open domain ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
4210|_dns-fuzz: Server didn't response to our probe, can't fuzz
4211| dns-nsec-enum:
4212|_ No NSEC records found
4213| dns-nsec3-enum:
4214|_ DNSSEC NSEC3 not supported
4215| dns-nsid:
4216|_ bind.version: 9.11.4-P2-RedHat-9.11.4-9.P2.el7
4217| vulscan: VulDB - https://vuldb.com:
4218| [129818] ISC BIND up to 9.11.4/9.12.2 DDNS privilege escalation
4219| [129803] ISC BIND up to 9.11.1 Response Policy Zone Query Loop denial of service
4220| [129802] ISC BIND up to 9.11.0-P1 nxdomain-redirect Query Assertion denial of service
4221| [102965] ISC BIND up to 9.11.1-P1 TSIG weak authentication
4222| [102964] ISC BIND up to 9.11.1-P1 TSIG weak authentication
4223| [99868] ISC BIND up to 9.11.1rc2 Control Channel Crash denial of service
4224| [99867] ISC BIND up to 9.11.1rc1 DNS64 State Crash denial of service
4225| [99866] ISC BIND up to 9.11.1rc1 CNAME/DNAME Crash denial of service
4226| [96827] ISC BIND up to 9.11.1b1 RPZ/DNS64 State Error NULL Pointer Dereference denial of service
4227|
4228| MITRE CVE - https://cve.mitre.org:
4229| [CVE-2007-0494] ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.
4230| [CVE-2013-4869] Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0."
4231| [CVE-2013-4854] The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
4232| [CVE-2013-3919] resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone.
4233| [CVE-2013-3434] Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242.
4234| [CVE-2013-3433] Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276.
4235| [CVE-2013-3412] SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.
4236| [CVE-2013-3404] SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.
4237| [CVE-2013-3403] Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454.
4238| [CVE-2013-3402] An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.
4239| [CVE-2013-3382] The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device reload or traffic-processing outage) via fragmented (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCue88387.
4240| [CVE-2013-2266] libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
4241| [CVE-2013-1150] The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before 8.6(1.10), 8.7 before 8.7(1.4), 9.0 before 9.0(1.1), and 9.1 before 9.1(1.2) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCud16590.
4242| [CVE-2013-1139] The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134.
4243| [CVE-2013-1137] Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause a denial of service (CPU consumption) via crafted packets to the SIP TCP port, aka Bug ID CSCua89930.
4244| [CVE-2013-1134] The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against transaction records, and cause a denial of service (bandwidth-pool consumption and call outage), via unspecified vectors, aka Bug ID CSCub28920.
4245| [CVE-2013-0149] The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795.
4246| [CVE-2012-5689] ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.
4247| [CVE-2012-5688] ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
4248| [CVE-2012-5166] ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
4249| [CVE-2012-4244] ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.
4250| [CVE-2012-3868] Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.
4251| [CVE-2012-3817] ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2
4252| [CVE-2012-1667] ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.
4253| [CVE-2012-1328] Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237.
4254| [CVE-2012-1033] The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
4255| [CVE-2012-0882] Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
4256| [CVE-2011-5184] Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i 9.10 allow remote attackers to inject arbitrary web script or HTML via the (1) node parameter to nnm/mibdiscover
4257| [CVE-2011-4313] query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
4258| [CVE-2011-2465] Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.
4259| [CVE-2011-2464] Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
4260| [CVE-2011-1910] Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.
4261| [CVE-2011-1907] ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query.
4262| [CVE-2011-0414] ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update.
4263| [CVE-2010-3762] ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query.
4264| [CVE-2010-3615] named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism.
4265| [CVE-2010-3614] named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover.
4266| [CVE-2010-3613] named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.
4267| [CVE-2010-0382] ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.
4268| [CVE-2010-0290] Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.
4269| [CVE-2010-0218] ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query.
4270| [CVE-2010-0097] ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
4271| [CVE-2009-4022] Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
4272| [CVE-2009-2028] Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 have unknown impact and attack vectors, related to "Adobe internally discovered issues."
4273| [CVE-2009-1905] The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.
4274| [CVE-2009-0696] The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.
4275| [CVE-2009-0265] Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025.
4276| [CVE-2008-4163] Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors.
4277| [CVE-2008-0122] Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
4278| [CVE-2007-2926] ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.
4279| [CVE-2007-2925] The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.
4280| [CVE-2007-2241] Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.
4281| [CVE-2007-0493] Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."
4282| [CVE-2002-2037] The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and earlier, (2) VSC3000 9.1 and earlier, (3) PGW 2200 9.1 and earlier, (4) Billing and Management Server (BAMS) and (5) Voice Services Provisioning Tool (VSPT) runs on default installations of Solaris 2.6 with unnecessary services and without the latest security patches, which allows attackers to exploit known vulnerabilities.
4283| [CVE-2002-0400] ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.
4284| [CVE-2001-0497] dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
4285| [CVE-2000-0855] SunFTP build 9(1) allows remote attackers to cause a denial of service by connecting to the server and disconnecting before sending a newline.
4286| [CVE-2000-0368] Classic Cisco IOS 9.1 and later allows attackers with access to the loging prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.
4287| [CVE-1999-1466] Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote attackers to bypass access control lists when extended IP access lists are used on certain interfaces, the IP route cache is enabled, and the access list uses the "established" keyword.
4288| [CVE-1999-1306] Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters.
4289| [CVE-1999-1216] Cisco routers 9.17 and earlier allow remote attackers to bypass security restrictions via certain IP source routed packets that should normally be denied using the "no ip source-route" command.
4290|
4291| SecurityFocus - https://www.securityfocus.com/bid/:
4292| [70744] Cisco ASR 901 Series Routers CVE-2014-3293 Denial of Service Vulnerability
4293| [70658] ZTE ZXDSL 931VII 'manager_dev_config_t.gch' Information Disclosure Vulnerability
4294| [61774] ISC BIND 9 SRTT Algorithm Authoritative Server Selection Security Vulnerability
4295| [61479] ISC BIND 9 DNS RDATA Handling CVE-2013-4854 Remote Denial of Service Vulnerability
4296| [58736] ISC BIND 9 'libdns' Remote Denial of Service Vulnerability
4297| [57556] ISC BIND 9 DNS64 CVE-2012-5689 Remote Denial of Service Vulnerability
4298| [56817] ISC BIND 9 DNS64 Remote Denial of Service Vulnerability
4299| [55852] ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
4300| [55522] ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
4301| [54659] ISC BIND 9 TCP Query Remote Denial of Service Vulnerability
4302| [54658] ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability
4303| [53772] ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
4304| [50690] ISC BIND 9 Recursive Queries Remote Denial of Service Vulnerability
4305| [48566] ISC BIND 9 Unspecified Packet Processing Remote Denial of Service Vulnerability
4306| [48565] ISC BIND 9 RPZ Configurations Remote Denial of Service Vulnerabilities
4307| [48007] ISC BIND 9 Large RRSIG RRsets Remote Denial of Service Vulnerability
4308| [47734] ISC BIND 9 RRSIG Query Type Remote Denial of Service Vulnerability
4309| [46491] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
4310| [45385] ISC BIND 9 DNSSEC Validation Remote Denial of Service Vulnerability
4311| [45133] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
4312| [41730] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
4313| [37865] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
4314| [37118] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
4315| [35848] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
4316| [25076] ISC BIND 9 Default ACL Settings Recursive Queries And Cached Content Security Bypass Vulnerability
4317| [25037] ISC BIND 9 Remote Cache Poisoning Vulnerability
4318| [4936] ISC BIND 9 Remote Denial Of Service Vulnerability
4319| [100656] Cisco ASR 920 Series Routers CVE-2017-6795 Local Arbitrary File Overwrite Vulnerability
4320| [97450] Cisco ASR 903 and ASR 920 Series CVE-2017-6603 Denial of Service Vulnerability
4321| [93415] Cisco Nexus 9000 Series Switches CVE-2016-1455 Remote Information Disclosure Vulnerability
4322| [82579] Cisco Nexus 9000 Series ACI Mode Switches CVE-2015-6398 Denial of Service Vulnerability
4323| [77686] Cisco Firepower 9000 Series CVE-2015-6380 Unspecified OS Command Injection Vulnerability
4324| [77635] Cisco Firepower 9000 Series CVE-2015-6371 Multiple Arbitrary File Read Vulnerabilities
4325| [77634] Cisco Firepower 9000 Series CVE-2015-6370 Local Command Injection Vulnerability
4326| [77633] Cisco Firepower 9000 Series Switches CVE-2015-6372 HTML Injection Vulnerability
4327| [77631] Cisco Firepower 9000 Series Switches CVE-2015-6374 Clickjacking Vulnerability
4328| [77629] Cisco Firepower 9000 Series CVE-2015-6369 Local Denial of Service Vulnerability
4329| [77628] Cisco Firepower 9000 CVE-2015-6373 Cross Site Request Forgery Vulnerability
4330| [77614] Cisco Firepower 9000 Series Switches CVE-2015-6368 Information Disclosure Vulnerability
4331| [76913] Cisco NX-OS Software for Nexus 9000 Series Switches CVE-2015-6308 Denial of Service Vulnerability
4332| [76791] Cisco ASR 9000 Series Aggregation Services Routers CVE-2015-6301 Denial of Service Vulnerability
4333| [76762] Cisco NX-OS Software for Nexus 9000 Series CVE-2015-6295 Denial of Service Vulnerability
4334| [76329] Cisco Nexus 9000 Series Software CVE-2015-4301 Remote Denial of Service Vulnerability
4335| [76057] Cisco Firepower 9000 Series Devices CVE-2015-4287 Information Disclosure Vulnerability
4336| [75471] Cisco Unified IP Phones 9900 Series CVE-2015-4226 Denial of Service Vulnerability
4337| [75378] Cisco NX-OS Software for Nexus 9000 Series CVE-2015-4213 Information Disclosure Vulnerability
4338| [74029] Cisco ASR 9000 Series Routers CVE-2015-0694 Remote Security Bypass Vulnerability
4339| [73895] Cisco NX-OS Software for Nexus 9000 Series CVE-2015-0686 Denial of Service Vulnerability
4340| [73470] Cisco ASR 9000 Series Routers CVE-2015-0685 Denial of Service Vulnerability
4341| [73318] Cisco ASR 9000 Series Aggregation Services Routers CVE-2015-0672 Denial of Service Vulnerability
4342| [72485] Cisco Unified IP Phones 9900 Series CVE-2015-0604 Arbitrary File Upload Vulnerability
4343| [72484] Cisco Unified IP Phones 9900 Series CVE-2015-0603 Local Denial of Service Vulnerability
4344| [72483] Cisco Unified IP Phones 9900 Series CVE-2015-0601 Local Denial of Service Vulnerability
4345| [72482] Cisco Unified IP Phones 9900 Series CVE-2015-0602 Information Disclosure Vulnerability
4346| [72481] Cisco Unified IP Phones 9900 Series CVE-2015-0600 Denial of Service Vulnerability
4347| [71979] Cisco MDS 9000 NX-OS Software CVE-2015-0582 Denial of Service Vulnerability
4348| [69057] Cisco Nexus 9000 Series Switches CVE-2014-3330 Access List Security Bypass Vulnerability
4349| [64770] Cisco Unified IP Phones 9900 Series Crafted Header Unregister Denial of Service Vulnerability
4350| [63564] Cisco MDS 9000 NX-OS Software VRRP Frames Denial of Service Vulnerability
4351| [62944] Cisco Unified IP Phones 9900 Series CVE-2013-5532 Buffer Overflow Vulnerability
4352| [62943] Cisco Unified IP Phones 9900 Series CVE-2013-5533 Local Command Injection Vulnerability
4353| [62905] Cisco Unified IP Phones 9900 Series CVE-2013-5526 Denial of Service Vulnerability
4354| [61330] Cisco Unified IP Phones 9900 Series CVE-2013-3426 Arbitrary File Download Vulnerability
4355| [49633] Oracle Application Server 9i 'httpd.conf' Information Disclosure Vulnerability
4356| [48811] Cisco ASR 9000 Series Routers IP Version 4 Denial of Service Vulnerability
4357| [48264] Aastra 9480i CT Multiple Information Disclosure Vulnerabilities
4358| [15542] NetObjects Fusion 9 Information Disclosure Vulnerability
4359| [6556] Oracle 9i Application Server Sample Scripts Information Disclosure Vulnerability
4360| [6459] Oracle 9i Application Server Java Server Page Source Code Disclosure Vulnerability
4361| [5335] Multiple Lucent Router UDP Port 9 Information Disclosure Vulnerability
4362| [4290] Oracle 9i Default Configuration File Information Disclosure Vulnerability
4363| [4034] Oracle 9IAS OracleJSP Information Disclosure Vulnerability
4364| [3848] Mandrake Bind 9 Package Insecure File Permissions Vulnerability
4365| [2516] Microsoft Plus! 98 Windows ME Password Disclosure Vulnerability
4366|
4367| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4368| [85799] Cisco Unified IP Phones 9900 Series directory traversal
4369| [75412] Cisco Unified IP Phones 9900 series RT privilege escalation
4370| [68733] Cisco 9000 Series Aggregation Service Router IPv4 packet denial of service
4371| [9704] Multiple Lucent router UDP port 9 could disclose sensitive information
4372| [9250] BIND 9 dns_message_findtype() denial of service
4373| [1852] BIND prior to 4.9.7 buffer overflow affects Digital Firewall 97 users
4374| [539] Microsoft Windows 95 and Internet Explorer password disclosure
4375| [86004] ISC BIND RDATA denial of service
4376| [84767] ISC BIND denial of service
4377| [83066] ISC BIND denial of service
4378| [81504] ISC BIND AAAA denial of service
4379| [80510] ISC BIND DNS64 denial of service
4380| [79121] ISC BIND queries denial of service
4381| [78479] ISC BIND RDATA denial of service
4382| [77185] ISC BIND TCP queries denial of service
4383| [77184] ISC BIND bad cache denial of service
4384| [76034] ISC BIND rdata denial of service
4385| [73053] ISC BIND cache update policy security bypass
4386| [71332] ISC BIND recursive queries denial of service
4387| [68375] ISC BIND UPDATE denial of service
4388| [68374] ISC BIND Response Policy Zones denial of service
4389| [67665] ISC BIND RRSIG Rrsets denial of service
4390| [67297] ISC BIND RRSIG denial of service
4391| [65554] ISC BIND IXFR transfer denial of service
4392| [63602] ISC BIND allow-query security bypass
4393| [63596] ISC BIND zone data security bypass
4394| [63595] ISC BIND RRSIG denial of service
4395| [62072] ISC BIND DNSSEC query denial of service
4396| [62071] ISC BIND ACL security bypass
4397| [61871] ISC BIND anchors denial of service
4398| [60421] ISC BIND RRSIG denial of service
4399| [56049] ISC BIND out-of-bailiwick weak security
4400| [55937] ISC Bind unspecified cache poisoning
4401| [55753] ISC BIND DNSSEC NSEC/NSEC3 cache poisoning
4402| [54416] ISC BIND DNSSEC cache poisoning
4403| [52073] ISC BIND dns_db_findrdataset() denial of service
4404| [47409] Multiple Mozilla products XBL loadBindingDocument information disclosure
4405| [45234] ISC BIND UDP denial of service
4406| [39670] ISC BIND inet_network buffer overflow
4407| [37233] libgssapi ISC BIND Novell SUSE Linux Enterprise Server GSS-TSIG request denial of service
4408| [37128] RHSA update for ISC BIND RRset denial of service not installed
4409| [37127] RHSA update for ISC BIND named service denial of service not installed
4410| [36275] ISC BIND DNS query spoofing
4411| [35575] ISC BIND query ID cache poisoning
4412| [35571] ISC BIND ACL security bypass
4413| [31838] ISC BIND RRset denial of service
4414| [31799] ISC BIND named service denial of service
4415| [29876] HP Tru64 ypbind core dump information disclosure
4416| [28745] ISC BIND DNSSEC RRset denial of service
4417| [28744] ISC BIND recursive INSIST denial of service
4418| [22041] BEA WebLogic Server and Express LDAP anonymous bind information disclosure
4419| [18836] BIND hostname disclosure
4420| [10624] ISC BIND DNS stub resolver library (libresolv.a) stack buffer overflows
4421| [10333] ISC BIND SIG null pointer dereference denial of service
4422| [10332] ISC BIND OPT resource record (RR) denial of service
4423| [10304] ISC BIND SIG cached resource records (RR) heap buffer overflow
4424| [7027] Cisco CBOS Web-based configuration utility binds to port 80 by default
4425| [5814] ISC BIND "
4426| [5540] ISC BIND can be remotely crashed by issuing ZXFR requests
4427| [5462] ISC BIND AXFR host command remote buffer overflow
4428|
4429| Exploit-DB - https://www.exploit-db.com:
4430| [25305] ColdFusion 9-10 - Credential Disclosure Exploit
4431| [9300] ISC BIND 9 Remote Dynamic Update Message Denial of Service PoC
4432| [24689] cPanel 9.9.1 -R3 Front Page Extension Installation Information Disclosure
4433| [23059] Netbula Anyboard 9.9.5 6 Information Disclosure Vulnerability
4434| [21812] MS Word 95/97/98/2000/2002 INCLUDEPICTURE Document Sharing File Disclosure
4435| [21764] MS Word 95/97/98/2000/2002 Excel 2002 INCLUDETEXT Document Sharing File Disclosure
4436| [19877] FrontPage 98/Personal WebServer 1.0,Personal Web Server 2.0 htimage.exe File Existence Disclosure
4437| [17376] Aastra IP Phone 9480i Web Interface Data disclosure Vulnerability
4438| [13448] linux/x86 portbind port 5074 92 bytes
4439| [13388] linux/x86 Bind /bin/sh to 31337/tcp + fork() 98 bytes
4440| [13360] linux/x86 setuid/portbind shellcode 96 bytes
4441| [13245] bsd/x86 setuid/portbind shellcode 94 bytes
4442| [10638] Web Wiz Forums 9.64 - Database Disclosure Vulnerability
4443| [6775] Solaris 9 PortBind XDR-DECODE taddr2uaddr() Remote DoS Exploit
4444| [6236] BIND 9.5.0-P2 (randomized ports) Remote DNS Cache Poisoning Exploit
4445| [6130] BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c)
4446| [6123] BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py)
4447| [6122] BIND 9.4.1-9.4.2 - Remote DNS Cache Poisoning Flaw Exploit (meta)
4448| [4292] Diskeeper 9 Remote Memory Disclosure Exploit
4449| [4266] BIND 9 0.3beta - DNS Cache Poisoning Exploit
4450|
4451| OpenVAS (Nessus) - http://www.openvas.org:
4452| [103090] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
4453| [103031] ISC BIND 9 < 9.7.2-P2 Multiple Vulnerabilities
4454| [103030] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
4455| [100717] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
4456| [100458] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
4457| [100362] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
4458| [100251] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
4459| [63208] Fedora Core 9 FEDORA-2009-0350 (bind)
4460| [11226] Oracle 9iAS default error information disclosure
4461|
4462| SecurityTracker - https://www.securitytracker.com:
4463| [1025811] Cisco ASR 9000 Series Router IPv4 Packet Processing Flaw Lets Remote Users Deny Service
4464| [1012995] BIND 9 Validator Assumption Error May Let Remote Users Deny Service
4465| [1005048] Oracle Enterprise Manager Web Service Component of Oracle 9i Application Server Discloses the Web Cache Administrator Password to Local Users
4466| [1003675] Oracle 9iAS Application Server Discloses CGI-BIN Script Source Code to Remote Users
4467| [1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords
4468| [1028901] (McAfee Issues Advisory for McAfee Email Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
4469| [1028900] (McAfee Issues Advisory for McAfee Email and Web Security Appliance) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
4470| [1028899] (McAfee Issues Fix for McAfee Web Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
4471| [1028866] (McAfee Issues Fix for McAfee Firewall Enterprise) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
4472| [1028854] (NetBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
4473| [1028849] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
4474| [1028848] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
4475| [1028839] (FreeBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
4476| [1028838] ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
4477| [1028632] ISC BIND RUNTIME_CHECK Error Lets Remote Users Deny Service Against Recursive Resolvers
4478| [1028046] ISC BIND DNS64 and Response Policy Zones (RPZ) Bug Lets Remote Users Deny Service
4479| [1027835] ISC BIND DNS64 Bug Lets Remote Users Deny Service
4480| [1027642] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
4481| [1027529] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
4482| [1026647] ISC BIND Cache Update Policy Can Be Bypassed to Allow Revoked Domain Names to Remain Resolvable
4483| [1026335] ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service
4484| [1025743] ISC BIND Response Policy Zones DNAME/CNAME Processing Flaw Lets Remote Users Deny Service
4485| [1025742] ISC BIND Packet Processing Flaw Lets Remote Users Deny Service
4486| [1015850] Samba winbindd Daemon Discloses Server Password to Local Users
4487| [1003359] BindView NETinventory Discloses Password to Local Users During Auditing
4488| [1001721] BIND Domain Name System Software May Disclose DNS Transactional Signature (TSIG) Keys to Local Users
4489|
4490| OSVDB - http://www.osvdb.org:
4491| [95373] Cisco Unified IP Phones 9900 Series Serviceability Servlet Path Value Handling Arbitrary File Access
4492| [86219] Cardiac Science G3 Plus 9390A-501 AED AEDUpdate Cleartext Password Local Disclosure
4493| [76009] Cisco IOS DLSw FST IP Protocol 91 Packet Memory Leak Remote DoS
4494| [73985] Cisco ASR 9000 Series Line Card IPv4 Packet Parsing Remote DoS
4495| [72941] Aastra 9480i IP Phone Multiple Configuration File Direct Request Information Disclosure
4496| [34520] Cisco Linksys Multiple Router UDP 916 Remote Information Disclosure
4497| [22517] MPN HP-180W Wireless IP Phone UDP Port 9090 Information Disclosure
4498| [22516] ZyXEL P-2000W_v2 VoIP Wi-Fi Phone UDP Port 9090 Information Disclosure
4499| [21292] ZyXEL P2000W UDP 9090 Remote Information Disclosure
4500| [18220] Oracle 9iAS httpd.confg /perl Location Alias Arbitrary CGI File Script Disclosure
4501| [18218] Oracle 9iAS echo2 Sample Application Information Disclosure
4502| [18217] Oracle 9iAS echo Sample Application Information Disclosure
4503| [18216] Oracle 9iAS printenv Sample Application Information Disclosure
4504| [18215] Oracle 9iAS info.jsp Sample Application Information Disclosure
4505| [6674] Microsoft Office 98 for Macintosh Disk Space Information Disclosure
4506| [3108] Microsoft Office 98 Macintosh Information Disclosure
4507| [1146] Microsoft Windows 9x Credential Cache Cleartext Password Disclosure
4508| [665] Microsoft Windows 95 Online Registration Information Disclosure
4509| [95707] ISC BIND rdata.c RFC 5011 Implementation Malformed RDATA Section Handling Remote DoS
4510| [93913] ISC BIND Recursive Resolver resolver.c Malformed Zone Query Handling Remote DoS
4511| [91712] ISC BIND Crafted Regular Expression Handling Memory Exhaustion Remote DoS
4512| [89584] ISC BIND DNS64 Nameserver Response Policy Zone (RPZ) AAAA Record Query Remapping Remote DoS
4513| [89401] Foswiki LocalSite.cfg LDAP BindPassword Plaintext Local Disclosure
4514| [88126] ISC BIND DNS64 IPv6 Transition Mechanism DNS Query Parsing Remote DoS
4515| [86118] ISC BIND Nameserver RDATA Record Query Parsing Remote DoS
4516| [85417] ISC BIND Assertion Error Resource Record RDATA Query Parsing Remote DoS
4517| [84229] ISC BIND Memory Leak TCP Query Parsing ns_client Object Out-of-memory Remote DoS
4518| [84228] ISC BIND Query Handling Bad Cache Data Structure Assertion Remote DoS
4519| [82609] ISC BIND named DNS Resource Record Zero Length Rdata Handling Remote Information Disclosure
4520| [78916] ISC BIND Cache Update Policy Deleted Domain Name Resolving Weakness
4521| [77159] ISC BIND Recursive Query Parsing Remote DoS
4522| [73605] ISC BIND UPDATE Request Parsing Remote DoS
4523| [73604] ISC BIND Response Policy Zones (RPZ) DNAME / CNAME Parsing Remote DoS
4524| [72540] ISC BIND Caching Resolver Large RRSIG RRsets Negative Caching Remote DoS
4525| [72539] ISC BIND Authoritative Server Crafted IXFR / DDNS Query Update Deadlock DoS
4526| [72172] ISC BIND Response Policy Zones RRSIG Query Assertion Failure DoS
4527| [69568] ISC BIND named allow-query ACL Restriction Bypass
4528| [69559] ISC BIND named Key Algorithm Rollover Weakness
4529| [69558] ISC BIND named RRSIG Negative Caching DoS
4530| [68271] ISC BIND DNSSEC Query Validation Response Signature Handling Remote DoS
4531| [68270] ISC BIND ACL Application Weakness Cache Recursion Access Restriction Bypass
4532| [66395] ISC BIND RRSIG Requests Infinite Loop DoS
4533| [63373] Apple Mac OS X Server Admin Authenticated Directory Binding Handling Unspecified Open Directory Information Disclosure
4534| [62008] ISC BIND Secure Response Refetch Weakness Unspecified Issue
4535| [62007] ISC BIND Recursive Client Query CNAME / DNAME Response DNS Cache Poisoning
4536| [61853] ISC BIND DNSSEC Validation Crafted NXDOMAIN Request Cache Poisoning
4537| [60493] ISC BIND DNSSEC Recursive Query Additional Section Cache Poisoning
4538| [59272] ISC BIND named Multiple Symlink Arbitrary File Overwrite
4539| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
4540| [57060] ISC BIND DNS Message Malformed TSIG Remote DoS
4541| [56584] ISC BIND Dynamic Update Message Handling Remote DoS
4542| [56411] GNU wget DNS Rebinding Information Disclosure Weakness
4543| [53115] ISC BIND EVP_VerifyFinal() / DSA_do_verify() SSL/TLS Signature Validation Weakness
4544| [48243] ISC BIND for Windows UDP Client Handler Remote DoS
4545| [46776] ISC BIND DNS Query ID Field Prediction Cache Poisoning
4546| [42655] ISC BIND on Red Hat Linux /etc/rndc.key Insecure File Permission Local named Manipulation
4547| [41211] ISC BIND libbind inet_network() Function Off-By-One Memory Corruption
4548| [40935] ISC BIND on SUSE Linux Enterprise Server libgssapi named GSS-TSIG Request Remote DoS
4549| [37301] ISC BIND Signed Zone Signature Verification Remote DoS
4550| [36796] ISC BIND Outgoing Query Predictable DNS Query ID
4551| [36236] ISC BIND allow-query-cache/allow-recursion ACL Bypass
4552| [36235] ISC BIND Predictable DNS Query IDs Cache Poisoning
4553| [34753] ISC BIND stub Resolver libbind Crafted Query Remote DoS
4554| [34752] ISC BIND so_linger Remote DoS
4555| [34751] ISC BIND Malformed SIG Record Remote DoS
4556| [34750] ISC BIND Malformed NAPTR Record Local DoS
4557| [34749] ISC BIND named maxdname DoS
4558| [34748] ISC BIND query.c query_addsoa Function Unspecified Recursive Query DoS
4559| [31923] ISC BIND Crafted ANY Request Response Multiple RRsets DoS
4560| [31922] ISC BIND Unspecified Freed Fetch Context Dereference DoS
4561| [28558] ISC BIND Recursive Query Saturation DoS
4562| [28557] ISC BIND SIG Query Multiple RRsets Response DoS
4563| [25895] ISC BIND Cached Recursive Query DoS
4564| [24263] Samba winbindd Debug Log Server Credentials Local Disclosure
4565| [21353] BindView NetInventory HOSTCFG._NI Deletion Cleartext Password Disclosure
4566| [14878] ISC BIND rdataset Parameter Malformed DNS Packet DoS
4567| [14877] ISC BIND stub Resolver Libraries Malformed DNS Response DoS
4568| [14795] ISC BIND TSIG Handling Code Remote Overflow
4569| [14432] ISC BIND Multiple DNS Resolver Functions Remote Overflow
4570| [13752] ISC BIND host Command AXFR Response Remote Overflow
4571| [13176] ISC BIND q_usedns Array Remote Overflow DoS
4572| [13175] ISC BIND dnssec authvalidated Crafted Packet Remote DoS
4573| [9736] ISC BIND fdmax File Descriptor Consumption DoS
4574| [9735] ISC BIND -DALLOW_UPDATES Option Remote Record Modification
4575| [9734] ISC BIND CNAME Record Zone Transfer DoS
4576| [9733] ISC BIND Malformed DNS Message DoS
4577| [9725] ISC BIND SIG RR Elements Invalid Expirty Times DoS
4578| [9724] ISC BIND OPT Resource Record Large UDP Payload DoS
4579| [9723] Multiple Vendor LDAP Server NULL Bind Connection Information Disclosure
4580| [8330] ISC BIND DNS stub resolver (libresolv.a) DNS Response Overflow
4581| [7990] ISC BIND gethostbyname() DNS Handling Remote Overflow
4582| [5828] ISC BIND named SRV Remote DoS
4583| [5609] ISC BIND dnskeygen HMAC-MD5 Shared Secret Key File Disclosure
4584| [2866] ISC BIND Negative Record Cache Poisoning
4585| [1751] ISC BIND Environment Variable Information Disclosure
4586| [1747] ISC BIND 4 nslookupComplain() Remote Format String
4587| [1746] ISC BIND 4 nslookupComplain() Remote Overflow
4588| [913] ISC BIND Inverse-Query Remote Overflow
4589| [869] ISC BIND named SIG Resource Server Response RR Overflow
4590| [448] ISC BIND Compressed ZXFR Name Service Query Remote DoS
4591| [438] ISC BIND Predictable Query ID DNS Cache Poisoning
4592| [24] ISC BIND NXT Record Overflow
4593|_
4594Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
4595Aggressive OS guesses: Linux 3.10 - 4.11 (95%), Linux 3.18 (95%), Linux 3.2 - 4.9 (95%), Linux 3.16 (95%), ASUS RT-N56U WAP (Linux 3.4) (94%), Linux 3.1 (92%), Linux 3.2 (92%), Linux 3.13 (92%), DD-WRT v3.0 (Linux 4.4.2) (92%), Linux 4.10 (92%)
4596No exact OS matches for host (test conditions non-ideal).
4597Network Distance: 13 hops
4598Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
4599
4600Host script results:
4601| dns-brute:
4602| DNS Brute-force hostnames:
4603| ns1.akinmedya.com - 144.76.114.219
4604| ns2.akinmedya.com - 144.76.114.219
4605| ns3.akinmedya.com - 144.76.114.219
4606| mail.akinmedya.com - 144.76.114.219
4607| www.akinmedya.com - 144.76.114.219
4608|_ ftp.akinmedya.com - 144.76.114.219
4609
4610TRACEROUTE (using port 53/tcp)
4611HOP RTT ADDRESS
46121 33.11 ms 10.242.204.1
46132 62.02 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
46143 80.72 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
46154 29.86 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
46165 29.89 ms motl-b1-link.telia.net (62.115.162.41)
46176 ...
46187 133.91 ms ldn-bb4-link.telia.net (62.115.112.245)
46198 119.58 ms hbg-bb4-link.telia.net (62.115.122.160)
46209 133.93 ms nug-b1-link.telia.net (62.115.113.175)
462110 133.92 ms hetzner-ic-340780-nug-b1.c.telia.net (213.248.70.1)
462211 142.85 ms core23.fsn1.hetzner.com (213.239.252.230)
462312 142.86 ms ex9k2.dc10.fsn1.hetzner.com (213.239.229.62)
462413 142.85 ms ns1.akinmedya.com (144.76.114.219)
4625######################################################################################################################################
4626HTTP/1.1 200 OK
4627Connection: Keep-Alive
4628Content-Type: text/html
4629Last-Modified: Tue, 07 Aug 2018 09:12:42 GMT
4630Accept-Ranges: bytes
4631Content-Length: 163
4632Date: Sun, 24 Nov 2019 23:46:37 GMT
4633Server: LiteSpeed
4634
4635Allow: OPTIONS,HEAD,GET,POST
4636#######################################################################################################################################
4637http://144.76.114.219 [200 OK] Country[GERMANY][DE], HTTPServer[LiteSpeed], IP[144.76.114.219], LiteSpeed, Meta-Refresh-Redirect[/cgi-sys/defaultwebpage.cgi]
4638http://144.76.114.219/cgi-sys/defaultwebpage.cgi [200 OK] Country[GERMANY][DE], Email[webmaster@144.76.114.219], HTML5, HTTPServer[LiteSpeed], IP[144.76.114.219], LiteSpeed, Title[Default Web Site Page]
4639######################################################################################################################################
4640
4641wig - WebApp Information Gatherer
4642
4643
4644Scanning http://144.76.114.219...
4645_________________ SITE INFO __________________
4646IP Title
4647144.76.114.219
4648
4649__________________ VERSION ___________________
4650Name Versions Type
4651litespeed Platform
4652
4653______________________________________________
4654Time: 30.1 sec Urls: 601 Fingerprints: 40401
4655#######################################################################################################################################
4656Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-24 18:47 EST
4657NSE: Loaded 163 scripts for scanning.
4658NSE: Script Pre-scanning.
4659Initiating NSE at 18:47
4660Completed NSE at 18:47, 0.00s elapsed
4661Initiating NSE at 18:47
4662Completed NSE at 18:47, 0.00s elapsed
4663Initiating Parallel DNS resolution of 1 host. at 18:47
4664Completed Parallel DNS resolution of 1 host. at 18:47, 0.03s elapsed
4665Initiating SYN Stealth Scan at 18:47
4666Scanning ns1.akinmedya.com (144.76.114.219) [1 port]
4667Discovered open port 80/tcp on 144.76.114.219
4668Completed SYN Stealth Scan at 18:47, 0.20s elapsed (1 total ports)
4669Initiating Service scan at 18:47
4670Scanning 1 service on ns1.akinmedya.com (144.76.114.219)
4671Completed Service scan at 18:47, 6.33s elapsed (1 service on 1 host)
4672Initiating OS detection (try #1) against ns1.akinmedya.com (144.76.114.219)
4673Retrying OS detection (try #2) against ns1.akinmedya.com (144.76.114.219)
4674Initiating Traceroute at 18:47
4675Completed Traceroute at 18:47, 3.02s elapsed
4676Initiating Parallel DNS resolution of 12 hosts. at 18:47
4677Completed Parallel DNS resolution of 12 hosts. at 18:47, 0.21s elapsed
4678NSE: Script scanning 144.76.114.219.
4679Initiating NSE at 18:47
4680NSE: [http-wordpress-enum 144.76.114.219:80] got no answers from pipelined queries
4681Completed NSE at 18:49, 140.38s elapsed
4682Initiating NSE at 18:49
4683Completed NSE at 18:49, 1.39s elapsed
4684Nmap scan report for ns1.akinmedya.com (144.76.114.219)
4685Host is up (0.20s latency).
4686
4687PORT STATE SERVICE VERSION
468880/tcp open http LiteSpeed httpd
4689| http-brute:
4690|_ Path "/" does not require authentication
4691|_http-chrono: Request times for /; avg: 8640.64ms; min: 8523.99ms; max: 8784.83ms
4692|_http-csrf: Couldn't find any CSRF vulnerabilities.
4693|_http-date: Sun, 24 Nov 2019 23:47:35 GMT; -4s from local time.
4694|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
4695|_http-dombased-xss: Couldn't find any DOM based XSS.
4696|_http-errors: Couldn't find any error pages.
4697|_http-feed: Couldn't find any feeds.
4698|_http-fetch: Please enter the complete path of the directory to save data in.
4699| http-headers:
4700| Connection: close
4701| Content-Type: text/html
4702| Last-Modified: Tue, 07 Aug 2018 09:12:42 GMT
4703| Accept-Ranges: bytes
4704| Content-Length: 163
4705| Date: Sun, 24 Nov 2019 23:47:35 GMT
4706| Server: LiteSpeed
4707|
4708|_ (Request type: GET)
4709|_http-jsonp-detection: Couldn't find any JSONP endpoints.
4710|_http-mobileversion-checker: No mobile version detected.
4711|_http-security-headers:
4712| http-sitemap-generator:
4713| Directory structure:
4714| /
4715| Other: 1
4716| Longest directory structure:
4717| Depth: 0
4718| Dir: /
4719| Total files found (by extension):
4720|_ Other: 1
4721|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
4722|_http-title: Site doesn't have a title (text/html).
4723|_http-traceroute: ERROR: Script execution failed (use -d to debug)
4724| http-vhosts:
4725| www.akinmedya.com : 301 -> https://www.akinmedya.com.tr/
4726| 22 names had status 200
4727|_104 names had status ERROR
4728|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
4729|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
4730|_http-xssed: No previously reported XSS vuln.
4731| vulscan: VulDB - https://vuldb.com:
4732| [127415] LiteSpeed OpenLiteSpeed up to 1.5.0 RC5 Byte Sequence Request privilege escalation
4733| [106897] Open Litespeed up to 1.3.9 Use-After-Free memory corruption
4734| [62114] Litespeedtech LiteSpeed Web Server 4.1.11 cross site scripting
4735| [53729] Litespeedtech LiteSpeed Web Server information disclosure
4736| [39420] Litespeed Technologies LiteSpeed Web Server up to 3.2.2 php%00.txt information disclosure
4737|
4738| MITRE CVE - https://cve.mitre.org:
4739| [CVE-2012-4871] Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.
4740| [CVE-2010-2333] LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
4741| [CVE-2007-5654] LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection."
4742| [CVE-2005-3695] Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter.
4743|
4744| SecurityFocus - https://www.securityfocus.com/bid/:
4745| [82240] PHP LiteSpeed SAPI Out of Bounds Read Memory Corruption Vulnerability
4746| [82027] PHP 'sapi/litespeed/lsapilib.c' Information Disclosure Vulnerability
4747| [74806] OpenLiteSpeed Heap Based Buffer Overflow and Denial of Service Vulnerabilities
4748| [74207] LiteSpeed Web Server 'httpreq.cpp' Use After Free Denial of Service Vulnerability
4749| [63484] LiteSpeed Web Server Local Privilege Escalation Vulnerability
4750| [63481] LiteSpeed Web Server Race Condition Insecure Temporary File Creation Vulnerability
4751| [55946] LiteSpeed Web Server 'gtitle' parameter Cross Site Scripting Vulnerability
4752| [45382] PHP LiteSpeed SAPI Arbitrary Code Execution Vulnerability
4753| [40815] LiteSpeed Web Server Source Code Information Disclosure Vulnerability
4754| [38317] LiteSpeed Web Server Cross Site Scripting and Request Forgery Vulnerabilities
4755| [36268] LiteSpeed Web Server Multiple Unspecified Remote Security Vulnerabilities
4756| [26163] LiteSpeed Web Server Null-Byte Handling Information Disclosure Vulnerability
4757| [15485] LiteSpeed ConfMgr.php Cross-Site Scripting Vulnerability
4758|
4759| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4760| [74144] LiteSpeed graph_html.php cross-site scripting
4761| [63979] LiteSpeed Web Server Null buffer overflow
4762| [59385] LiteSpeed Web Server information disclosure
4763| [56389] LiteSpeed Web Server Admin interface cross-site scripting
4764| [56388] LiteSpeed Web Server confMgr.php cross-site request forgery
4765| [54537] LiteSpeed Web Server post-authentication code execution
4766| [54536] LiteSpeed Web Server Lshttpd denial of service
4767| [37380] LiteSpeed Web Server mime-type information disclosure
4768| [23086] LiteSpeed Web Server /admin/config/confMgr.php cross-site scripting
4769|
4770| Exploit-DB - https://www.exploit-db.com:
4771| [26535] LiteSpeed 2.1.5 ConfMgr.php Cross-Site Scripting Vulnerability
4772| [15723] FreeBSD LiteSpeed Web Server 4.0.17 with PHP - Remote Exploit
4773| [13850] Litespeed Technologies Web Server Remote Poison null byte Exploit
4774| [11503] Litespeed Web Server 4.0.12 - (Add Admin) CSRF and XSS Vulnerabilities
4775| [4556] LiteSpeed Web Server <= 3.2.3 - Remote Source Code Disclosure Vuln
4776|
4777| OpenVAS (Nessus) - http://www.openvas.org:
4778| [100744] LiteSpeed Web Server Source Code Information Disclosure Vulnerability
4779|
4780| SecurityTracker - https://www.securitytracker.com:
4781| [1015234] LiteSpeed Web Server Input Validation Flaw in 'confMgr.php' Permits Cross-Site Scripting Attacks
4782|
4783| OSVDB - http://www.osvdb.org:
4784| [80213] LiteSpeed Web Server Admin Panel service/graph_html.php gtitle Parameter XSS
4785| [69916] LiteSpeed Web Server HTTP Header LSAPI PHP Extension Processing Overflow
4786| [65476] LiteSpeed Web Server Script Source Code Information Disclosure
4787| [62449] LiteSpeed Web Server Admin User Creation CSRF
4788| [57910] LiteSpeed Web Server Unspecified Post-authentication Issue
4789| [57909] LiteSpeed Web Server lshttpd Unspecified Infinite Loop DoS
4790| [41867] LiteSpeed Web Server MIME Type Injection Null Byte Script Source Code Disclosure
4791| [20908] LiteSpeed Web Server WebAdmin confMgr.php m Parameter XSS
4792|_
4793Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
4794Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (95%), Linux 2.6.18 (89%), Linux 3.2.0 (89%), Linux 3.13 - 3.16 (89%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (89%), OpenWrt White Russian 0.9 (Linux 2.4.30) (89%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (89%), Tomato 1.27 - 1.28 (Linux 2.4.20) (89%), MikroTik RouterOS 6.15 (Linux 3.3.5) (89%), Linux 2.6.24 (89%)
4795No exact OS matches for host (test conditions non-ideal).
4796Uptime guess: 16.629 days (since Fri Nov 8 03:44:50 2019)
4797Network Distance: 13 hops
4798TCP Sequence Prediction: Difficulty=266 (Good luck!)
4799IP ID Sequence Generation: All zeros
4800
4801TRACEROUTE (using port 80/tcp)
4802HOP RTT ADDRESS
48031 100.92 ms 10.242.204.1
48042 82.24 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
48053 60.06 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
48064 153.25 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
48075 192.86 ms motl-b1-link.telia.net (62.115.183.72)
48086 ...
48097 284.62 ms ldn-bb4-link.telia.net (62.115.112.245)
48108 246.33 ms hbg-bb4-link.telia.net (62.115.122.160)
48119 284.64 ms nug-b1-link.telia.net (62.115.113.175)
481210 284.70 ms hetzner-ic-340780-nug-b1.c.telia.net (213.248.70.1)
481311 284.70 ms core23.fsn1.hetzner.com (213.239.252.230)
481412 284.74 ms ex9k2.dc10.fsn1.hetzner.com (213.239.229.62)
481513 284.75 ms ns1.akinmedya.com (144.76.114.219)
4816
4817NSE: Script Post-scanning.
4818Initiating NSE at 18:49
4819Completed NSE at 18:49, 0.00s elapsed
4820Initiating NSE at 18:49
4821Completed NSE at 18:49, 0.00s elapsed
4822#######################################################################################################################################
4823Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-24 18:49 EST
4824Stats: 0:05:12 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
4825NSE Timing: About 69.12% done; ETC: 18:57 (0:02:16 remaining)
4826NSE: [pop3-brute] usernames: Time limit 10m00s exceeded.
4827NSE: [pop3-brute] usernames: Time limit 10m00s exceeded.
4828NSE: [pop3-brute] passwords: Time limit 10m00s exceeded.
4829Nmap scan report for ns1.akinmedya.com (144.76.114.219)
4830Host is up (0.14s latency).
4831
4832PORT STATE SERVICE VERSION
4833110/tcp open pop3 Dovecot pop3d
4834| pop3-brute:
4835| Accounts: No valid accounts found
4836|_ Statistics: Performed 673 guesses in 617 seconds, average tps: 1.0
4837|_pop3-capabilities: UIDL TOP SASL(PLAIN LOGIN) USER PIPELINING RESP-CODES CAPA AUTH-RESP-CODE STLS
4838| vulscan: VulDB - https://vuldb.com:
4839| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
4840| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
4841| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
4842| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
4843| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
4844| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
4845| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
4846| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
4847| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
4848| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
4849| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
4850| [69835] Dovecot 2.2.0/2.2.1 denial of service
4851| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
4852| [65684] Dovecot up to 2.2.6 unknown vulnerability
4853| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
4854| [63692] Dovecot up to 2.0.15 spoofing
4855| [7062] Dovecot 2.1.10 mail-search.c denial of service
4856| [57517] Dovecot up to 2.0.12 Login directory traversal
4857| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
4858| [57515] Dovecot up to 2.0.12 Crash denial of service
4859| [54944] Dovecot up to 1.2.14 denial of service
4860| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
4861| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
4862| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
4863| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
4864| [53277] Dovecot up to 1.2.10 denial of service
4865| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
4866| [45256] Dovecot up to 1.1.5 directory traversal
4867| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
4868| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
4869| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
4870| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
4871| [40356] Dovecot 1.0.9 Cache unknown vulnerability
4872| [38222] Dovecot 1.0.2 directory traversal
4873| [36376] Dovecot up to 1.0.x directory traversal
4874| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
4875|
4876| MITRE CVE - https://cve.mitre.org:
4877| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
4878| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
4879| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
4880| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
4881| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
4882| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
4883| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
4884| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
4885| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
4886| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
4887| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
4888| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
4889| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
4890| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
4891| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
4892| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
4893| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
4894| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
4895| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
4896| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
4897| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
4898| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
4899| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
4900| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
4901| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
4902| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
4903| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
4904| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
4905| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
4906| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
4907| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
4908| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
4909| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
4910| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
4911| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
4912| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
4913| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
4914|
4915| SecurityFocus - https://www.securityfocus.com/bid/:
4916| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
4917| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
4918| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
4919| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
4920| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
4921| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
4922| [67306] Dovecot Denial of Service Vulnerability
4923| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
4924| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
4925| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
4926| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
4927| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
4928| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
4929| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
4930| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
4931| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
4932| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
4933| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
4934| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
4935| [39838] tpop3d Remote Denial of Service Vulnerability
4936| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
4937| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
4938| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
4939| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
4940| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
4941| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
4942| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
4943| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
4944| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
4945| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
4946| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
4947| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
4948| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
4949| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
4950| [17961] Dovecot Remote Information Disclosure Vulnerability
4951| [16672] Dovecot Double Free Denial of Service Vulnerability
4952| [8495] akpop3d User Name SQL Injection Vulnerability
4953| [8473] Vpop3d Remote Denial Of Service Vulnerability
4954| [3990] ZPop3D Bad Login Logging Failure Vulnerability
4955| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
4956|
4957| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4958| [86382] Dovecot POP3 Service denial of service
4959| [84396] Dovecot IMAP APPEND denial of service
4960| [80453] Dovecot mail-search.c denial of service
4961| [71354] Dovecot SSL Common Name (CN) weak security
4962| [67675] Dovecot script-login security bypass
4963| [67674] Dovecot script-login directory traversal
4964| [67589] Dovecot header name denial of service
4965| [63267] Apple Mac OS X Dovecot information disclosure
4966| [62340] Dovecot mailbox security bypass
4967| [62339] Dovecot IMAP or POP3 denial of service
4968| [62256] Dovecot mailbox security bypass
4969| [62255] Dovecot ACL entry security bypass
4970| [60639] Dovecot ACL plugin weak security
4971| [57267] Apple Mac OS X Dovecot Kerberos security bypass
4972| [56763] Dovecot header denial of service
4973| [54363] Dovecot base_dir privilege escalation
4974| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
4975| [46323] Dovecot dovecot.conf information disclosure
4976| [46227] Dovecot message parsing denial of service
4977| [45669] Dovecot ACL mailbox security bypass
4978| [45667] Dovecot ACL plugin rights security bypass
4979| [41085] Dovecot TAB characters authentication bypass
4980| [41009] Dovecot mail_extra_groups option unauthorized access
4981| [39342] Dovecot LDAP auth cache configuration security bypass
4982| [35767] Dovecot ACL plugin security bypass
4983| [34082] Dovecot mbox-storage.c directory traversal
4984| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
4985| [26578] Cyrus IMAP pop3d buffer overflow
4986| [26536] Dovecot IMAP LIST information disclosure
4987| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
4988| [24709] Dovecot APPEND command denial of service
4989| [13018] akpop3d authentication code SQL injection
4990| [7345] Slackware Linux imapd and ipop3d core dump
4991| [6269] imap, ipop2d and ipop3d buffer overflows
4992| [5923] Linuxconf vpop3d symbolic link
4993| [4918] IPOP3D, Buffer overflow attack
4994| [1560] IPOP3D, user login successful
4995| [1559] IPOP3D user login to remote host successful
4996| [1525] IPOP3D, user logout
4997| [1524] IPOP3D, user auto-logout
4998| [1523] IPOP3D, user login failure
4999| [1522] IPOP3D, brute force attack
5000| [1521] IPOP3D, user kiss of death logout
5001| [418] pop3d mktemp creates insecure temporary files
5002|
5003| Exploit-DB - https://www.exploit-db.com:
5004| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
5005| [23053] Vpop3d Remote Denial of Service Vulnerability
5006| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
5007| [11893] tPop3d 1.5.3 DoS
5008| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
5009| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
5010| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
5011| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
5012|
5013| OpenVAS (Nessus) - http://www.openvas.org:
5014| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
5015| [901025] Dovecot Version Detection
5016| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
5017| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
5018| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
5019| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
5020| [870607] RedHat Update for dovecot RHSA-2011:0600-01
5021| [870471] RedHat Update for dovecot RHSA-2011:1187-01
5022| [870153] RedHat Update for dovecot RHSA-2008:0297-02
5023| [863272] Fedora Update for dovecot FEDORA-2011-7612
5024| [863115] Fedora Update for dovecot FEDORA-2011-7258
5025| [861525] Fedora Update for dovecot FEDORA-2007-664
5026| [861394] Fedora Update for dovecot FEDORA-2007-493
5027| [861333] Fedora Update for dovecot FEDORA-2007-1485
5028| [860845] Fedora Update for dovecot FEDORA-2008-9202
5029| [860663] Fedora Update for dovecot FEDORA-2008-2475
5030| [860169] Fedora Update for dovecot FEDORA-2008-2464
5031| [860089] Fedora Update for dovecot FEDORA-2008-9232
5032| [840950] Ubuntu Update for dovecot USN-1295-1
5033| [840668] Ubuntu Update for dovecot USN-1143-1
5034| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
5035| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
5036| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
5037| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
5038| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
5039| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
5040| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
5041| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
5042| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
5043| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
5044| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
5045| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
5046| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
5047| [70259] FreeBSD Ports: dovecot
5048| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
5049| [66522] FreeBSD Ports: dovecot
5050| [65010] Ubuntu USN-838-1 (dovecot)
5051| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
5052| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
5053| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
5054| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
5055| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
5056| [62854] FreeBSD Ports: dovecot-managesieve
5057| [61916] FreeBSD Ports: dovecot
5058| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
5059| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
5060| [60528] FreeBSD Ports: dovecot
5061| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
5062| [60089] FreeBSD Ports: dovecot
5063| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
5064| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
5065|
5066| SecurityTracker - https://www.securitytracker.com:
5067| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
5068| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
5069| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
5070|
5071| OSVDB - http://www.osvdb.org:
5072| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
5073| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
5074| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
5075| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
5076| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
5077| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
5078| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
5079| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
5080| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
5081| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
5082| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
5083| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
5084| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
5085| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
5086| [66113] Dovecot Mail Root Directory Creation Permission Weakness
5087| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
5088| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
5089| [66110] Dovecot Multiple Unspecified Buffer Overflows
5090| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
5091| [64783] Dovecot E-mail Message Header Unspecified DoS
5092| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
5093| [62796] Dovecot mbox Format Email Header Handling DoS
5094| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
5095| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
5096| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
5097| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
5098| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
5099| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
5100| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
5101| [43137] Dovecot mail_extra_groups Symlink File Manipulation
5102| [42979] Dovecot passdbs Argument Injection Authentication Bypass
5103| [39876] Dovecot LDAP Auth Cache Security Bypass
5104| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
5105| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
5106| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
5107| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
5108| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
5109| [23281] Dovecot imap/pop3-login dovecot-auth DoS
5110| [23280] Dovecot Malformed APPEND Command DoS
5111| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
5112| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
5113| [5857] Linux pop3d Arbitrary Mail File Access
5114| [2471] akpop3d username SQL Injection
5115|_
5116Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
5117Aggressive OS guesses: Linux 3.10 - 4.11 (95%), Linux 3.2 - 4.9 (95%), Linux 3.16 (95%), Linux 3.18 (94%), ASUS RT-N56U WAP (Linux 3.4) (94%), Oracle VM Server 3.4.2 (Linux 4.1) (92%), Linux 3.1 (92%), Linux 3.2 (92%), Linux 3.12 (92%), Linux 3.13 (92%)
5118No exact OS matches for host (test conditions non-ideal).
5119Network Distance: 13 hops
5120
5121TRACEROUTE (using port 110/tcp)
5122HOP RTT ADDRESS
51231 38.90 ms 10.242.204.1
51242 49.28 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
51253 51.68 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
51264 45.70 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
51275 71.49 ms motl-b1-link.telia.net (62.115.162.41)
51286 173.34 ms nyk-bb3-link.telia.net (62.115.137.142)
51297 173.36 ms ldn-bb4-link.telia.net (62.115.112.245)
51308 150.55 ms hbg-bb4-link.telia.net (62.115.122.160)
51319 173.35 ms nug-b1-link.telia.net (62.115.113.175)
513210 173.32 ms hetzner-ic-340780-nug-b1.c.telia.net (213.248.70.1)
513311 173.44 ms core24.fsn1.hetzner.com (213.239.252.234)
513412 173.43 ms ex9k2.dc10.fsn1.hetzner.com (213.239.229.62)
513513 150.61 ms ns1.akinmedya.com (144.76.114.219)
5136#######################################################################################################################################
5137Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-24 19:00 EST
5138NSE: Loaded 163 scripts for scanning.
5139NSE: Script Pre-scanning.
5140Initiating NSE at 19:00
5141Completed NSE at 19:00, 0.00s elapsed
5142Initiating NSE at 19:00
5143Completed NSE at 19:00, 0.00s elapsed
5144Initiating Parallel DNS resolution of 1 host. at 19:00
5145Completed Parallel DNS resolution of 1 host. at 19:00, 0.03s elapsed
5146Initiating SYN Stealth Scan at 19:00
5147Scanning ns1.akinmedya.com (144.76.114.219) [1 port]
5148Discovered open port 443/tcp on 144.76.114.219
5149Completed SYN Stealth Scan at 19:00, 0.20s elapsed (1 total ports)
5150Initiating Service scan at 19:00
5151Scanning 1 service on ns1.akinmedya.com (144.76.114.219)
5152Completed Service scan at 19:00, 13.00s elapsed (1 service on 1 host)
5153Initiating OS detection (try #1) against ns1.akinmedya.com (144.76.114.219)
5154Retrying OS detection (try #2) against ns1.akinmedya.com (144.76.114.219)
5155adjust_timeouts2: packet supposedly had rtt of -143174 microseconds. Ignoring time.
5156adjust_timeouts2: packet supposedly had rtt of -143174 microseconds. Ignoring time.
5157Initiating Traceroute at 19:00
5158Completed Traceroute at 19:00, 3.00s elapsed
5159Initiating Parallel DNS resolution of 12 hosts. at 19:00
5160Completed Parallel DNS resolution of 12 hosts. at 19:01, 5.64s elapsed
5161NSE: Script scanning 144.76.114.219.
5162Initiating NSE at 19:01
5163Completed NSE at 19:04, 182.43s elapsed
5164Initiating NSE at 19:04
5165Completed NSE at 19:04, 1.64s elapsed
5166Nmap scan report for ns1.akinmedya.com (144.76.114.219)
5167Host is up (0.15s latency).
5168
5169PORT STATE SERVICE VERSION
5170443/tcp open ssl/http LiteSpeed httpd
5171| http-brute:
5172|_ Path "/" does not require authentication
5173|_http-chrono: Request times for /; avg: 963.07ms; min: 699.65ms; max: 1814.71ms
5174|_http-csrf: Couldn't find any CSRF vulnerabilities.
5175|_http-date: Mon, 25 Nov 2019 00:01:10 GMT; -2s from local time.
5176|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
5177|_http-dombased-xss: Couldn't find any DOM based XSS.
5178|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
5179| http-errors:
5180| Spidering limited to: maxpagecount=40; withinhost=ns1.akinmedya.com
5181| Found the following error pages:
5182|
5183| Error Code: 500
5184|_ https://ns1.akinmedya.com:443/
5185|_http-feed: Couldn't find any feeds.
5186|_http-fetch: Please enter the complete path of the directory to save data in.
5187| http-headers:
5188| Connection: close
5189| Content-Type: text/html; charset=UTF-8
5190| Content-Length: 0
5191| Date: Mon, 25 Nov 2019 00:01:19 GMT
5192| Server: LiteSpeed
5193| Alt-Svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
5194|
5195|_ (Request type: GET)
5196|_http-jsonp-detection: Couldn't find any JSONP endpoints.
5197| http-methods:
5198|_ Supported Methods: GET HEAD POST OPTIONS
5199|_http-mobileversion-checker: No mobile version detected.
5200| http-phpmyadmin-dir-traversal:
5201| VULNERABLE:
5202| phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local File Inclusion
5203| State: LIKELY VULNERABLE
5204| IDs: CVE:CVE-2005-3299
5205| PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
5206|
5207| Disclosure date: 2005-10-nil
5208| Extra information:
5209| ../../../../../etc/passwd not found.
5210|
5211| References:
5212| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
5213|_ http://www.exploit-db.com/exploits/1244/
5214| http-security-headers:
5215| Strict_Transport_Security:
5216|_ HSTS not configured in HTTPS Server
5217|_http-server-header: LiteSpeed
5218| http-sitemap-generator:
5219| Directory structure:
5220| Longest directory structure:
5221| Depth: 0
5222| Dir: /
5223| Total files found (by extension):
5224|_
5225|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
5226|_http-title: Site doesn't have a title (text/html; charset=UTF-8).
5227|_http-userdir-enum: Potential Users: root, admin, administrator, webadmin, sysadmin, netadmin, guest, user, web, test
5228| http-vhosts:
5229| 123 names had status 500
5230| mirror.akinmedya.com : 301 -> https://mirror.akinmedya.com/
5231| db.akinmedya.com : 301 -> https://db.akinmedya.com/
5232| mail.akinmedya.com : 301 -> https://www.akinmedya.com.tr/
5233|_www.akinmedya.com : 301 -> https://www.akinmedya.com.tr/
5234| http-wordpress-enum:
5235| Search limited to top 100 themes/plugins
5236| themes
5237| twentyeleven
5238| twentytwelve
5239| twentyten
5240| twentythirteen
5241| twentyfourteen
5242| twentyfifteen
5243| responsive
5244| customizr
5245| zerif-lite
5246| virtue
5247| storefront
5248| atahualpa
5249| twentysixteen
5250| vantage
5251| hueman
5252| spacious
5253| evolve
5254| colorway
5255| graphene
5256| sydney
5257| ifeature
5258| mh-magazine-lite
5259| generatepress
5260| mantra
5261| omega
5262| onetone
5263| coraline
5264| pinboard
5265| thematic
5266| sparkling
5267| catch-box
5268| make
5269| colormag
5270| enigma
5271| custom-community
5272| mystique
5273| alexandria
5274| delicate
5275| lightword
5276| attitude
5277| inove
5278| magazine-basic
5279| raindrops
5280| minamaze
5281| zbench
5282| point
5283| eclipse
5284| portfolio-press
5285| twentyseventeen
5286| travelify
5287| swift-basic
5288| iconic-one
5289| arcade-basic
5290| bouquet
5291| pixel
5292| sliding-door
5293| pilcrow
5294| simple-catch
5295| tempera
5296| destro
5297| p2
5298| sunspot
5299| sundance
5300| dusk-to-dawn
5301| onepress
5302| moesia
5303| dynamic-news-lite
5304| parabola
5305| parament
5306| dazzling
5307| accesspress-lite
5308| optimizer
5309| one-page
5310| chaostheory
5311| business-lite
5312| duster
5313| constructor
5314| nirvana
5315| sixteen
5316| esquire
5317| beach
5318| next-saturday
5319| flat
5320| hatch
5321| minimatica
5322| radiate
5323| accelerate
5324| oxygen
5325| accesspress-parallax
5326| swift
5327| spun
5328| wp-creativix
5329| suevafree
5330| hemingway
5331| pink-touch-2
5332| motion
5333| fruitful
5334| steira
5335| news
5336| llorix-one-lite
5337| plugins
5338| akismet
5339| contact-form-7
5340| wordpress-seo
5341| jetpack
5342| all-in-one-seo-pack 2.3.13.2
5343| wordfence
5344| woocommerce
5345| wordpress-importer
5346| nextgen-gallery
5347| google-analytics-for-wordpress
5348| wp-super-cache
5349| tinymce-advanced
5350| wptouch
5351| better-wp-security
5352| siteorigin-panels
5353| updraftplus
5354| w3-total-cache
5355| google-analytics-dashboard-for-wp
5356| wp-pagenavi
5357| si-contact-form
5358| advanced-custom-fields
5359| mailchimp-for-wp
5360| the-events-calendar
5361| add-to-any
5362| duplicator
5363| wysija-newsletters
5364| ninja-forms
5365| wp-smushit
5366| buddypress
5367| ewww-image-optimizer
5368| so-widgets-bundle
5369| really-simple-captcha
5370| ml-slider
5371| black-studio-tinymce-widget
5372| photo-gallery
5373| broken-link-checker
5374| regenerate-thumbnails
5375| google-analyticator
5376| redirection
5377| captcha
5378| duplicate-post
5379| breadcrumb-navxt
5380| backwpup
5381| user-role-editor
5382| yet-another-related-posts-plugin
5383| contact-form-plugin
5384| newsletter
5385| bbpress
5386| all-in-one-wp-security-and-firewall
5387| disable-comments
5388| social-networks-auto-poster-facebook-twitter-g
5389| wp-optimize
5390| addthis
5391| wp-statistics
5392| wp-e-commerce
5393| all-in-one-wp-migration
5394| backupwordpress
5395| si-captcha-for-wordpress
5396| wp-slimstat
5397| wp-google-maps
5398| wp-spamshield
5399| wp-maintenance-mode
5400| googleanalytics
5401| worker
5402| yith-woocommerce-wishlist
5403| wp-multibyte-patch
5404| wp-to-twitter
5405| image-widget
5406| wp-db-backup
5407| shortcodes-ultimate
5408| ultimate-tinymce
5409| share-this
5410| disqus-comment-system
5411| gallery-bank
5412| types
5413| wp-polls
5414| custom-post-type-ui
5415| shareaholic
5416| polylang
5417| post-types-order
5418| gtranslate
5419| bulletproof-security
5420| wp-fastest-cache
5421| facebook
5422| sociable
5423| iwp-client
5424| nextgen-facebook
5425| seo-ultimate
5426| wp-postviews
5427| formidable
5428| squirrly-seo
5429| wp-mail-smtp
5430| tablepress
5431| redux-framework
5432| page-links-to
5433| youtube-embed-plus
5434| contact-bank
5435| maintenance
5436|_ wp-retina-2x
5437|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
5438|_http-xssed: No previously reported XSS vuln.
5439| vulscan: VulDB - https://vuldb.com:
5440| [127415] LiteSpeed OpenLiteSpeed up to 1.5.0 RC5 Byte Sequence Request privilege escalation
5441| [106897] Open Litespeed up to 1.3.9 Use-After-Free memory corruption
5442| [62114] Litespeedtech LiteSpeed Web Server 4.1.11 cross site scripting
5443| [53729] Litespeedtech LiteSpeed Web Server information disclosure
5444| [39420] Litespeed Technologies LiteSpeed Web Server up to 3.2.2 php%00.txt information disclosure
5445|
5446| MITRE CVE - https://cve.mitre.org:
5447| [CVE-2012-4871] Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.
5448| [CVE-2010-2333] LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
5449| [CVE-2007-5654] LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection."
5450| [CVE-2005-3695] Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter.
5451|
5452| SecurityFocus - https://www.securityfocus.com/bid/:
5453| [82240] PHP LiteSpeed SAPI Out of Bounds Read Memory Corruption Vulnerability
5454| [82027] PHP 'sapi/litespeed/lsapilib.c' Information Disclosure Vulnerability
5455| [74806] OpenLiteSpeed Heap Based Buffer Overflow and Denial of Service Vulnerabilities
5456| [74207] LiteSpeed Web Server 'httpreq.cpp' Use After Free Denial of Service Vulnerability
5457| [63484] LiteSpeed Web Server Local Privilege Escalation Vulnerability
5458| [63481] LiteSpeed Web Server Race Condition Insecure Temporary File Creation Vulnerability
5459| [55946] LiteSpeed Web Server 'gtitle' parameter Cross Site Scripting Vulnerability
5460| [45382] PHP LiteSpeed SAPI Arbitrary Code Execution Vulnerability
5461| [40815] LiteSpeed Web Server Source Code Information Disclosure Vulnerability
5462| [38317] LiteSpeed Web Server Cross Site Scripting and Request Forgery Vulnerabilities
5463| [36268] LiteSpeed Web Server Multiple Unspecified Remote Security Vulnerabilities
5464| [26163] LiteSpeed Web Server Null-Byte Handling Information Disclosure Vulnerability
5465| [15485] LiteSpeed ConfMgr.php Cross-Site Scripting Vulnerability
5466|
5467| IBM X-Force - https://exchange.xforce.ibmcloud.com:
5468| [74144] LiteSpeed graph_html.php cross-site scripting
5469| [63979] LiteSpeed Web Server Null buffer overflow
5470| [59385] LiteSpeed Web Server information disclosure
5471| [56389] LiteSpeed Web Server Admin interface cross-site scripting
5472| [56388] LiteSpeed Web Server confMgr.php cross-site request forgery
5473| [54537] LiteSpeed Web Server post-authentication code execution
5474| [54536] LiteSpeed Web Server Lshttpd denial of service
5475| [37380] LiteSpeed Web Server mime-type information disclosure
5476| [23086] LiteSpeed Web Server /admin/config/confMgr.php cross-site scripting
5477|
5478| Exploit-DB - https://www.exploit-db.com:
5479| [26535] LiteSpeed 2.1.5 ConfMgr.php Cross-Site Scripting Vulnerability
5480| [15723] FreeBSD LiteSpeed Web Server 4.0.17 with PHP - Remote Exploit
5481| [13850] Litespeed Technologies Web Server Remote Poison null byte Exploit
5482| [11503] Litespeed Web Server 4.0.12 - (Add Admin) CSRF and XSS Vulnerabilities
5483| [4556] LiteSpeed Web Server <= 3.2.3 - Remote Source Code Disclosure Vuln
5484|
5485| OpenVAS (Nessus) - http://www.openvas.org:
5486| [100744] LiteSpeed Web Server Source Code Information Disclosure Vulnerability
5487|
5488| SecurityTracker - https://www.securitytracker.com:
5489| [1015234] LiteSpeed Web Server Input Validation Flaw in 'confMgr.php' Permits Cross-Site Scripting Attacks
5490|
5491| OSVDB - http://www.osvdb.org:
5492| [80213] LiteSpeed Web Server Admin Panel service/graph_html.php gtitle Parameter XSS
5493| [69916] LiteSpeed Web Server HTTP Header LSAPI PHP Extension Processing Overflow
5494| [65476] LiteSpeed Web Server Script Source Code Information Disclosure
5495| [62449] LiteSpeed Web Server Admin User Creation CSRF
5496| [57910] LiteSpeed Web Server Unspecified Post-authentication Issue
5497| [57909] LiteSpeed Web Server lshttpd Unspecified Infinite Loop DoS
5498| [41867] LiteSpeed Web Server MIME Type Injection Null Byte Script Source Code Disclosure
5499| [20908] LiteSpeed Web Server WebAdmin confMgr.php m Parameter XSS
5500|_
5501Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
5502Aggressive OS guesses: Linux 3.10 - 4.11 (95%), Linux 3.18 (95%), Linux 3.2 - 4.9 (95%), Linux 3.16 (95%), ASUS RT-N56U WAP (Linux 3.4) (94%), Linux 3.1 (92%), Linux 3.2 (92%), Linux 3.13 (92%), DD-WRT (Linux 3.18) (92%), DD-WRT v3.0 (Linux 4.4.2) (92%)
5503No exact OS matches for host (test conditions non-ideal).
5504Uptime guess: 16.638 days (since Fri Nov 8 03:44:50 2019)
5505Network Distance: 13 hops
5506TCP Sequence Prediction: Difficulty=254 (Good luck!)
5507IP ID Sequence Generation: All zeros
5508
5509TRACEROUTE (using port 443/tcp)
5510HOP RTT ADDRESS
55111 50.69 ms 10.242.204.1
55122 51.52 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
55133 53.43 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
55144 39.12 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
55155 57.93 ms motl-b1-link.telia.net (62.115.162.41)
55166 ...
55177 152.17 ms ldn-bb4-link.telia.net (62.115.112.245)
55188 152.15 ms hbg-bb4-link.telia.net (62.115.122.160)
55199 169.82 ms nug-b1-link.telia.net (62.115.113.175)
552010 152.22 ms hetzner-ic-340780-nug-b1.c.telia.net (213.248.70.1)
552111 152.30 ms core23.fsn1.hetzner.com (213.239.252.230)
552212 152.33 ms ex9k2.dc10.fsn1.hetzner.com (213.239.229.62)
552313 152.31 ms ns1.akinmedya.com (144.76.114.219)
5524
5525NSE: Script Post-scanning.
5526Initiating NSE at 19:04
5527Completed NSE at 19:04, 0.00s elapsed
5528Initiating NSE at 19:04
5529Completed NSE at 19:04, 0.00s elapsed
5530######################################################################################################################################
5531Version: 1.11.13-static
5532OpenSSL 1.0.2-chacha (1.0.2g-dev)
5533
5534Connected to 144.76.114.219
5535
5536Testing SSL server 144.76.114.219 on port 443 using SNI name 144.76.114.219
5537
5538 TLS Fallback SCSV:
5539Server does not support TLS Fallback SCSV
5540
5541 TLS renegotiation:
5542Session renegotiation not supported
5543
5544 TLS Compression:
5545Compression disabled
5546
5547 Heartbleed:
5548TLS 1.2 not vulnerable to heartbleed
5549TLS 1.1 not vulnerable to heartbleed
5550TLS 1.0 not vulnerable to heartbleed
5551
5552 Supported Server Cipher(s):
5553Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
5554Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
5555Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
5556
5557 SSL Certificate:
5558Signature Algorithm: sha256WithRSAEncryption
5559RSA Key Strength: 2048
5560
5561Subject: adanaguneyhaber.com
5562Altnames: DNS:adanaguneyhaber.com, DNS:www.adanaguneyhaber.com
5563Issuer: adanaguneyhaber.com
5564
5565Not valid before: Apr 29 03:07:28 2017 GMT
5566Not valid after: Apr 29 03:07:28 2018 GMT
5567######################################################################################################################################
5568Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-24 19:04 EST
5569NSE: [mysql-brute] usernames: Time limit 10m00s exceeded.
5570NSE: [mysql-brute] usernames: Time limit 10m00s exceeded.
5571NSE: [mysql-brute] passwords: Time limit 10m00s exceeded.
5572Nmap scan report for ns1.akinmedya.com (144.76.114.219)
5573Host is up (0.18s latency).
5574
5575PORT STATE SERVICE VERSION
55763306/tcp open mysql MySQL 5.7.28
5577| mysql-brute:
5578| Accounts: No valid accounts found
5579|_ Statistics: Performed 19421 guesses in 600 seconds, average tps: 32.6
5580| mysql-enum:
5581| Valid usernames:
5582| root:<empty> - Valid credentials
5583| netadmin:<empty> - Valid credentials
5584| guest:<empty> - Valid credentials
5585| user:<empty> - Valid credentials
5586| web:<empty> - Valid credentials
5587| webadmin:<empty> - Valid credentials
5588| administrator:<empty> - Valid credentials
5589| sysadmin:<empty> - Valid credentials
5590| admin:<empty> - Valid credentials
5591| test:<empty> - Valid credentials
5592|_ Statistics: Performed 10 guesses in 5 seconds, average tps: 2.0
5593| mysql-info:
5594| Protocol: 10
5595| Version: 5.7.28
5596| Thread ID: 24513251
5597| Capabilities flags: 65535
5598| Some Capabilities: Support41Auth, ConnectWithDatabase, InteractiveClient, SupportsTransactions, IgnoreSigpipes, Speaks41ProtocolNew, LongPassword, SupportsLoadDataLocal, FoundRows, LongColumnFlag, Speaks41ProtocolOld, DontAllowDatabaseTableColumn, SwitchToSSLAfterHandshake, SupportsCompression, IgnoreSpaceBeforeParenthesis, ODBCClient, SupportsMultipleResults, SupportsAuthPlugins, SupportsMultipleStatments
5599| Status: Autocommit
5600| Salt: \x1E\x176\x067\"Q\x07buw=5a\x1A2p6?
5601|_ Auth Plugin Name: mysql_native_password
5602| vulscan: VulDB - https://vuldb.com:
5603| [138098] Oracle MySQL Server up to 5.7.26/8.0.16 Audit Plug-in unknown vulnerability
5604| [138097] Oracle MySQL Server up to 5.7.26/8.0.16 Client programs denial of service
5605| [138094] Oracle MySQL Server up to 5.7.25/8.0.15 Replication denial of service
5606| [138085] Oracle MySQL Server up to 5.7.26/8.0.16 Optimizer denial of service
5607| [138084] Oracle MySQL Server up to 5.7.26/8.0.16 Optimizer denial of service
5608| [138073] Oracle MySQL Server up to 5.7.26/8.0.16 Audit Log denial of service
5609| [138072] Oracle MySQL Server up to 5.7.26/8.0.16 Privileges unknown vulnerability
5610| [138071] Oracle MySQL Server up to 5.7.23 Replication unknown vulnerability
5611| [138069] Oracle MySQL Server up to 5.7.26/8.0.16 InnoDB unknown vulnerability
5612| [138058] Oracle MySQL Server up to 5.7.26/8.0.15 cURL unknown vulnerability
5613| [129647] Oracle MySQL Server up to 5.7.24/8.0.13 Privileges denial of service
5614| [129646] Oracle MySQL Server up to 5.7.24/8.0.13 Privileges denial of service
5615| [129644] Oracle MySQL Server up to 5.7.24/8.0.13 Partition denial of service
5616| [129640] Oracle MySQL Server up to 5.7.24/8.0.13 Optimizer denial of service
5617| [129635] Oracle MySQL Server up to 5.7.24/8.0.13 InnoDB denial of service
5618| [129628] Oracle MySQL Server up to 5.7.24/8.0.13 Parser denial of service
5619| [125567] Oracle MySQL Server up to 5.7.23/8.0.12 Logging denial of service
5620| [125566] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
5621| [125561] Oracle MySQL Server up to 5.7.23/8.0.12 Partition denial of service
5622| [125555] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
5623| [125554] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
5624| [125553] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
5625| [125552] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
5626| [125551] Oracle MySQL Server up to 5.7.23/8.0.12 Partition denial of service
5627| [125549] Oracle MySQL Server up to 5.7.23/8.0.12 Optimizer denial of service
5628| [125546] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
5629| [125545] Oracle MySQL Server up to 5.7.23/8.0.12 Audit denial of service
5630| [125536] Oracle MySQL Server up to 5.7.23/8.0.12 Parser denial of service
5631| [121797] Oracle MySQL Server up to 5.7.22/8.0.11 Privileges unknown vulnerability
5632| [121792] Oracle MySQL Server up to 5.7.22 DML denial of service
5633| [121789] Oracle MySQL Server up to 5.7.22/8.0.11 DDL denial of service
5634| [121788] Oracle MySQL Server up to 5.7.22/8.0.11 DDL denial of service
5635| [121786] Oracle MySQL Server up to 5.7.22 Audit Log denial of service
5636| [121779] Oracle MySQL Server up to 5.7.22/8.0.11 DML denial of service
5637| [121778] Oracle MySQL Server up to 5.7.22/8.0.11 InnoDB denial of service
5638| [116759] Oracle MySQL Server up to 5.7.21 Group Replication GCS denial of service
5639| [116758] Oracle MySQL Server up to 5.7.21 Pluggable Auth denial of service
5640| [116757] Oracle MySQL Server up to 5.7.21 Performance Schema denial of service
5641| [116756] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
5642| [116754] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
5643| [116753] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
5644| [116752] Oracle MySQL Server up to 5.7.21 DML denial of service
5645| [116750] Oracle MySQL Server up to 5.7.21 InnoDB denial of service
5646| [116749] Oracle MySQL Server up to 5.7.21 InnoDB denial of service
5647| [116747] Oracle MySQL Server up to 5.7.21 InnoDB denial of service
5648| [116745] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
5649| [116743] Oracle MySQL Server up to 5.7.21 InnoDB denial of service
5650| [116740] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
5651| [116739] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
5652| [112110] Oracle MySQL Server up to 5.7.20 Optimizer denial of service
5653| [112109] Oracle MySQL Server up to 5.7.20 Optimizer denial of service
5654| [112108] Oracle MySQL Server up to 5.7.20 InnoDB denial of service
5655| [112107] Oracle MySQL Server up to 5.7.20 DML denial of service
5656| [112106] Oracle MySQL Server up to 5.7.20 DML denial of service
5657| [112105] Oracle MySQL Server up to 5.7.20 DML denial of service
5658| [75159] Oracle MySQL up to 5.7.2 SSL Client weak encryption
5659| [108192] Oracle MySQL Server up to 5.7.18 InnoDB denial of service
5660| [108189] Oracle MySQL Server up to 5.7.18 Stored Procedure denial of service
5661| [108188] Oracle MySQL Server up to 5.7.19 Replication denial of service
5662| [108183] Oracle MySQL Server up to 5.7.19 InnoDB denial of service
5663| [108182] Oracle MySQL Server up to 5.7.19 FTS denial of service
5664| [108181] Oracle MySQL Server up to 5.7.18 DML denial of service
5665| [108180] Oracle MySQL Server up to 5.7.19 Group Replication GCS denial of service
5666| [108175] Oracle MySQL Server up to 5.7.19 Optimizer denial of service
5667| [104088] Oracle MySQL Server up to 5.7.18 C API information disclosure
5668| [104081] Oracle MySQL Server up to 5.7.16 X Plugin denial of service
5669| [104080] Oracle MySQL Server up to 5.7.18 Optimizer denial of service
5670| [104079] Oracle MySQL Server up to 5.7.18 Optimizer denial of service
5671| [104078] Oracle MySQL Server up to 5.7.18 Optimizer denial of service
5672| [104077] Oracle MySQL Server up to 5.7.18 DML denial of service
5673| [104076] Oracle MySQL Server up to 5.7.18 DML denial of service
5674| [104074] Oracle MySQL Server up to 5.7.18 DML denial of service
5675| [104073] Oracle MySQL Server up to 5.7.18 DML denial of service
5676| [104072] Oracle MySQL Server up to 5.7.18 X Plugin denial of service
5677| [104071] Oracle MySQL Server up to 5.7.18 UDF denial of service
5678| [100232] Oracle MySQL Server up to 5.7.17 Encryption weak encryption
5679| [100227] Oracle MySQL Server up to 5.7.17 C API information disclosure
5680| [100226] Oracle MySQL Server up to 5.7.17 Privileges unknown vulnerability
5681| [100221] Oracle MySQL Server up to 5.7.17 Optimizer denial of service
5682| [100220] Oracle MySQL Server up to 5.7.17 DML denial of service
5683| [100219] Oracle MySQL Server up to 5.7.17 DML denial of service
5684| [100217] Oracle MySQL Server up to 5.7.17 Audit Plug-in denial of service
5685| [100214] Oracle MySQL Server up to 5.7.17 Privileges unknown vulnerability
5686| [100212] Oracle MySQL Server up to 5.7.17 InnoDB denial of service
5687| [100206] Oracle MySQL Server up to 5.7.17 DML denial of service
5688| [95730] Oracle MySQL Server up to 5.7.16 Encryption weak encryption
5689| [95729] Oracle MySQL Server up to 5.7.16 X Plugin unknown vulnerability
5690| [95719] Oracle MySQL Server up to 5.7.16 Optimizer denial of service
5691| [95716] Oracle MySQL Server up to 5.7.16 Replication denial of service
5692| [95714] Oracle MySQL Server 5.6.34 5.7.16 InnoDB denial of service
5693| [92895] Oracle MySQL Server up to 5.6.31 5.7.13 DML denial of service
5694| [92835] Oracle MySQL Server up to 5.7.13 Audit denial of service
5695| [92834] Oracle MySQL Server up to 5.7.13 RBR denial of service
5696| [92833] Oracle MySQL Server up to 5.7.13 Performance Schema denial of service
5697| [92832] Oracle MySQL Server up to 5.7.14 Optimizer denial of service
5698| [92831] Oracle MySQL Server up to 5.7.13 Memcached denial of service
5699| [92829] Oracle MySQL Server up to 5.6.31 5.7.13 InnoDB denial of service
5700| [92828] Oracle MySQL Server up to 5.7.13 InnoDB denial of service
5701| [92826] Oracle MySQL Server up to 5.7.13 DML denial of service
5702| [92821] Oracle MySQL Server up to 5.7.13 Replication denial of service
5703| [92820] Oracle MySQL Server up to 5.7.13 Performance Schema denial of service
5704| [92790] Oracle MySQL Server up to 5.7.14 Privileges information disclosure
5705| [90134] Oracle MySQL Server up to 5.7.12 Encryption denial of service
5706| [90133] Oracle MySQL Server up to 5.7.12 Replication denial of service
5707| [90130] Oracle MySQL Server up to 5.7.12 Optimizer denial of service
5708| [90129] Oracle MySQL Server up to 5.7.12 Log denial of service
5709| [90127] Oracle MySQL Server up to 5.7.12 InnoDB denial of service
5710| [90124] Oracle MySQL Server up to 5.7.12 InnoDB memory corruption
5711| [90122] Oracle MySQL Server up to 5.7.12 Optimizer denial of service
5712| [90117] Oracle MySQL Server up to 5.7.11 Optimizer denial of service
5713| [80599] Oracle MySQL Server 5.7.9 Partition denial of service
5714| [80598] Oracle MySQL Server 5.7.9 Optimizer denial of service
5715|
5716| MITRE CVE - https://cve.mitre.org:
5717| [CVE-2013-3812] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
5718| [CVE-2013-3811] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.
5719| [CVE-2013-3810] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.
5720| [CVE-2013-3809] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.
5721| [CVE-2013-3808] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
5722| [CVE-2013-3807] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.
5723| [CVE-2013-3806] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.
5724| [CVE-2013-3805] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.
5725| [CVE-2013-3804] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
5726| [CVE-2013-3802] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.
5727| [CVE-2013-3801] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
5728| [CVE-2013-3798] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.
5729| [CVE-2013-3796] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
5730| [CVE-2013-3795] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
5731| [CVE-2013-3794] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
5732| [CVE-2013-3793] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
5733| [CVE-2013-3783] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.
5734| [CVE-2013-2395] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567.
5735| [CVE-2013-2392] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
5736| [CVE-2013-2391] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.
5737| [CVE-2013-2389] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
5738| [CVE-2013-2381] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.
5739| [CVE-2013-2378] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
5740| [CVE-2013-2376] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
5741| [CVE-2013-2375] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
5742| [CVE-2013-1861] MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
5743| [CVE-2013-1570] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached.
5744| [CVE-2013-1567] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-2395.
5745| [CVE-2013-1566] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
5746| [CVE-2013-1555] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
5747| [CVE-2013-1552] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
5748| [CVE-2013-1548] Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.
5749| [CVE-2013-1544] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
5750| [CVE-2013-1532] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
5751| [CVE-2013-1531] Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.
5752| [CVE-2013-1526] Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
5753| [CVE-2013-1523] Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer.
5754| [CVE-2013-1521] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.
5755| [CVE-2013-1512] Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
5756| [CVE-2013-1511] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
5757| [CVE-2013-1506] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.
5758| [CVE-2013-1502] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.
5759| [CVE-2013-1492] Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.
5760| [CVE-2013-0389] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
5761| [CVE-2013-0386] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
5762| [CVE-2013-0385] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.
5763| [CVE-2013-0384] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
5764| [CVE-2013-0383] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.
5765| [CVE-2013-0375] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
5766| [CVE-2013-0371] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.
5767| [CVE-2013-0368] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
5768| [CVE-2013-0367] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
5769| [CVE-2012-5615] MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
5770| [CVE-2012-5614] Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.
5771| [CVE-2012-5613] ** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
5772| [CVE-2012-5612] Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
5773| [CVE-2012-5611] Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
5774| [CVE-2012-5383] ** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the MySQL installation.
5775| [CVE-2012-5096] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.
5776| [CVE-2012-5060] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
5777| [CVE-2012-4452] MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6.
5778| [CVE-2012-4414] Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
5779| [CVE-2012-3197] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
5780| [CVE-2012-3180] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
5781| [CVE-2012-3177] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.
5782| [CVE-2012-3173] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.
5783| [CVE-2012-3167] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.
5784| [CVE-2012-3166] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
5785| [CVE-2012-3163] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
5786| [CVE-2012-3160] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.
5787| [CVE-2012-3158] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.
5788| [CVE-2012-3156] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.
5789| [CVE-2012-3150] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
5790| [CVE-2012-3149] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client.
5791| [CVE-2012-3147] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client.
5792| [CVE-2012-3144] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.
5793| [CVE-2012-2750] Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibility.
5794| [CVE-2012-2749] MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.
5795| [CVE-2012-2122] sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
5796| [CVE-2012-2102] MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.
5797| [CVE-2012-1757] Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
5798| [CVE-2012-1756] Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.
5799| [CVE-2012-1735] Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
5800| [CVE-2012-1734] Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
5801| [CVE-2012-1705] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
5802| [CVE-2012-1703] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
5803| [CVE-2012-1702] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.
5804| [CVE-2012-1697] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
5805| [CVE-2012-1696] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
5806| [CVE-2012-1690] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
5807| [CVE-2012-1689] Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
5808| [CVE-2012-1688] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.
5809| [CVE-2012-0882] Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
5810| [CVE-2012-0583] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.
5811| [CVE-2012-0578] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
5812| [CVE-2012-0574] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
5813| [CVE-2012-0572] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
5814| [CVE-2012-0553] Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.
5815| [CVE-2012-0540] Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
5816| [CVE-2012-0496] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
5817| [CVE-2012-0495] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0493.
5818| [CVE-2012-0494] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows local users to affect availability via unknown vectors.
5819| [CVE-2012-0493] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0495.
5820| [CVE-2012-0492] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.
5821| [CVE-2012-0491] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0493, and CVE-2012-0495.
5822| [CVE-2012-0490] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.
5823| [CVE-2012-0489] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
5824| [CVE-2012-0488] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
5825| [CVE-2012-0487] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
5826| [CVE-2012-0486] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
5827| [CVE-2012-0485] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.
5828| [CVE-2012-0484] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.
5829| [CVE-2012-0120] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.
5830| [CVE-2012-0119] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
5831| [CVE-2012-0118] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.
5832| [CVE-2012-0117] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
5833| [CVE-2012-0116] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
5834| [CVE-2012-0115] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
5835| [CVE-2012-0114] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.
5836| [CVE-2012-0113] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.
5837| [CVE-2012-0112] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
5838| [CVE-2012-0102] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101.
5839| [CVE-2012-0101] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.
5840| [CVE-2012-0087] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.
5841| [CVE-2012-0075] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.
5842| [CVE-2011-5049] MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306.
5843| [CVE-2011-2262] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.
5844| [CVE-2011-1906] Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756.
5845| [CVE-2010-4700] The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.
5846| [CVE-2010-3840] The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.
5847| [CVE-2010-3839] MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.
5848| [CVE-2010-3838] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."
5849| [CVE-2010-3837] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.
5850| [CVE-2010-3836] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.
5851| [CVE-2010-3835] MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.
5852| [CVE-2010-3834] Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."
5853| [CVE-2010-3833] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."
5854| [CVE-2010-3683] Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.
5855| [CVE-2010-3682] Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.
5856| [CVE-2010-3681] Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.
5857| [CVE-2010-3680] Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.
5858| [CVE-2010-3679] Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.
5859| [CVE-2010-3678] Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.
5860| [CVE-2010-3677] Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.
5861| [CVE-2010-3676] storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.
5862| [CVE-2010-3064] Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function.
5863| [CVE-2010-3063] The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used.
5864| [CVE-2010-3062] mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function
5865| [CVE-2010-2008] MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
5866| [CVE-2010-1850] Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.
5867| [CVE-2010-1849] The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.
5868| [CVE-2010-1848] Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.
5869| [CVE-2010-1626] MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
5870| [CVE-2010-1621] The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.
5871| [CVE-2009-5026] The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.
5872| [CVE-2009-4484] Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.
5873| [CVE-2009-4030] MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
5874| [CVE-2009-4028] The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.
5875| [CVE-2009-4019] mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
5876| [CVE-2009-2446] Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
5877| [CVE-2009-0819] sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
5878| [CVE-2008-7247] sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.
5879| [CVE-2008-4456] Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
5880| [CVE-2008-4098] MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
5881| [CVE-2008-4097] MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.
5882| [CVE-2008-3963] MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.
5883| [CVE-2008-2079] MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
5884| [CVE-2008-1486] SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.
5885| [CVE-2007-6313] MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements.
5886| [CVE-2007-6304] The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.
5887| [CVE-2007-6303] MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
5888| [CVE-2007-5970] MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.
5889| [CVE-2007-5969] MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
5890| [CVE-2007-5925] The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
5891| [CVE-2007-5646] SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php.
5892| [CVE-2007-4889] The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
5893| [CVE-2007-3997] The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
5894| [CVE-2007-3782] MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.
5895| [CVE-2007-3781] MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
5896| [CVE-2007-3780] MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.
5897| [CVE-2007-2693] MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.
5898| [CVE-2007-2692] The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
5899| [CVE-2007-2691] MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
5900| [CVE-2007-2583] The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.
5901| [CVE-2007-1420] MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
5902| [CVE-2006-7232] sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.
5903| [CVE-2006-4835] Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.php, (5) sendmail.php, or (6) style.php, which reveals the path in various error messages.
5904| [CVE-2006-4227] MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.
5905| [CVE-2006-4226] MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
5906| [CVE-2006-4031] MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.
5907| [CVE-2006-3486] ** DISPUTED ** Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability.
5908| [CVE-2006-3469] Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.
5909| [CVE-2006-3081] mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function.
5910| [CVE-2006-2753] SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.
5911| [CVE-2006-1518] Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values.
5912| [CVE-2006-1517] sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message.
5913| [CVE-2006-1516] The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.
5914| [CVE-2006-0903] MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
5915| [CVE-2006-0369] ** DISPUTED ** MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views
5916| [CVE-2006-0200] Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.
5917| [CVE-2005-2573] The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.
5918| [CVE-2005-2558] Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field.
5919| [CVE-2005-1636] mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.
5920| [CVE-2005-0004] The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
5921| [CVE-2004-0835] MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
5922| [CVE-2004-0628] Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string.
5923| [CVE-2004-0627] The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.
5924|
5925| SecurityFocus - https://www.securityfocus.com/bid/:
5926| [52154] RETIRED: MySQL 5.5.20 Unspecified Remote Code Execution Vulnerability
5927| [47871] Oracle MySQL Prior to 5.1.52 Multiple Denial Of Service Vulnerabilities
5928| [43677] Oracle MySQL Prior to 5.1.50 Privilege Escalation Vulnerability
5929| [43676] Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities
5930| [42646] Oracle MySQL Prior to 5.1.49 'JOIN' Statement Denial Of Service Vulnerability
5931| [42643] Oracle MySQL Prior to 5.1.49 'DDL' Statements Denial Of Service Vulnerability
5932| [42638] Oracle MySQL Prior to 5.1.49 Malformed 'BINLOG' Arguments Denial Of Service Vulnerability
5933| [42596] Oracle MySQL Prior to 5.1.49 'WITH ROLLUP' Denial Of Service Vulnerability
5934| [42586] RETIRED: Oracle MySQL Prior to 5.1.49 Multiple Denial Of Service Vulnerabilities
5935| [37640] MySQL 5.0.51a Unspecified Remote Code Execution Vulnerability
5936| [36242] MySQL 5.x Unspecified Buffer Overflow Vulnerability
5937|
5938| IBM X-Force - https://exchange.xforce.ibmcloud.com:
5939| [85724] Oracle MySQL Server XA Transactions denial of service
5940| [85723] Oracle MySQL Server Server Replication denial of service
5941| [85722] Oracle MySQL Server InnoDB denial of service
5942| [85721] Oracle MySQL Server Server Privileges unspecified
5943| [85720] Oracle MySQL Server Server Partition denial of service
5944| [85719] Oracle MySQL Server Server Parser denial of service
5945| [85718] Oracle MySQL Server Server Options denial of service
5946| [85717] Oracle MySQL Server Server Options denial of service
5947| [85716] Oracle MySQL Server Server Optimizer denial of service
5948| [85715] Oracle MySQL Server Server Optimizer denial of service
5949| [85714] Oracle MySQL Server Prepared Statements denial of service
5950| [85713] Oracle MySQL Server InnoDB denial of service
5951| [85712] Oracle MySQL Server Full Text Search denial of service
5952| [85711] Oracle MySQL Server Data Manipulation Language denial of service
5953| [85710] Oracle MySQL Server Data Manipulation Language denial of service
5954| [85709] Oracle MySQL Server Audit Log unspecified
5955| [85708] Oracle MySQL Server MemCached unspecified
5956| [84846] Debian mysql-server package information disclosure
5957| [84375] Wireshark MySQL dissector denial of service
5958| [83554] Oracle MySQL Server Server Partition denial of service
5959| [83553] Oracle MySQL Server Server Locking denial of service
5960| [83552] Oracle MySQL Server Server Install unspecified
5961| [83551] Oracle MySQL Server Server Types denial of service
5962| [83550] Oracle MySQL Server Server Privileges unspecified
5963| [83549] Oracle MySQL Server InnoDB denial of service
5964| [83548] Oracle MySQL Server InnoDB denial of service
5965| [83547] Oracle MySQL Server Data Manipulation Language denial of service
5966| [83546] Oracle MySQL Server Stored Procedure denial of service
5967| [83545] Oracle MySQL Server Server Replication denial of service
5968| [83544] Oracle MySQL Server Server Partition denial of service
5969| [83543] Oracle MySQL Server Server Optimizer denial of service
5970| [83542] Oracle MySQL Server InnoDB denial of service
5971| [83541] Oracle MySQL Server Information Schema denial of service
5972| [83540] Oracle MySQL Server Data Manipulation Language denial of service
5973| [83539] Oracle MySQL Server Data Manipulation Language denial of service
5974| [83538] Oracle MySQL Server Server Optimizer unspecified
5975| [83537] Oracle MySQL Server MemCached denial of service
5976| [83536] Oracle MySQL Server Server Privileges unspecified
5977| [83535] Oracle MySQL Server Server Privileges unspecified
5978| [83534] Oracle MySQL Server Server unspecified
5979| [83533] Oracle MySQL Server Information Schema unspecified
5980| [83532] Oracle MySQL Server Server Locking unspecified
5981| [83531] Oracle MySQL Server Data Manipulation Language denial of service
5982| [83388] MySQL administrative login attempt detected
5983| [82963] Mambo MySQL database information disclosure
5984| [82946] Oracle MySQL buffer overflow
5985| [82945] Oracle MySQL buffer overflow
5986| [82895] Oracle MySQL and MariaDB geometry queries denial of service
5987| [81577] MySQL2JSON extension for TYPO3 unspecified SQL injection
5988| [81325] Oracle MySQL Server Server Privileges denial of service
5989| [81324] Oracle MySQL Server Server Partition denial of service
5990| [81323] Oracle MySQL Server Server Optimizer denial of service
5991| [81322] Oracle MySQL Server Server Optimizer denial of service
5992| [81321] Oracle MySQL Server Server denial of service
5993| [81320] Oracle MySQL Server MyISAM denial of service
5994| [81319] Oracle MySQL Server InnoDB denial of service
5995| [81318] Oracle MySQL Server InnoDB denial of service
5996| [81317] Oracle MySQL Server Server Locking denial of service
5997| [81316] Oracle MySQL Server Server denial of service
5998| [81315] Oracle MySQL Server Server Replication unspecified
5999| [81314] Oracle MySQL Server Server Replication unspecified
6000| [81313] Oracle MySQL Server Stored Procedure denial of service
6001| [81312] Oracle MySQL Server Server Optimizer denial of service
6002| [81311] Oracle MySQL Server Information Schema denial of service
6003| [81310] Oracle MySQL Server GIS Extension denial of service
6004| [80790] Oracle MySQL yaSSL buffer overflow
6005| [80553] Oracle MySQL and MariaDB salt security bypass
6006| [80443] Oracle MySQL Server unspecified code execution
6007| [80442] Oracle MySQL Server acl_get() buffer overflow
6008| [80440] Oracle MySQL Server table buffer overflow
6009| [80435] Oracle MySQL Server database privilege escalation
6010| [80434] Oracle MySQL Server COM_BINLOG_DUMP denial of service
6011| [80433] Oracle MySQL Server Stuxnet privilege escalation
6012| [80432] Oracle MySQL Server authentication information disclosure
6013| [79394] Oracle MySQL Server Server Installation information disclosure
6014| [79393] Oracle MySQL Server Server Replication denial of service
6015| [79392] Oracle MySQL Server Server Full Text Search denial of service
6016| [79391] Oracle MySQL Server Server denial of service
6017| [79390] Oracle MySQL Server Client information disclosure
6018| [79389] Oracle MySQL Server Server Optimizer denial of service
6019| [79388] Oracle MySQL Server Server Optimizer denial of service
6020| [79387] Oracle MySQL Server Server denial of service
6021| [79386] Oracle MySQL Server InnoDB Plugin denial of service
6022| [79385] Oracle MySQL Server InnoDB denial of service
6023| [79384] Oracle MySQL Server Client unspecified
6024| [79383] Oracle MySQL Server Server denial of service
6025| [79382] Oracle MySQL Server Protocol unspecified
6026| [79381] Oracle MySQL Server Information Schema unspecified
6027| [78954] SilverStripe MySQLDatabase.php information disclosure
6028| [78948] MySQL MyISAM table symlink
6029| [77865] MySQL unknown vuln
6030| [77864] MySQL sort order denial of service
6031| [77768] MySQLDumper refresh_dblist.php information disclosure
6032| [77177] MySQL Squid Access Report unspecified cross-site scripting
6033| [77065] Oracle MySQL Server Optimizer denial of service
6034| [77064] Oracle MySQL Server Optimizer denial of service
6035| [77063] Oracle MySQL Server denial of service
6036| [77062] Oracle MySQL InnoDB denial of service
6037| [77061] Oracle MySQL GIS Extension denial of service
6038| [77060] Oracle MySQL Server Optimizer denial of service
6039| [76189] MySQL unspecified error
6040| [76188] MySQL attempts security bypass
6041| [75287] MySQLDumper restore.php information disclosure
6042| [75286] MySQLDumper filemanagement.php directory traversal
6043| [75285] MySQLDumper main.php cross-site request forgery
6044| [75284] MySQLDumper install.php cross-site scripting
6045| [75283] MySQLDumper install.php file include
6046| [75282] MySQLDumper menu.php code execution
6047| [75022] Oracle MySQL Server Server Optimizer denial of service
6048| [75021] Oracle MySQL Server Server Optimizer denial of service
6049| [75020] Oracle MySQL Server Server DML denial of service
6050| [75019] Oracle MySQL Server Partition denial of service
6051| [75018] Oracle MySQL Server MyISAM denial of service
6052| [75017] Oracle MySQL Server Server Optimizer denial of service
6053| [74672] Oracle MySQL Server multiple unspecified
6054| [73092] MySQL unspecified code execution
6055| [72540] Oracle MySQL Server denial of service
6056| [72539] Oracle MySQL Server unspecified
6057| [72538] Oracle MySQL Server denial of service
6058| [72537] Oracle MySQL Server denial of service
6059| [72536] Oracle MySQL Server unspecified
6060| [72535] Oracle MySQL Server denial of service
6061| [72534] Oracle MySQL Server denial of service
6062| [72533] Oracle MySQL Server denial of service
6063| [72532] Oracle MySQL Server denial of service
6064| [72531] Oracle MySQL Server denial of service
6065| [72530] Oracle MySQL Server denial of service
6066| [72529] Oracle MySQL Server denial of service
6067| [72528] Oracle MySQL Server denial of service
6068| [72527] Oracle MySQL Server denial of service
6069| [72526] Oracle MySQL Server denial of service
6070| [72525] Oracle MySQL Server information disclosure
6071| [72524] Oracle MySQL Server denial of service
6072| [72523] Oracle MySQL Server denial of service
6073| [72522] Oracle MySQL Server denial of service
6074| [72521] Oracle MySQL Server denial of service
6075| [72520] Oracle MySQL Server denial of service
6076| [72519] Oracle MySQL Server denial of service
6077| [72518] Oracle MySQL Server unspecified
6078| [72517] Oracle MySQL Server unspecified
6079| [72516] Oracle MySQL Server unspecified
6080| [72515] Oracle MySQL Server denial of service
6081| [72514] Oracle MySQL Server unspecified
6082| [71965] MySQL port denial of service
6083| [70680] DBD::mysqlPP unspecified SQL injection
6084| [70370] TaskFreak! multi-mysql unspecified path disclosure
6085| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
6086| [68294] MySQLDriverCS statement.cs sql injection
6087| [68175] Prosody MySQL denial of service
6088| [67539] Zend Framework MySQL PDO security bypass
6089| [67254] DirectAdmin MySQL information disclosure
6090| [66567] Xoops mysql.sql information disclosure
6091| [65871] PyWebDAV MySQLAuthHandler class SQL injection
6092| [65543] MySQL Select Arbitrary data into a File
6093| [65529] MySQL Eventum full_name field cross-site scripting
6094| [65380] Oracle MySQL Eventum forgot_password.php cross-site scripting
6095| [65379] Oracle MySQL Eventum list.php cross-site scripting
6096| [65266] Accellion File Transfer Appliance MySQL default password
6097| [64878] MySQL Geometry denial of service
6098| [64877] MySQL EXPLAIN EXTENDED denial of service
6099| [64876] MySQL prepared statement denial of service
6100| [64845] MySQL extreme-value denial of service
6101| [64844] MySQL Gis_line_string::init_from_wkb denial of service
6102| [64843] MySQL user-variable denial of service
6103| [64842] MySQL view preparation denial of service
6104| [64841] MySQL prepared statement denial of service
6105| [64840] MySQL LONGBLOB denial of service
6106| [64839] MySQL invocations denial of service
6107| [64838] MySQL Gis_line_string::init_from_wkb denial of service
6108| [64689] MySQL dict0crea.c denial of service
6109| [64688] MySQL SET column denial of service
6110| [64687] MySQL BINLOG command denial of service
6111| [64686] MySQL InnoDB denial of service
6112| [64685] MySQL HANDLER interface denial of service
6113| [64684] MySQL Item_singlerow_subselect::store denial of service
6114| [64683] MySQL OK packet denial of service
6115| [63518] MySQL Query Browser GUI Tools information disclosure
6116| [63517] MySQL Administrator GUI Tools information disclosure
6117| [62272] MySQL PolyFromWKB() denial of service
6118| [62269] MySQL LIKE predicates denial of service
6119| [62268] MySQL joins denial of service
6120| [62267] MySQL GREATEST() or LEAST() denial of service
6121| [62266] MySQL GROUP_CONCAT() denial of service
6122| [62265] MySQL expression values denial of service
6123| [62264] MySQL temporary table denial of service
6124| [62263] MySQL LEAST() or GREATEST() denial of service
6125| [62262] MySQL replication privilege escalation
6126| [61739] MySQL WITH ROLLUP denial of service
6127| [61343] MySQL LOAD DATA INFILE denial of service
6128| [61342] MySQL EXPLAIN denial of service
6129| [61341] MySQL HANDLER denial of service
6130| [61340] MySQL BINLOG denial of service
6131| [61339] MySQL IN() or CASE denial of service
6132| [61338] MySQL SET denial of service
6133| [61337] MySQL DDL denial of service
6134| [61318] PHP mysqlnd_wireprotocol.c buffer overflow
6135| [61317] PHP php_mysqlnd_read_error_from_line buffer overflow
6136| [61316] PHP php_mysqlnd_auth_write buffer overflow
6137| [61274] MySQL TEMPORARY InnoDB denial of service
6138| [59905] MySQL ALTER DATABASE denial of service
6139| [59841] CMySQLite updateUser.php cross-site request forgery
6140| [59112] MySQL Enterprise Monitor unspecified cross-site request forgery
6141| [59075] PHP php_mysqlnd_auth_write() buffer overflow
6142| [59074] PHP php_mysqlnd_read_error_from_line() buffer overflow
6143| [59073] PHP php_mysqlnd_rset_header_read() buffer overflow
6144| [59072] PHP php_mysqlnd_ok_read() information disclosure
6145| [58842] MySQL DROP TABLE file deletion
6146| [58676] Template Shares MySQL information disclosure
6147| [58531] MySQL COM_FIELD_LIST buffer overflow
6148| [58530] MySQL packet denial of service
6149| [58529] MySQL COM_FIELD_LIST security bypass
6150| [58311] ClanSphere the captcha generator and MySQL driver SQL injection
6151| [57925] MySQL UNINSTALL PLUGIN security bypass
6152| [57006] Quicksilver Forums mysqldump information disclosure
6153| [56800] Employee Timeclock Software mysqldump information disclosure
6154| [56200] Flex MySQL Connector ActionScript SQL injection
6155| [55877] MySQL yaSSL buffer overflow
6156| [55622] kiddog_mysqldumper extension for TYPO3 information disclosure
6157| [55416] MySQL unspecified buffer overflow
6158| [55382] Ublog UblogMySQL.sql information disclosure
6159| [55251] PHP-MySQL-Quiz editquiz.php SQL injection
6160| [54597] MySQL sql_table.cc security bypass
6161| [54596] MySQL mysqld denial of service
6162| [54365] MySQL OpenSSL security bypass
6163| [54364] MySQL MyISAM table symlink
6164| [53950] The mysql-ocaml mysql_real_escape_string weak security
6165| [52978] Zmanda Recovery Manager for MySQL mysqlhotcopy privilege escalation
6166| [52977] Zmanda Recovery Manager for MySQL socket-server.pl command execution
6167| [52660] iScouter PHP Web Portal MySQL Password Retrieval
6168| [52220] aa33code mysql.inc information disclosure
6169| [52122] MySQL Connector/J unicode SQL injection
6170| [51614] MySQL dispatch_command() denial of service
6171| [51406] MySQL Connector/NET SSL spoofing
6172| [49202] MySQL UDF command execution
6173| [49050] MySQL XPath denial of service
6174| [48919] Cisco Application Networking Manager MySQL default account password
6175| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
6176| [47544] MySQL Calendar index.php SQL injection
6177| [47476] MySQL Calendar index.php nodstrumCalendarV2 security bypass
6178| [45649] MySQL MyISAM symlink security bypass
6179| [45648] MySQL MyISAM symlinks security bypass
6180| [45607] MySQL Quick Admin actions.php file include
6181| [45606] MySQL Quick Admin index.php file include
6182| [45590] MySQL command-line client cross-site scripting
6183| [45436] PromoteWeb MySQL go.php SQL injection
6184| [45042] MySQL empty bit-string literal denial of service
6185| [44662] mysql-lists unspecified cross-site scripting
6186| [42267] MySQL MyISAM security bypass
6187| [42211] GEDCOM_to_MySQL2 index.php, info.php and prenom.php cross-site scripting
6188| [42014] miniBB setup_mysql.php and setup_options.php SQL injection
6189| [40920] MySQL sql_select.cc denial of service
6190| [40734] MySQL Server BINLOG privilege escalation
6191| [40350] MySQL password information disclosure
6192| [39415] Debian GNU/Linux libdspam7-drv-mysql cron job password disclosure
6193| [39402] PHP LOCAL INFILE and MySQL extension security bypass
6194| [38999] aurora framework db_mysql.lib SQL injection
6195| [38990] MySQL federated engine denial of service
6196| [38989] MySQL DEFINER value privilege escalation
6197| [38988] MySQL DATA DIRECTORY and INDEX DIRECTORY privilege escalation
6198| [38964] MySQL RENAME TABLE symlink
6199| [38733] ManageEngine EventLog Analyzer MySQL default password
6200| [38284] MySQL ha_innodb.cc convert_search_mode_to_innobase() denial of service
6201| [38189] MySQL default root password
6202| [37235] Asterisk-Addons cdr_addon_mysql module SQL injection
6203| [37099] RHSA update for MySQL case sensistive database name privilege escalation not installed
6204| [36555] PHP MySQL extension multiple functions security bypass
6205| [35960] MySQL view privilege escalation
6206| [35959] MySQL CREATE TABLE LIKE information disclosure
6207| [35958] MySQL connection protocol denial of service
6208| [35291] MySQLDumper main.php security bypass
6209| [34811] MySQL udf_init and mysql_create_function command execution
6210| [34809] MySQL mysql_update privilege escalation
6211| [34349] MySQL ALTER information disclosure
6212| [34348] MySQL mysql_change_db privilege escalation
6213| [34347] MySQL RENAME TABLE weak security
6214| [34232] MySQL IF clause denial of service
6215| [33388] Advanced Website Creator (AWC) mysql_escape_string SQL injection
6216| [33285] Eve-Nuke mysql.php file include
6217| [32957] MySQL Commander dbopen.php file include
6218| [32933] cPanel load_language.php and mysqlconfig.php file include
6219| [32911] MySQL filesort function denial of service
6220| [32462] cPanel passwdmysql cross-site scripting
6221| [32288] RHSA-2006:0544 updates for mysql not installed
6222| [32266] MySQLNewsEngine affichearticles.php3 file include
6223| [31244] The Address Book MySQL export.php password information disclosure
6224| [31037] Php/Mysql Site Builder (PHPBuilder) htm2php.php directory traversal
6225| [30760] BTSaveMySql URL file disclosure
6226| [30191] StoryStream mysql.php and mysqli.php file include
6227| [30085] MySQL MS-DOS device name denial of service
6228| [30031] Agora MysqlfinderAdmin.php file include
6229| [29438] MySQLDumper mysqldumper_path/sql.php cross-site scripting
6230| [29179] paBugs class.mysql.php file include
6231| [29120] ZoomStats MySQL file include
6232| [28448] MySQL case sensitive database name privilege escalation
6233| [28442] MySQL GRANT EXECUTE privilege escalation
6234| [28387] FunkBoard admin/mysql_install.php and admin/pg_install.php unauthorized access
6235| [28202] MySQL multiupdate subselect query denial of service
6236| [28180] MySQL MERGE table security bypass
6237| [28176] PHP MySQL Banner Exchange lib.inc information disclosure
6238| [27995] Opsware Network Automation System MySQL plaintext password
6239| [27904] MySQL date_format() format string
6240| [27635] MySQL Instance Manager denial of service
6241| [27212] MySQL SELECT str_to_date denial of service
6242| [26875] MySQL ASCII escaping SQL injection
6243| [26420] Apple Mac OS X MySQL Manager blank password
6244| [26236] MySQL login packet information disclosure
6245| [26232] MySQL COM_TABLE_DUMP buffer overflow
6246| [26228] MySQL sql_parce.cc information disclosure
6247| [26042] MySQL running
6248| [25313] WoltLab Burning Board class_db_mysql.php cross-site scripting
6249| [24966] MySQL mysql_real_query logging bypass
6250| [24653] PAM-MySQL logging function denial of service
6251| [24652] PAM-MySQL authentication double free code execution
6252| [24567] PHP/MYSQL Timesheet index.php and changehrs.php SQL injection
6253| [24095] PHP ext/mysqli exception handling format string
6254| [23990] PHP mysql_connect() buffer overflow
6255| [23596] MySQL Auction search module could allow cross-site scripting
6256| [22642] RHSA-2005:334 updates for mysql not installed
6257| [21757] MySQL UDF library functions command execution
6258| [21756] MySQL LoadLibraryEx function denial of service
6259| [21738] MySQL UDF mysql_create_function function directory traversal
6260| [21737] MySQL user defined function buffer overflow
6261| [21640] MySQL Eventum multiple class SQL injection
6262| [21638] MySQL Eventum multiple scripts cross-site scripting
6263| [20984] xmysqladmin temporary file symlink
6264| [20656] MySQL mysql_install_db script symlink
6265| [20333] Plans MySQL password information disclosure
6266| [19659] MySQL CREATE TEMPORARY TABLE command creates insecure files
6267| [19658] MySQL udf_init function gain access
6268| [19576] auraCMS mysql_fetch_row function path disclosure
6269| [18922] MySQL mysqlaccess script symlink attack
6270| [18824] MySQL UDF root privileges
6271| [18464] mysql_auth unspecified vulnerability
6272| [18449] Sugar Sales plaintext MySQL password
6273| [17783] MySQL underscore allows elevated privileges
6274| [17768] MySQL MATCH ... AGAINST SQL statement denial of service
6275| [17667] MySQL UNION change denial of service
6276| [17666] MySQL ALTER TABLE RENAME bypass restriction
6277| [17493] MySQL libmysqlclient bulk inserts buffer overflow
6278| [17462] MySQLGuest AWSguest.php script cross-site scripting
6279| [17047] MySQL mysql_real_connect buffer overflow
6280| [17030] MySQL mysqlhotcopy insecure temporary file
6281| [16612] MySQL my_rnd buffer overflow
6282| [16604] MySQL check_scramble_323 function allows unauthorized access
6283| [15883] MySQL mysqld_multi script symlink attack
6284| [15617] MySQL mysqlbug script symlink attack
6285| [15417] Confixx db_mysql_loeschen2.php SQL injection
6286| [15280] Proofpoint Protection Server MySQL allows unauthorized access
6287| [13404] HP Servicecontrol Manager multiple vulnerabilities in MySQL could allow execution of code
6288| [13153] MySQL long password buffer overflow
6289| [12689] MySQL AB ODBC Driver stores ODBC passwords and usernames in plain text
6290| [12540] Teapop PostSQL and MySQL modules SQL injection
6291| [12337] MySQL mysql_real_connect function buffer overflow
6292| [11510] MySQL datadir/my.cnf modification could allow root privileges
6293| [11493] mysqlcc configuration and connection files are world writable
6294| [11340] SuckBot mod_mysql_logger denial of service
6295| [11199] MySQL mysql_change_user() double-free memory pointer denial of service
6296| [10850] MySQL libmysql client read_one_row buffer overflow
6297| [10849] MySQL libmysql client read_rows buffer overflow
6298| [10848] MySQL COM_CHANGE_USER password buffer overflow
6299| [10847] MySQL COM_CHANGE_USER command password authentication bypass
6300| [10846] MySQL COM_TABLE_DUMP unsigned integer denial of service
6301| [10483] Bugzilla stores passwords in plain text in the MySQL database
6302| [10455] gBook MySQL could allow administrative access
6303| [10243] MySQL my.ini "
6304| [9996] MySQL SHOW GRANTS command discloses adminstrator`s encrypted password
6305| [9909] MySQL logging disabled by default on Windows
6306| [9908] MySQL binding to the loopback adapter is disabled
6307| [9902] MySQL default root password could allow unauthorized access
6308| [8748] Cyrus SASL LDAP+MySQL patch allows user unauthorized POP access
6309| [8105] PHP MySQL client library allows an attacker to bypass safe_mode restrictions
6310| [7923] Conectiva Linux MySQL /var/log/mysql file has insecure permissions
6311| [7206] WinMySQLadmin stores MySQL password in plain text
6312| [6617] MySQL "
6313| [6419] MySQL drop database command buffer overflow
6314| [6418] MySQL libmysqlclient.so buffer overflow
6315| [5969] MySQL select buffer overflow
6316| [5447] pam_mysql authentication input
6317| [5409] MySQL authentication algorithm obtain password hash
6318| [5057] PCCS MySQL Database Admin Tool could reveal username and password
6319| [4228] MySQL unauthenticated remote access
6320| [3849] MySQL default test account could allow any user to connect to the database
6321| [1568] MySQL creates readable log files
6322|
6323| Exploit-DB - https://www.exploit-db.com:
6324| [30744] MySQL <= 5.1.23 Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial Of Service Vulnerability
6325| [30020] MySQL 5.0.x - IF Query Handling Remote Denial of Service Vulnerability
6326| [29724] MySQL 5.0.x Single Row SubSelect Remote Denial of Service Vulnerability
6327| [27326] MySQL 5.0.18 Query Logging Bypass Vulnerability
6328| [23073] MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot)
6329| [20044] Symantec Web Gateway 5.0.3.18 Blind SQLi Backdoor via MySQL Triggers
6330| [18269] MySQL 5.5.8 - Remote Denial of Service (DOS)
6331| [15467] Oracle MySQL < 5.1.49 'WITH ROLLUP' Denial of Service Vulnerability
6332| [9085] MySQL <= 5.0.45 COM_CREATE_DB Format String PoC (auth)
6333| [4615] MySQL <= 5.0.45 (Alter) Denial of Service Vulnerability
6334| [4392] PHP <= 4.4.7 / 5.2.3 MySQL/MySQLi Safe Mode Bypass Vulnerability
6335| [1742] MySQL (<= 4.1.18, 5.0.20) Local/Remote Information Leakage Exploit
6336| [1741] MySQL <= 5.0.20 COM_TABLE_DUMP Memory Leak/Remote BoF Exploit
6337|
6338| OpenVAS (Nessus) - http://www.openvas.org:
6339| [53251] Debian Security Advisory DSA 562-1 (mysql)
6340| [53230] Debian Security Advisory DSA 540-1 (mysql)
6341|
6342| SecurityTracker - https://www.securitytracker.com:
6343| [1028790] MySQL Multiple Bugs Let Remote Users Deny Service and Partially Access and Modify Data
6344| [1028449] MySQL Multiple Bugs Let Remote Authenticated Users Deny Service and Partially Access and Modify Data
6345| [1028004] MySQL Multiple Bugs Let Remote Authenticated Users Take Full Control or Deny Service and Let Local Users Access and Modify Data
6346| [1027829] MySQL Bug in UpdateXML() Lets Remote Authenticated Users Deny Service
6347| [1027828] MySQL Heap Overflow May Let Remote Authenticated Users Execute Arbitrary Code
6348| [1027827] MySQL Stack Overflow May Let Remote Authenticated Users Execute Arbitrary Code
6349| [1027665] MySQL Multiple Bugs Let Remote Authenticated Users Access and Modify Data and Deny Service and Local Users Access Data
6350| [1027263] MySQL Multiple Bugs Let Remote Authenticated Users Deny Service
6351| [1027143] MySQL memcmp() Comparison Error Lets Remote Users Bypass Authentication
6352| [1026934] MySQL Multiple Bugs Let Remote Users Deny Service
6353| [1026896] MySQL Unspecified Flaws Have Unspecified Impact
6354| [1026659] MySQL Unspecified Flaw Lets Remote Users Execute Arbitrary Code
6355| [1026530] MySQL Multiple Bugs Let Local and Remote Users Partially Access and Modifiy Data and Partially Deny Service
6356| [1024508] MySQL Replication Flaw Lets Remote Authenticated Users Gain Elevated Privileges
6357| [1024507] MySQL Multiple Flaws Let Remote Authenticated Users Deny Service
6358| [1024360] MySQL Multiple Flaws Let Remote Authenticated Users Deny Service
6359| [1024160] MySQL ALTER DATABASE Processing Error Lets Remote Authenticated Users Deny Service
6360| [1024033] MySQL COM_FIELD_LIST Packet Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
6361| [1024032] MySQL Large Packet Processing Flaw in my_net_skip_rest() Lets Remote Users Deny Service
6362| [1024031] MySQL COM_FIELD_LIST Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
6363| [1024004] MySQL mi_delete_table() Symlink Flaw Lets Remote Authenticated Users Delete Data and Index Files
6364| [1023402] MySQL Unspecified Flaw Lets Remote Users Execute Arbitrary Code
6365| [1023220] MySQL Client Fails to Check Server Certificates in Certain Cases
6366| [1022812] MySQL Unspecified Buffer Overflow Lets Remote Users Execute Arbitrary Code
6367| [1022533] MySQL Format String Bug in dispatch_command() Lets Remote Users Deny Service
6368| [1022482] MySQL Connector/Net is Missing SSL Certificate Validation
6369| [1021786] MySQL Bug in ExtractValue()/UpdateXML() in Processing XPath Expressions Lets Remote Authenticated Users Deny Service
6370| [1021714] (Red Hat Issues Fix) mod_auth_mysql Input Validation Flaw Lets Remote Users Inject SQL Commands
6371| [1020858] MySQL Item_bin_string::Item_bin_string() Binary Value Processing Bug Lets Remote Authenticated Users Deny Service
6372| [1019995] MySQL MyISAM Options Let Local Users Overwrite Table Files
6373| [1019085] MySQL Bugs Let Remote Authenticated Users Gain Elevated Privileges and Deny Service
6374| [1019084] MySQL DATA DIRECTORY and INDEX DIRECTORY Options May Let Remote Authenticated Users Gain Elevated Privileges
6375| [1019083] MySQL BINLOG Filename Path Bug May Let Remote Authenticated Users Gain Elevated Privileges
6376| [1019060] MySQL Rename Table Bug Lets Remote Authenticated Users Modify System Table Information
6377| [1018978] MySQL convert_search_mode_to_innobase() Bug Lets Remote Authenticated Users Deny Service
6378| [1018824] Asterisk-Addons Input Validation Flaw in cdr_addon_mysql Lets Remote Users Inject SQL Commands
6379| [1018663] MySQL Table View Access Bug Lets Remote Authenticated Users Gain Elevated Privileges
6380| [1018629] MySQL Authentication Protocol Bug Lets Remote Users Deny Service
6381| [1018071] MySQL ALTER TABLE Function Lets Remote Authenticated Users Obtain Potentially Sensitive Information
6382| [1018070] MySQL SQL SECURITY INVOKER Routines Let Remote Authenticated Users Gain Elevated Privileges
6383| [1018069] MySQL Lets Remote Authenticated Users Issue the RENAME TABLE Command
6384| [1017746] MySQL Single Row Subselect Statements Let Remote Users Deny Service
6385| [1016790] MySQL Replication Error Lets Local Users Deny Service
6386| [1016710] MySQL Case-Sensitive Database Names May Let Users Access Restricted Databases
6387| [1016709] MySQL Error in Checking suid Routine Arguments May Let Users Gain Elevated Privileges
6388| [1016617] MySQL MERGE Access Control Error May Let Users Access a Restricted Table
6389| [1016566] Opsware Network Automation System Discloses MySQL Password to Local Users
6390| [1016216] MySQL Error in Parsing Multibyte Encoded Data in mysql_real_escape() Lets Remote Users Inject SQL Commands
6391| [1016077] Apple MySQL Manager Database Initialization Bug May Let Local Users Access the Database
6392| [1016017] MySQL Anonymous Login Processing May Disclose Some Memory Contents to Remote Users
6393| [1016016] MySQL COM_TABLE_DUMP Processing Lets Remote Authenticated Users Execute Arbitrary Code or Obtain Information
6394| [1015789] Woltlab Burning Board Input Validation Hole in 'class_db_mysql.php' Permits Cross-Site Scripting Attacks
6395| [1015693] MySQL Query Bug Lets Remote Users Bypass Query Logging
6396| [1015603] PAM-MySQL pam_get_item() Double Free May Let Remote Users Execute Arbitrary Code
6397| [1015485] PHP mysqli Extension Error Mode Format String Flaw May Let Users Execute Arbitrary Code
6398| [1014603] MySQL Eventum Input Validation Hole in 'class.auth.php' Permits SQL Injection and Other Input Validation Bugs Permit Cross-Site Scripting Attacks
6399| [1014172] xMySQLadmin Lets Local Users Delete Files
6400| [1013995] MySQL 'mysql_install_db' Uses Unsafe Temporary Files and May Let Local Users Gain Elevated Privilege
6401| [1013994] MySQL Non-existent '--user' Error May Allow the Database to Run With Incorrect Privileges
6402| [1013415] MySQL CREATE FUNCTION Lets Authenticated Users Invoke libc Functions to Execute Arbitrary Code
6403| [1013414] MySQL udf_init() Path Validation Flaw Lets Authenticated Users Execute Arbitrary Libraries
6404| [1013413] MySQL CREATE TEMPORARY TABLE Uses Predictable Temporary Files That May Let Users Gain Elevated Privileges
6405| [1012914] MySQL 'mysqlaccess.sh' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
6406| [1012893] MySQL MaxDB Buffer Overflow in websql Password Parameter Lets Remote Users Execute Arbitrary Code
6407| [1012500] mysql_auth Memory Leak Has Unspecified Impact
6408| [1011741] MySQL Access Control Error in Databases With Underscore Wildcard Character May Grant Unauthorized Access
6409| [1011606] MySQL May Let Remote Authenticated Users Access Restricted Tables or Crash the System
6410| [1011408] MySQL libmysqlclient Buffer Overflow in Executing Prepared Statements Has Unspecified Impact
6411| [1011376] MySQLGuest Lack of Input Validation Lets Remote Users Conduct Cross-Site Scripting Attacks
6412| [1011008] MySQL Buffer Overflow in mysql_real_connect() May Let Remote Users Execute Arbitrary Code
6413| [1010979] MySQL 'mysqlhotcopy' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
6414| [1010645] MySQL check_scramble_323() Zero-Length Comparison Lets Remote Users Bypass Authentication
6415| [1009784] MySQL 'mysqld_multi' Temporary File Flaw Lets Local Users Overwrite Files
6416| [1009554] MySQL 'mysqlbug' Temporary File Flaw Lets Local Users Overwrite Files
6417| [1007979] MySQL mysql_change_user() Double Free Error Lets Remote Authenticated Users Crash mysqld
6418| [1007673] MySQL acl_init() Buffer Overflow Permits Remote Authenticated Administrators to Execute Arbitrary Code
6419| [1007518] DWebPro Discloses MySQL Database Password to Local Users
6420| [1007312] MySQL World-Writable Configuration File May Let Local Users Gain Root Privileges
6421| [1006976] MySQL Buffer Overflow in 'mysql_real_connect()' Client Function May Let Remote or Local Users Execute Arbitrary Code
6422| [1005800] MySQL Overflow and Authentication Bugs May Let Remote Users Execute Code or Access Database Accounts
6423| [1005345] MySQL Buffer Overflow Lets Local Users Gain System Privileges on Windows NT
6424| [1004506] vBulletin PHP-based Forum Software Has Unspecified Security Flaw in the 'db_mysql.php' Module
6425| [1004172] PHP-Survey Script Discloses Underlying MySQL Database Username and Password to Remote Users
6426| [1003955] 3rd Party Patch for Cyrus SASL ('auxprop for mysql and ldap') Lets Remote Users Access Protected POP Mail Accounts Without Authentication
6427| [1003290] Conectiva Linux MySQL Distribution May Allow Local Users to Obtain Sensitive Information
6428| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
6429| [1002485] WinMySQLadmin Database Administration Tool Discloses MySQL Password to Local Users
6430| [1002324] Vpopmail Mail Server Discloses Database Password to Local Users When Installed with MySQL
6431| [1001411] phpMyAdmin Administration Tool for MySQL Allows Remote Users to Execute Commands on the Server
6432| [1001118] MySQL Database Allows Authorized Users to Modify Server Files to Deny Service or Obtain Additional Access
6433|
6434| OSVDB - http://www.osvdb.org:
6435| [95337] Oracle MySQL Server XA Transactions Subcomponent Unspecified Remote DoS
6436| [95336] Oracle MySQL Server Replication Subcomponent Unspecified Remote DoS
6437| [95335] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
6438| [95334] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue
6439| [95333] Oracle MySQL Server Partition Subcomponent Unspecified Remote DoS
6440| [95332] Oracle MySQL Server Parser Subcomponent Unspecified Remote DoS
6441| [95331] Oracle MySQL Server Options Subcomponent Unspecified Remote DoS (2013-3801)
6442| [95330] Oracle MySQL Server Options Subcomponent Unspecified Remote DoS (2013-3808)
6443| [95329] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2013-3796)
6444| [95328] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2013-3804)
6445| [95327] Oracle MySQL Server Prepared Statements Subcomponent Unspecified Remote DoS
6446| [95326] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
6447| [95325] Oracle MySQL Server Full Text Search Subcomponent Unspecified Remote DoS
6448| [95324] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-3795)
6449| [95323] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-3793)
6450| [95322] Oracle MySQL Server Audit Log Subcomponent Unspecified Remote Issue
6451| [95321] Oracle MySQL Server MemCached Subcomponent Unspecified Remote Issue
6452| [95131] AutoMySQLBackup /usr/sbin/automysqlbackup Database Name Arbitrary Code Injection
6453| [94076] Debian Linux MySQL Server mysql-server-5.5.postinst Race Condition debian.cnf Plaintext Credential Local Disclosure
6454| [93505] Wireshark MySQL Dissector (packet-mysql.c) Malformed Packet Handling Infinite Loop Remote DoS
6455| [93174] MySQL Crafted Derived Table Handling DoS
6456| [92967] MySQL2JSON (mn_mysql2json) Extension for TYPO3 Unspecified SQL Injection
6457| [92950] MySQL Running START SLAVE Statement Process Listing Plaintext Local Password Disclosure
6458| [92485] Oracle MySQL Server Partition Subcomponent Unspecified Local DoS
6459| [92484] Oracle MySQL Server Locking Subcomponent Unspecified Remote DoS (2013-1506)
6460| [92483] Oracle MySQL Server Install Subcomponent Unspecified Local Issue
6461| [92482] Oracle MySQL Server Types Subcomponent Unspecified Remote DoS
6462| [92481] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-2381)
6463| [92480] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-1566)
6464| [92479] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-1511)
6465| [92478] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1567)
6466| [92477] Oracle MySQL Server Stored Procedure Subcomponent Unspecified Remote DoS
6467| [92476] Oracle MySQL Server Replication Subcomponent Unspecified Remote DoS
6468| [92475] Oracle MySQL Server Partition Subcomponent Unspecified Remote DoS
6469| [92474] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS
6470| [92473] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-2389)
6471| [92472] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote DoS
6472| [92471] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1512)
6473| [92470] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1544)
6474| [92469] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote Issue
6475| [92468] Oracle MySQL Server MemCached Subcomponent Unspecified Remote DoS
6476| [92467] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-2375)
6477| [92466] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-1531)
6478| [92465] Oracle MySQL Server Server Subcomponent Unspecified Remote Issue
6479| [92464] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote Issue
6480| [92463] Oracle MySQL Server Locking Subcomponent Unspecified Remote Issue (2013-1521)
6481| [92462] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-2395)
6482| [91536] Oracle MySQL yaSSL Unspecified Overflow (2012-0553)
6483| [91534] Oracle MySQL yaSSL Unspecified Overflow (2013-1492)
6484| [91415] MySQL Raw Geometry Object String Conversion Remote DoS
6485| [91108] Juju mysql Charm Install Script mysql.passwd MySQL Password Plaintext Local Disclosure
6486| [89970] Site Go /site-go/admin/extra/mysql/index.php idm Parameter Traversal Arbitrary File Access
6487| [89265] Oracle MySQL Server Server Privileges Subcomponent Unspecified Remote DoS
6488| [89264] Oracle MySQL Server Server Partition Subcomponent Unspecified Remote DoS
6489| [89263] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-0578)
6490| [89262] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-1705)
6491| [89261] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-0574)
6492| [89260] Oracle MySQL Server MyISAM Subcomponent Unspecified Remote DoS
6493| [89259] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2012-0572)
6494| [89258] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-0368)
6495| [89257] Oracle MySQL Server Server Locking Subcomponent Unspecified Remote DoS
6496| [89256] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-1702)
6497| [89255] Oracle MySQL Server Server Replication Subcomponent Unspecified Remote Issue
6498| [89254] Oracle MySQL Server Server Replication Subcomponent Unspecified Local Issue
6499| [89253] Oracle MySQL Server Stored Procedure Subcomponent Unspecified Remote DoS
6500| [89252] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS
6501| [89251] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote DoS
6502| [89250] Oracle MySQL Server GIS Extension Subcomponent Unspecified Remote DoS
6503| [89042] ViciBox Server MySQL cron Service Default Credentials
6504| [88415] Oracle MySQL Server COM_CHANGE_USER Account Password Brute-Force Weakness
6505| [88118] Oracle MySQL Server FILE Privilege Database Privilege Escalation
6506| [88067] Oracle MySQL Server Authentication Error Message User Enumeration
6507| [88066] Oracle MySQL Server for Linux Access Rights Checking Routine Database Name Handling Stack Buffer Overflow
6508| [88065] Oracle MySQL Server COM_BINLOG_DUMP Invalid Data Handling DoS
6509| [88064] Oracle MySQL Server Multiple-Table DELETE Heap Buffer Overflow
6510| [87704] CodeIgniter MySQL / MySQLi Driver Database Client Multi-byte Character Set Unspecified SQL Injection
6511| [87507] Oracle MySQL Statement Logging Multiple Log Plaintext Local Password Disclosure
6512| [87501] Oracle MySQL optimizer_switch Malformed Value Processing Local DoS
6513| [87494] Oracle MySQL on Windows Field_new_decimal::store_value dbug_buff Variable Overflow DoS
6514| [87480] MySQL Malformed XML Comment Handling DoS
6515| [87466] MySQL SSL Certificate Revocation Weakness
6516| [87356] Oracle MySQL do_div_mod DIV Expression Handling Remote DoS
6517| [87355] Oracle MySQL handler::pushed_cond Table Cache Handling mysqld DoS
6518| [87354] Oracle MySQL Polygon Union / Intersection Spatial Operations DoS
6519| [86273] Oracle MySQL Server Server Installation Subcomponent Unspecified Local Information Disclosure
6520| [86272] Oracle MySQL Server Server Replication Subcomponent Unspecified Remote DoS
6521| [86271] Oracle MySQL Server Server Full Text Search Subcomponent Unspecified Remote DoS
6522| [86270] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3156)
6523| [86269] Oracle MySQL Server MySQL Client Subcomponent Unspecified Remote Information Disclosure
6524| [86268] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-3180)
6525| [86267] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-3150)
6526| [86266] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3144)
6527| [86265] Oracle MySQL Server InnoDB Plugin Subcomponent Unspecified Remote DoS
6528| [86264] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
6529| [86263] Oracle MySQL Server MySQL Client Subcomponent Unspecified Remote Issue
6530| [86262] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3177)
6531| [86261] Oracle MySQL Server Protocol Subcomponent Unspecified Remote Issue
6532| [86260] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote Code Execution
6533| [86175] Oracle MySQL on Windows Path Subversion Arbitrary DLL Injection Code Execution
6534| [85155] Icinga module/idoutils/db/scripts/create_mysqldb.sh Icinga User Database Access Restriction Bypass
6535| [84755] Oracle MySQL Sort Order Index Calculation Remote DoS
6536| [84719] MySQLDumper index.php page Parameter XSS
6537| [84680] MySQL Squid Access Report access.log File Path XSS
6538| [83980] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1689)
6539| [83979] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1734)
6540| [83978] Oracle MySQL Server Subcomponent Unspecified Remote DoS
6541| [83977] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
6542| [83976] Oracle MySQL Server GIS Extension Subcomponent Unspecified Remote DoS
6543| [83975] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1735)
6544| [83661] Oracle MySQL Unspecified Issue (59533)
6545| [82804] Oracle MySQL Authentication Protocol Token Comparison Casting Failure Password Bypass
6546| [82803] Oracle MySQL Unspecified Issue (59387)
6547| [82120] Oracle MySQL Version Specific Comment Handling Arbitrary SQL Command Execution
6548| [81897] Viscacha classes/database/mysql.inc.php Multiple Parameter SQL Injection
6549| [81616] MySQLDumper Multiple Script Direct Request Information Disclosure
6550| [81615] MySQLDumper filemanagement.php f Parameter Traversal Arbitrary File Access
6551| [81614] MySQLDumper File Upload PHP Code Execution
6552| [81613] MySQLDumper main.php Multiple Function CSRF
6553| [81612] MySQLDumper restore.php filename Parameter XSS
6554| [81611] MySQLDumper sql.php Multiple Parameter XSS
6555| [81610] MySQLDumper install.php Multiple Parameter XSS
6556| [81609] MySQLDumper install.php language Parameter Traversal Arbitrary File Access
6557| [81378] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1690)
6558| [81377] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1696)
6559| [81376] Oracle MySQL Server Server DML Component Unspecified Remote DoS
6560| [81375] Oracle MySQL Server Partition Component Unspecified Remote DoS
6561| [81374] Oracle MySQL Server MyISAM Component Unspecified Remote DoS
6562| [81373] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1703)
6563| [81059] Oracle MySQL Server Multiple Unspecified Issues
6564| [79038] Webmin Process Listing MySQL Password Local Disclosure
6565| [78919] Oracle MySQL Unspecified Pre-authentication Remote Code Execution
6566| [78710] WordPress wp-admin/setup-config.php MySQL Query Saturation Brute-Force Proxy Weakness
6567| [78708] WordPress wp-admin/setup-config.php MySQL Database Verification Code Injection Weakness
6568| [78707] WordPress wp-admin/setup-config.php MySQL Credentials Error Message Brute-Force Weakness
6569| [78394] Oracle MySQL Server Unspecified Remote DoS (2012-0493)
6570| [78393] Oracle MySQL Server Unspecified Remote DoS (2012-0492)
6571| [78392] Oracle MySQL Server Unspecified Remote DoS (2012-0117)
6572| [78391] Oracle MySQL Server Unspecified Remote DoS (2012-0112)
6573| [78390] Oracle MySQL Server Unspecified Remote DoS (2012-0495)
6574| [78389] Oracle MySQL Server Unspecified Remote DoS (2012-0491)
6575| [78388] Oracle MySQL Server Unspecified Remote DoS (2012-0490)
6576| [78387] Oracle MySQL Server Unspecified Remote DoS (2012-0489)
6577| [78386] Oracle MySQL Server Unspecified Remote DoS (2012-0488)
6578| [78385] Oracle MySQL Server Unspecified Remote DoS (2012-0487)
6579| [78384] Oracle MySQL Server Unspecified Remote DoS (2012-0486)
6580| [78383] Oracle MySQL Server Unspecified Remote DoS (2012-0485)
6581| [78382] Oracle MySQL Server Unspecified Remote DoS (2012-0120)
6582| [78381] Oracle MySQL Server Unspecified Remote DoS (2012-0119)
6583| [78380] Oracle MySQL Server Unspecified Remote DoS (2012-0115)
6584| [78379] Oracle MySQL Server Unspecified Remote DoS (2012-0102)
6585| [78378] Oracle MySQL Server Unspecified Remote DoS (2012-0101)
6586| [78377] Oracle MySQL Server Unspecified Remote DoS (2012-0087)
6587| [78376] Oracle MySQL Server Unspecified Remote DoS (2011-2262)
6588| [78375] Oracle MySQL Server Unspecified Local DoS
6589| [78374] Oracle MySQL Server Unspecified Remote Issue (2012-0075)
6590| [78373] Oracle MySQL Server Unspecified Local Issue
6591| [78372] Oracle MySQL Server Unspecified Remote Information Disclosure
6592| [78371] Oracle MySQL Server Unspecified Remote Issue (2012-0496)
6593| [78370] Oracle MySQL Server Unspecified Remote Issue (2012-0118)
6594| [78369] Oracle MySQL Server Unspecified Remote Issue (2012-0116)
6595| [78368] Oracle MySQL Server Unspecified Remote Issue (2012-0113)
6596| [78283] Oracle MySQL NULL Pointer Dereference Packet Parsing Remote DoS
6597| [77042] e107 CMS install_.php MySQL Server Name Parsing Remote PHP Code Execution
6598| [77040] DBD::mysqlPP Unspecified SQL Injection
6599| [75888] TaskFreak! multi-mysql Multiple Script Direct Request Path Disclosure
6600| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
6601| [73555] Prosody MySQL Value Column Invalid Data Type Handling DoS
6602| [73387] Zend Framework PDO_MySql Character Set Security Bypass
6603| [72836] Arctic Fox CMS Multiple Script Direct Request MySQL Settings Disclosure
6604| [72660] MySQL GUI Tools Administrator / Query Browser Command Line Credentials Local Disclosure
6605| [72120] DirectAdmin mysql_backups Folder MySQL Database Backup Local Disclosure
6606| [71368] Accellion File Transfer Appliance Weak MySQL root Password
6607| [70967] MySQL Eventum Admin User Creation CSRF
6608| [70966] MySQL Eventum preferences.php full_name Parameter XSS
6609| [70961] MySQL Eventum list.php Multiple Parameter XSS
6610| [70960] MySQL Eventum forgot_password.php URI XSS
6611| [70947] PyWebDAV DAVServer/mysqlauth.py get_userinfo() Multiple Parameter SQL Injection
6612| [70610] PHP MySQLi Extension set_magic_quotes_runtime Function mysqli_fetch_assoc Function Interaction Weakness
6613| [69885] SilverStripe modules/sapphire/trunk/core/model/MySQLDatabase.php showqueries Parameter SQL Command Disclosure
6614| [69395] MySQL Derived Table Grouping DoS
6615| [69394] MySQL Temporary Table Expression Re-Evaluation DoS
6616| [69393] MySQL GROUP_CONCAT() WITH ROLLUP Modifier DoS
6617| [69392] MySQL Extreme-Value Functions Mixed Arguments DoS
6618| [69391] MySQL Stored Procedures / Prepared Statements Nested Joins DoS
6619| [69390] MySQL Extreme-Value Functions Argument Parsing Type Error DoS
6620| [69389] MySQL CONVERT_TZ() Function Empty SET Column DoS
6621| [69388] MySQL InnoDB Storage Engine Table Handling Overflow
6622| [69387] MySQL LIKE Predicates Pre-Evaluation DoS
6623| [69001] MySQL PolyFromWKB() Function WKB Data Remote DoS
6624| [69000] MySQL HANDLER Interface Unspecified READ Request DoS
6625| [68997] MySQL Prepared-Statement Mode EXPLAIN DoS
6626| [68996] MySQL EXPLAIN EXTENDED Statement DoS
6627| [68995] MySQL GeometryCollection non-Geometry Value Assignment DoS
6628| [67488] phpMyAdmin libraries/dbi/mysqli.dbi.lib.php Unspecified Parameter XSS
6629| [67487] phpMyAdmin libraries/dbi/mysql.dbi.lib.php Unspecified Parameter XSS
6630| [67421] PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_rset_header_read Function Overflow
6631| [67420] PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_ok_read Function Arbitrary Memory Content Disclosure
6632| [67419] PHP Mysqlnd Extension php_mysqlnd_read_error_from_line Function Negative Buffer Length Value Overflow
6633| [67418] PHP Mysqlnd Extension php_mysqlnd_auth_write Function Multiple Overflows
6634| [67384] MySQL LOAD DATA INFILE Statement Incorrect OK Packet DoS
6635| [67383] MySQL EXPLAIN Statement Item_singlerow_subselect::store Function NULL Dereference DoS
6636| [67381] MySQL InnoDB Temporary Table Handling DoS
6637| [67380] MySQL BINLOG Statement Unspecified Argument DoS
6638| [67379] MySQL Multiple Operation NULL Argument Handling DoS
6639| [67378] MySQL Unique SET Column Join Statement Remote DoS
6640| [67377] MySQL DDL Statement Multiple Configuration Parameter DoS
6641| [66800] PHP Multiple mysqlnd_* Function Unspecified Overflow
6642| [66799] PHP mysqlnd Error Packet Handling Multiple Overflows
6643| [66731] PHP Bundled MySQL Library Unspecified Issue
6644| [66665] PHP MySQL LOAD DATA LOCAL open_basedir Bypass
6645| [65851] MySQL ALTER DATABASE #mysql50# Prefix Handling DoS
6646| [65450] phpGraphy mysql_cleanup.php include_path Parameter Remote File Inclusion
6647| [65085] MySQL Enterprise Monitor Unspecified CSRF
6648| [64843] MySQL DROP TABLE Command Symlink MyISAM Table Local Data Deletion
6649| [64588] MySQL sql/net_serv.cc my_net_skip_rest Function Large Packet Handling Remote DoS
6650| [64587] MySQL COM_FIELD_LIST Command Packet Table Name Argument Overflow
6651| [64586] MySQL COM_FIELD_LIST Command Packet Authentication Bypass
6652| [64524] Advanced Poll misc/get_admin.php mysql_host Parameter XSS
6653| [64447] Tirzen Framework (TZN) tzn_mysql.php Username Parameter SQL Injection Authentication Bypass
6654| [64320] ClanSphere MySQL Driver s_email Parameter SQL Injection
6655| [63903] MySQL sql/sql_plugin.cc mysql_uninstall_plugin Function UNINSTALL PLUGIN Command Privilege Check Weakness
6656| [63115] Quicksilver Forums mysqldump Process List Database Password Disclosure
6657| [62830] Employee Timeclock Software mysqldump Command-line Database Password Disclosure
6658| [62640] PHP mysqli_real_escape_string() Function Error Message Path Disclosure
6659| [62216] Flex MySQL Connector ActionScript SQL Query Arbitrary Code Execution
6660| [61752] kiddog_mysqldumper Extension for TYPO3 Unspecified Information Disclosure
6661| [61497] microTopic admin/mysql.php rating Parameter SQL Injection
6662| [60665] MySQL CREATE TABLE MyISAM Table mysql_unpacked_real_data_home Local Restriction Bypass
6663| [60664] MySQL sql/sql_table.cc Data Home Directory Symlink CREATE TABLE Access Restriction Bypass
6664| [60516] RADIO istek scripti estafresgaftesantusyan.inc Direct Request MySQL Database Credentials Disclosure
6665| [60489] MySQL GeomFromWKB() Function First Argument Geometry Value Handling DoS
6666| [60488] MySQL SELECT Statement WHERE Clause Sub-query DoS
6667| [60487] MySQL vio_verify_callback() Function Crafted Certificate MiTM Weakness
6668| [60356] MySql Client Library (libmysqlclient) mysql_real_connect Function Local Overflow
6669| [59907] MySQL on Windows bind-address Remote Connection Weakness
6670| [59906] MySQL on Windows Default Configuration Logging Weakness
6671| [59616] MySQL Hashed Password Weakness
6672| [59609] Suckbot mod_mysql_logger Shared Object Unspecified Remote DoS
6673| [59495] Cyrus SASL LDAP / MySQL Authentication Patch password Field SQL Injection Authentication Bypass
6674| [59062] phpMyAdmin Extension for TYPO3 MySQL Table Name Unspecified XSS
6675| [59045] phpMyAdmin Crafted MYSQL Table Name XSS
6676| [59030] mysql-ocaml for MySQL mysql_real_escape_string() Function Character Escaping Weakness
6677| [57587] Zmanda Recovery Manager for MySQL socket-server.pl system() Function Local Privilege Escalation
6678| [57586] Zmanda Recovery Manager for MySQL socket-server.pl system() Function Remote Shell Command Execution
6679| [56741] MySQL Connector/J Unicode w/ SJIS/Windows-31J Charset SQL Injection
6680| [56134] Virtualmin MySQL Module Execute SQL Feature Arbitrary File Access
6681| [55734] MySQL sql_parse.cc dispatch_command() Function Format String DoS
6682| [55566] MySQL Connector/NET SSL Certificate Verification Weakness
6683| [53525] MyBlog /config/mysqlconnection.inc Direct Request Information Disclosure
6684| [53524] blog+ includes/window_top.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
6685| [53523] blog+ includes/block_center_down.php row_mysql_blocks_center_down[file] Parameter Traversal Local File Inclusion
6686| [53522] blog+ includes/block_center_top.php row_mysql_blocks_center_top[file] Parameter Traversal Local File Inclusion
6687| [53521] blog+ includes/block_left.php row_mysql_blocks_left[file] Parameter Traversal Local File Inclusion
6688| [53520] blog+ includes/block_right.php row_mysql_blocks_right[file] Parameter Traversal Local File Inclusion
6689| [53519] blog+ includes/window_down.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
6690| [53366] GEDCOM_TO_MYSQL php/info.php Multiple Parameter XSS
6691| [53365] GEDCOM_TO_MYSQL php/index.php nom_branche Parameter XSS
6692| [53364] GEDCOM_TO_MYSQL php/prenom.php Multiple Parameter XSS
6693| [53360] Blogplus includes/window_top.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
6694| [53359] Blogplus includes/window_down.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
6695| [53358] Blogplus includes/block_right.php row_mysql_blocks_right[file] Parameter Traversal Local File Inclusion
6696| [53357] Blogplus includes/block_left.php row_mysql_blocks_left[file] Parameter Traversal Local File Inclusion
6697| [53356] Blogplus block_center_top.php row_mysql_blocks_center_top[file] Parameter Traversal Local File Inclusion
6698| [53355] Blogplus includes/block_center_down.php row_mysql_blocks_center_down[file] Parameter Traversal Local File Inclusion
6699| [53110] XOOPS Cube Legacy ErrorHandler::show() Function MySQL Error Message XSS
6700| [52729] Asterisk-addon cdr_addon_mysql.c Call Detail Record SQL Injection
6701| [52728] Tribox cdr_addon_mysql.c Call Detail Record XSS
6702| [52727] FreePBX cdr_addon_mysql.c Call Detail Record XSS
6703| [52726] Areski cdr_addon_mysql.c Call Detail Record XSS
6704| [52464] MySQL charset Column Truncation Weakness
6705| [52453] MySQL sql/item_xmlfunc.cc ExtractValue() / UpdateXML() Functions Scalar XPath DoS
6706| [52378] Cisco ANM MySQL root Account Default Password
6707| [52264] Broadcast Machine MySQLController.php controllers/baseDir Parameter Remote File Inclusion
6708| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
6709| [51171] MySQL InnoDB convert_search_mode_to_innobase Function DoS
6710| [50892] MySQL Calendar index.php username Parameter SQL Injection
6711| [50827] Nodstrum MySQL Calendar nodstrumCalendarV2 Cookie Manipulation Admin Authentication Bypass
6712| [49875] PromoteWeb MySQL go.php id Parameter SQL Injection
6713| [48710] MySQL Command Line Client HTML Output XSS
6714| [48709] MySQL Quick Admin actions.php lang Parameter Traversal Local File Inclusion
6715| [48708] MySQL Quick Admin index.php language Cookie Traversal Local File Inclusion
6716| [48021] MySQL Empty Bit-String Literal Token SQL Statement DoS
6717| [47789] mysql-lists Unspecified XSS
6718| [47394] Keld PHP-MySQL News Script login.php username Parameter SQL Injection
6719| [45073] MySQLDumper Extension for TYPO3 Unspecified Authentication Bypass
6720| [44937] MySQL MyISAM Table CREATE TABLE Privilege Check Bypass
6721| [44138] Debian GNU/Linux libdspam7-drv-mysql Cron MySQL dspam Database Password Local Disclosure
6722| [44071] Phorum /include/db/mysql.php Unspecified Search SQL Injection
6723| [43180] MySQL sql_select.cc INFORMATION_SCHEMA Table Crafted Query Remote DoS
6724| [43179] MySQL Server BINLOG Statement Rights Checking Failure
6725| [42610] MySQL DEFINER View Value Crafted Statements Remote Privilege Escalation
6726| [42609] MySQL Federated Engine SHOW TABLE STATUS Query Remote DoS
6727| [42608] MySQL RENAME TABLE Symlink System Table Overwrite
6728| [42607] MySQL Multiple table-level DIRECTORY Remote Privilege Escalation
6729| [42460] MySQLDumper HTTP POST Request Remote Authentication Bypass
6730| [42423] AdventNet EventLog Analyzer MySQL Installation Default root Account
6731| [41861] Bacula make_catalog_backup Function MySQL Director Password Cleartext Disclosure
6732| [40232] PHP MySQL Banner Exchange inc/lib.inc Direct Request Database Disclosure
6733| [40188] Password Manager Pro (PMP) mysql Unspecified Remote Command Injection
6734| [39279] PHP mysql_error() Function XSS
6735| [39145] aurora framework db_mysql.lib pack_var() value Parameter SQL Injection
6736| [38567] NetClassifieds Mysql_db.php Halt_On_Error Setting Error Message Path Disclosure
6737| [38112] Excel Parser Pro sample/xls2mysql parser_path Parameter Remote File Inclusion
6738| [37880] Asterisk-Addons source/destination Numbers cdr_addon_mysql Module SQL Injection
6739| [37784] PHP MySQL Extension Multiple Function Security Restriction Bypass
6740| [37783] MySQL Community Server CREATE TABLE LIKE Table Structure Disclosure
6741| [37782] MySQL Community Server External Table View Privilege Escalation
6742| [37781] MySQL ALTER TABLE Information Disclosure
6743| [37539] GPL PHP Board db.mysql.inc.php root_path Parameter Remote File Inclusion
6744| [37195] Eve-Nuke Module for PHP-Nuke db/mysql.php phpbb_root_path
6745| [37015] paBugs class.mysql.php path_to_bt_dir Parameter Remote File Inclusion
6746| [36868] PHP MySQLi Extension LOCAL INFILE Operation Security Restriction Bypass
6747| [36867] PHP MySQL Extension LOCAL INFILE Operation Security Restriction Bypass
6748| [36771] InterWorx-CP SiteWorx mysql.php PATH_INFO Parameter XSS
6749| [36757] InterWorx-CP NodeWorx mysql.php PATH_INFO Parameter XSS
6750| [36732] MySQL Community Server Connection Protocol Malformed Password Packet Remote DoS
6751| [36251] Associated Press (AP) Newspower Default MySQL root Password
6752| [35168] Study Planner (Studiewijzer) db/mysql/db.inc.php SPL_CFG[dirroot] Parameter Remote File Inclusion
6753| [35037] Fantastico for cPanel includes/mysqlconfig.php fantasticopath Parameter Traversal Local File Inclusion
6754| [34780] Backup Manager Command Line Cleartext MySQL Password Disclosure
6755| [34766] MySQL RENAME TABLE Statement Arbitrary Table Name Modification
6756| [34765] MySQL mysql_change_db Function THD::db_access Privilege Escalation
6757| [34734] MySQL Crafted IF Clause Divide-by-zero NULL Dereference DoS
6758| [34038] MySQL Commander ressourcen/dbopen.php home Parameter Remote File Inclusion
6759| [33974] MySQL information_schema Table Subselect Single-Row DoS
6760| [33678] MySQLNewsEngine affichearticles.php3 newsenginedir Parameter Remote File Inclusion
6761| [33447] WGS-PPC (PPC Search Engine) config/mysql_config.php INC Parameter Remote File Inclusion
6762| [33372] deV!L'z Clanportal inc/filebrowser/browser.php MySQL Data Disclosure
6763| [33147] ActiveCalendar data/mysqlevents.php css Parameter XSS
6764| [32784] Storystream mysqli.php baseDir Parameter Remote File Inclusion
6765| [32783] Storystream mysql.php baseDir Parameter Remote File Inclusion
6766| [32421] Contenido CMS conlib/db_mysqli.inc Direct Request Path Disclosure
6767| [32272] JevonCMS /phplib/db_mysql.inc Direct Request Path Disclosure
6768| [32171] Blue Magic Board db_mysql_error.php Direct Request Path Disclosure
6769| [32056] BTSaveMySql Direct Request Config File Disclosure
6770| [32044] cPanel WebHost Manager (WHM) scripts/passwdmysql password Parameter XSS
6771| [32024] TikiWiki tiki-wiki_rss.php ver MySQL Credential Disclosure
6772| [31963] Agora MysqlfinderAdmin.php _SESSION[PATH_COMPOSANT] Parameter Remote File Inclusion
6773| [31431] ZoomStats libs/dbmax/mysql.php GLOBALS[lib][db][path] Parameter Remote File Inclusion
6774| [30172] TikiWiki Multiple Script Empty sort_mode Parameter MySQL Authentication Credential Disclosure
6775| [29696] MySQLDumper sql.php db Parameter XSS
6776| [29453] ConPresso CMS db_mysql.inc.php msg Parameter XSS
6777| [29122] cPanel mysqladmin/hooksadmin Unspecified Privilege Escalation
6778| [28296] MySQL Crafted multiupdate / subselects Query Local DoS
6779| [28288] MySQL Instance_options::complete_initialization Function Overflow
6780| [28030] Tutti Nova class.novaRead.mysql.php TNLIB_DIR Parameter Remote File Inclusion
6781| [28029] Tutti Nova class.novaAdmin.mysql.php TNLIB_DIR Parameter Remote File Inclusion
6782| [28028] Tutti Nova class.novaEdit.mysql.php TNLIB_DIR Parameter Remote File Inclusion
6783| [28013] MySQL SUID Routine Miscalculation Arbitrary DML Statement Execution
6784| [28012] MySQL Case Sensitivity Unauthorized Database Creation
6785| [27919] MySQL VIEW Access information_schema.views Information Disclosure
6786| [27703] MySQL MERGE Table Privilege Persistence
6787| [27593] Drupal database.mysqli.inc Multiple Parameter SQL Injection
6788| [27549] Opsware NAS /etc/init.d/mysqll MySQL root Cleartext Password Local Disclosure
6789| [27416] MySQL Server time.cc date_format Function Format String
6790| [27054] MySQL mysqld str_to_date Function NULL Argument DoS
6791| [26923] PHP/MySQL Classifieds (PHP Classifieds) search.php rate Parameter SQL Injection
6792| [26922] PHP/MySQL Classifieds (PHP Classifieds) AddAsset1.php Multiple Field XSS
6793| [26822] Bee-hive Lite include/listall.inc.php mysqlcall Parameter Remote File Inclusion
6794| [26821] Bee-hive Lite conad/include/mysqlCall.inc.php config Parameter Remote File Inclusion
6795| [26820] Bee-hive Lite conad/logout.inc.php mysqlCall Parameter Remote File Inclusion
6796| [26819] Bee-hive Lite conad/login.inc.php mysqlCall Parameter Remote File Inclusion
6797| [26818] Bee-hive Lite conad/checkPasswd.inc.php mysqlCall Parameter Remote File Inclusion
6798| [26817] Bee-hive Lite conad/changeUserDetails.inc.php mysqlCall Parameter Remote File Inclusion
6799| [26816] Bee-hive Lite conad/changeEmail.inc.php mysqlCall Parameter Remote File Inclusion
6800| [26125] Open Searchable Image Catalogue core.php do_mysql_query Function Error Message XSS
6801| [26123] Open Searchable Image Catalogue core.php do_mysql_query Function SQL Injection
6802| [25987] MySQL Multibyte Encoding SQL Injection Filter Bypass
6803| [25908] Drupal database.mysql.inc Multiple Parameter SQL Injection
6804| [25595] Apple Mac OS X MySQL Manager Blank root Password
6805| [25228] MySQL Crafted COM_TABLE_DUMP Request Arbitrary Memory Disclosure
6806| [25227] MySQL COM_TABLE_DUMP Packet Overflow
6807| [25226] MySQL Malformed Login Packet Remote Memory Disclosure
6808| [24245] Cholod Mysql Based Message Board Unspecified XSS
6809| [24244] Cholod Mysql Based Message Board mb.cgi showmessage Action SQL Injection
6810| [23963] WoltLab Burning Board class_db_mysql.php SQL Error Message XSS
6811| [23915] Netcool/NeuSecure MySQL Database Connection Restriction Bypass
6812| [23611] Aztek Forum index.php msg Variable Forced MySQL Error Information Disclosure
6813| [23526] MySQL Query NULL Charcter Logging Bypass
6814| [23157] PHP/MYSQL Timesheet changehrs.php Multiple Parameter SQL Injection
6815| [23156] PHP/MYSQL Timesheet index.php Multiple Parameter SQL Injection
6816| [22995] PAM-MySQL Authentication pam_get_item() Function Unspecified Privilege Escalation
6817| [22994] PAM-MySQL SQL Logging Facility Segfault DoS
6818| [22485] Recruitment Software admin/site.xml MySQL Authentication Credential Disclosure
6819| [22479] PHP mysqli Extension Error Message Format String
6820| [22232] PHP Pipe Variable mysql_connect() Function Overflow
6821| [21685] MySQL Auction Search Module keyword XSS
6822| [20698] Campsite notifyendsubs Cron MySQL Password Cleartext Remote Disclosure
6823| [20145] Proofpoint Protection Server Embedded MySQL Server Unpassworded root Account
6824| [19457] aMember Pro mysql.inc.php Remote File Inclusion
6825| [19377] MAXdev MD-Pro /MySQL_Tools/admin.php Path Disclosure
6826| [18899] MySQL UDF Library Arbitrary Function Load Privilege Escalation
6827| [18898] MySQL UDF LoadLibraryEx Function Nonexistent Library Load DoS
6828| [18897] MySQL on Windows UDF Create Function Traversal Privilege Escalation
6829| [18896] MySQL User-Defined Function init_syms() Function Overflow
6830| [18895] MySQL libmysqlclient.so host Parameter Remote Overflow
6831| [18894] MySQL drop database Request Remote Overflow
6832| [18622] FunkBoard mysql_install.php Email Field Arbitrary PHP Code Injection
6833| [18620] FunkBoard mysql_install.php Admin/Database Password Manipulation
6834| [18406] MySQL Eventum releases.php SQL Injection
6835| [18405] MySQL Eventum custom_fields_graph.php SQL Injection
6836| [18404] MySQL Eventum custom_fields.php SQL Injection
6837| [18403] MySQL Eventum login.php email Parameter SQL Injection Authentication Bypass
6838| [18402] MySQL Eventum get_jsrs_data.php F Parameter XSS
6839| [18401] MySQL Eventum list.php release Parameter XSS
6840| [18400] MySQL Eventum view.php id Parameter XSS
6841| [18173] MySQL on Windows USE Command MS-DOS Device Name DoS
6842| [17801] Bugzilla MySQL Replication Race Condition Information Disclosure
6843| [17223] xMySQLadmin Symlink Arbitrary File Deletion
6844| [16727] MySQL Nonexistent '--user' Error Incorrect Privilege Database Invocation
6845| [16689] MySQL mysql_install_db Symlink Arbitrary File Overwrite
6846| [16056] Plans Unspecified mySQL Remote Password Disclosure
6847| [15993] MySQL MaxDB Webtool Remote getIfHeader() WebDAV Function Remote Overflow
6848| [15817] MySQL MaxDB Web Tool getLockTokenHeader() Function Remote Overflow
6849| [15816] MySQL MaxDB Web Administration Service Malformed GET Request Overflow
6850| [15451] paNews auth.php mysql_prefix Parameter SQL Injection
6851| [14748] MySQL MS-DOS Device Names Request DoS
6852| [14678] MySQL CREATE FUNCTION Arbitrary libc Code Execution
6853| [14677] MySQL CREATE FUNCTION mysql.func Table Arbitrary Library Injection
6854| [14676] MySQL CREATE TEMPORARY TABLE Symlink Privilege Escalation
6855| [14386] phpMyAdmin mysqli.dbi.lib.php Path Disclosure
6856| [14052] Symantec Brightmail AntiSpam Multiple Default MySQL Accounts
6857| [13086] MySQL MaxDB Web Agent Malformed HTTP Header DoS
6858| [13085] MySQL MaxDB Web Agent WebDAV sapdbwa_GetUserData() Function Remote DoS
6859| [13013] MySQL mysqlaccess.sh Symlink Arbitrary File Manipulation
6860| [12919] MySQL MaxDB WebAgent websql Remote Overflow
6861| [12779] MySQL User Defined Function Privilege Escalation
6862| [12609] MySQL Eventum projects.php Multiple Parameter XSS
6863| [12608] MySQL Eventum preferences.php Multiple Parameter XSS
6864| [12607] MySQL Eventum forgot_password.php email Parameter XSS
6865| [12606] MySQL Eventum index.php email Parameter XSS
6866| [12605] MySQL Eventum Default Vendor Account
6867| [12275] MySQL MaxDB Web Tools wahttp Nonexistent File Request DoS
6868| [12274] MySQL MaxDB Web Tools WebDAV Handler Remote Overflow
6869| [11689] Roxen Web Server MySQL Socket Permission Weakness
6870| [10985] MySQL MATCH..AGAINST Query DoS
6871| [10959] MySQL GRANT ALL ON Privilege Escalation
6872| [10660] MySQL ALTER TABLE/RENAME Forces Old Permission Checks
6873| [10659] MySQL ALTER MERGE Tables to Change the UNION DoS
6874| [10658] MySQL mysql_real_connect() Function Remote Overflow
6875| [10532] MySQL MaxDB webdbm Server Field DoS
6876| [10491] AWS MySQLguest AWSguest.php Script Insertion
6877| [10244] MySQL libmysqlclient Prepared Statements API Overflow
6878| [10226] MySQLGuest AWSguest.php Multiple Field XSS
6879| [9912] PHP safe_mode MySQL Database Access Restriction Bypass
6880| [9911] Inter7 vpopmail MySQL Module Authentication Credential Disclosure
6881| [9910] MySQL mysql_change_user() Double-free Memory Pointer DoS
6882| [9909] MySQL datadir/my.cnf Modification Privilege Escalation
6883| [9908] MySQL my.ini Initialization File datadir Parameter Overflow
6884| [9907] MySQL SELECT Statement String Handling Overflow
6885| [9906] MySQL GRANT Privilege Arbitrary Password Modification
6886| [9509] teapop MySQL Authentication Module SQL Injection
6887| [9018] MySQL Backup Pro getbackup() Method Unspecified Issue
6888| [9015] MySQL mysqlhotcopy Insecure Temporary File Creation
6889| [8997] Cacti config.php MySQL Authentication Credential Cleartext Disclosure
6890| [8979] MySQL SHOW GRANTS Encrypted Password Disclosure
6891| [8889] MySQL COM_TABLE_DUMP Package Negative Integer DoS
6892| [8888] MySQL COM_CHANGE_USER Command Long Repsonse Overflow
6893| [8887] MySQL COM_CHANGE_USER Command One Character Password Brute Force
6894| [8886] MySQL libmysqlclient Library read_one_row Overflow
6895| [8885] MySQL libmysqlclient Library read_rows Overflow
6896| [7476] MySQL Protocol 4.1 Authentication Scramble String Overflow
6897| [7475] MySQL Zero-length Scrambled String Crafted Packet Authentication Bypass
6898| [7245] MySQL Pluggable Authentication Module (pam_mysql) Password Disclosure
6899| [7128] MySQL show database Database Name Exposure
6900| [6716] MySQL Database Engine Weak Authentication Information Disclosure
6901| [6605] MySQL mysqld Readable Log File Information Disclosure
6902| [6443] PowerPhlogger db_dump.php View Arbitrary mySQL Dump
6903| [6421] MySQL mysqld_multi Symlink Arbitrary File Overwrite
6904| [6420] MySQL mysqlbug Symlink Arbitrary File Overwrite
6905| [2537] MySQL sql_acl.cc get_salt_from_password Function Password Handling Remote Overflow
6906| [2144] WinMySQLadmin my.ini Cleartext Password Disclosure
6907| [653] PCCS-Linux MySQL Database Admin Tool Authentication Credential Disclosure
6908| [520] MySQL Database Name Traversal Arbitrary File Modification
6909| [380] MySQL Server on Windows Default Null Root Password
6910| [261] MySQL Short Check String Authentication Bypass
6911|_
6912Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
6913Aggressive OS guesses: Linux 3.10 - 4.11 (95%), Linux 3.2 - 4.9 (95%), Linux 3.16 (95%), Linux 3.18 (94%), ASUS RT-N56U WAP (Linux 3.4) (94%), Oracle VM Server 3.4.2 (Linux 4.1) (92%), Linux 3.1 (92%), Linux 3.2 (92%), Linux 3.12 (92%), Linux 3.13 (92%)
6914No exact OS matches for host (test conditions non-ideal).
6915Network Distance: 13 hops
6916
6917TRACEROUTE (using port 3306/tcp)
6918HOP RTT ADDRESS
69191 37.54 ms 10.242.204.1
69202 40.11 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
69213 39.35 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
69224 31.99 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
69235 60.76 ms motl-b1-link.telia.net (62.115.162.41)
69246 ...
69257 159.00 ms ldn-bb4-link.telia.net (62.115.112.245)
69268 140.88 ms hbg-bb4-link.telia.net (62.115.122.160)
69279 140.92 ms nug-b1-link.telia.net (62.115.113.175)
692810 140.92 ms hetzner-ic-340780-nug-b1.c.telia.net (213.248.70.1)
692911 159.01 ms core23.fsn1.hetzner.com (213.239.252.230)
693012 159.03 ms ex9k2.dc10.fsn1.hetzner.com (213.239.229.58)
693113 159.01 ms ns1.akinmedya.com (144.76.114.219)
6932######################################################################################################################################
6933Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-24 19:20 EST
6934Nmap scan report for ns1.akinmedya.com (144.76.114.219)
6935Host is up (0.19s latency).
6936
6937PORT STATE SERVICE VERSION
69383389/tcp open ms-wbt-server xrdp
6939| rdp-enum-encryption:
6940| Security layer
6941| CredSSP (NLA): SUCCESS
6942| CredSSP with Early User Auth: SUCCESS
6943| Native RDP: SUCCESS
6944| RDSTLS: SUCCESS
6945| SSL: SUCCESS
6946| RDP Encryption level: High
6947| 128-bit RC4: SUCCESS
6948|_ RDP Protocol Version: RDP 5.x, 6.x, 7.x, or 8.x server
6949|_rdp-vuln-ms12-020: ERROR: Script execution failed (use -d to debug)
6950| vulscan: VulDB - https://vuldb.com:
6951| [98230] xrdp 0.9.1 PAM Session Module auth_start_session privilege escalation
6952| [45914] xrdp 0.3/0.3.1/0.3.2/0.4/0.4.1 rdp_rdp_process_color_pointer_pdu memory corruption
6953| [45913] xrdp 0.3/0.3.1/0.3.2/0.4/0.4.1 xrdp_bitmap_def_proc memory corruption
6954| [45912] xrdp 0.3/0.3.1/0.3.2/0.4/0.4.1 xrdp_bitmap_invalidate memory corruption
6955|
6956| MITRE CVE - https://cve.mitre.org:
6957| [CVE-2010-3376] The (1) proofserv, (2) xrdcp, (3) xrdpwdadmin, and (4) xrd scripts in ROOT 5.18/00 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
6958| [CVE-2008-5904] The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow.
6959| [CVE-2008-5903] Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via vectors that manipulate the value of the edit_pos structure member.
6960| [CVE-2008-5902] Buffer overflow in the xrdp_bitmap_invalidate function in xrdp/xrdp_bitmap.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via a crafted request.
6961|
6962| SecurityFocus - https://www.securityfocus.com/bid/:
6963| [94958] xrdp CVE-2013-1430 Information Disclosure Vulnerability
6964| [72667] xrdp 'sesman/verify_user.c' Remote Denial of Service Vulnerability
6965| [33371] xrdp 'xrdp_bitmap_def_proc()' Memory Corruption Vulnerability
6966| [32565] xrdp Multiple Buffer Overflow Vulnerabilities
6967|
6968| IBM X-Force - https://exchange.xforce.ibmcloud.com:
6969| [48094] xrdp rdp_rdp_process_color_pointer_pdu buffer overflow
6970| [48093] xrdp xrdp_bitmap_def_proc code execution
6971| [47004] xrdp xrdp_bitmap_invalidate() buffer overflow
6972|
6973| Exploit-DB - https://www.exploit-db.com:
6974| [8469] XRDP <= 0.4.1 - Remote Buffer Overflow PoC (pre-auth)
6975|
6976| OpenVAS (Nessus) - http://www.openvas.org:
6977| No findings
6978|
6979| SecurityTracker - https://www.securitytracker.com:
6980| No findings
6981|
6982| OSVDB - http://www.osvdb.org:
6983| [53313] xrdp rdp/rdp_rdp.c rdp_rdp_process_color_pointer_pdu Function Unspecified Remote Overflow
6984| [51558] xrdp xrdp/funcs.c xrdp_bitmap_def_proc Function Arbitrary Code Execution
6985| [51407] xrdp xrdp/xrdp_bitmap.c xrdp_bitmap_invalidate Function Remote Overflow
6986|_
6987Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
6988Aggressive OS guesses: Linux 3.10 - 4.11 (95%), Linux 3.18 (95%), Linux 3.2 - 4.9 (95%), Linux 3.16 (95%), ASUS RT-N56U WAP (Linux 3.4) (94%), Oracle VM Server 3.4.2 (Linux 4.1) (92%), Linux 3.1 (92%), Linux 3.2 (92%), Linux 3.12 (92%), Linux 3.13 (92%)
6989No exact OS matches for host (test conditions non-ideal).
6990Network Distance: 13 hops
6991
6992TRACEROUTE (using port 3389/tcp)
6993HOP RTT ADDRESS
69941 43.18 ms 10.242.204.1
69952 48.50 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
69963 51.42 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
69974 179.35 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
69985 205.38 ms motl-b1-link.telia.net (62.115.162.41)
69996 132.84 ms nyk-bb3-link.telia.net (62.115.137.142)
70007 304.57 ms ldn-bb4-link.telia.net (62.115.112.245)
70018 285.98 ms hbg-bb4-link.telia.net (62.115.122.160)
70029 304.65 ms nug-b1-link.telia.net (62.115.113.175)
700310 304.70 ms hetzner-ic-340780-nug-b1.c.telia.net (213.248.70.1)
700411 304.70 ms core23.fsn1.hetzner.com (213.239.252.230)
700512 190.78 ms ex9k2.dc10.fsn1.hetzner.com (213.239.229.62)
700613 286.12 ms ns1.akinmedya.com (144.76.114.219)
7007#######################################################################################################################################
7008ATTENTION! The server uses and invalid security certificate which can not be trusted for
7009the following identified reasons(s);
7010
7011 1. Certificate issuer is not trusted by this system.
7012
7013 Issuer: CN=XRDP
7014
7015
7016Review the following certificate info before you trust it to be added as an exception.
7017If you do not trust the certificate the connection atempt will be aborted:
7018
7019 Subject: CN=XRDP
7020 Issuer: CN=XRDP
7021 Valid From: Wed Oct 16 09:35:56 2019
7022 To: Mon Oct 15 09:35:56 2029
7023
7024 Certificate fingerprints:
7025
7026 sha1: db2a99b3e0c465ad4c3977f5624c71af7756b0de
7027 sha256: 84ecad85369b65a96bb7bb161050936665640dfff109ea02305a7638e3d6a03d
7028
7029--------------------------------------------------------
7030<<<Yasuo discovered following vulnerable applications>>>
7031--------------------------------------------------------
7032+----------+----------------------------------+----------------------------------------------+----------+----------+
7033| App Name | URL to Application | Potential Exploit | Username | Password |
7034+----------+----------------------------------+----------------------------------------------+----------+----------+
7035| SVN | https://144.76.114.219:443/.svn/ | ./auxiliary/scanner/http/svn_wcdb_scanner.rb | | |
7036+----------+----------------------------------+----------------------------------------------+----------+----------+
7037####################################################################################################################################
7038Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-24 19:24 EST
7039NSE: Loaded 47 scripts for scanning.
7040NSE: Script Pre-scanning.
7041Initiating NSE at 19:24
7042Completed NSE at 19:24, 0.00s elapsed
7043Initiating NSE at 19:24
7044Completed NSE at 19:24, 0.00s elapsed
7045Initiating Parallel DNS resolution of 1 host. at 19:24
7046Completed Parallel DNS resolution of 1 host. at 19:24, 0.02s elapsed
7047Initiating SYN Stealth Scan at 19:24
7048Scanning ns1.akinmedya.com (144.76.114.219) [65535 ports]
7049Discovered open port 80/tcp on 144.76.114.219
7050Discovered open port 110/tcp on 144.76.114.219
7051Discovered open port 3306/tcp on 144.76.114.219
7052Discovered open port 995/tcp on 144.76.114.219
7053Discovered open port 443/tcp on 144.76.114.219
7054Discovered open port 53/tcp on 144.76.114.219
7055Discovered open port 3389/tcp on 144.76.114.219
7056Discovered open port 21/tcp on 144.76.114.219
7057Discovered open port 993/tcp on 144.76.114.219
7058Discovered open port 143/tcp on 144.76.114.219
7059Discovered open port 587/tcp on 144.76.114.219
7060SYN Stealth Scan Timing: About 6.87% done; ETC: 19:31 (0:07:00 remaining)
7061SYN Stealth Scan Timing: About 9.31% done; ETC: 19:35 (0:09:54 remaining)
7062SYN Stealth Scan Timing: About 11.74% done; ETC: 19:37 (0:11:24 remaining)
7063SYN Stealth Scan Timing: About 14.25% done; ETC: 19:38 (0:12:08 remaining)
7064SYN Stealth Scan Timing: About 17.13% done; ETC: 19:39 (0:12:54 remaining)
7065Discovered open port 2087/tcp on 144.76.114.219
7066SYN Stealth Scan Timing: About 30.02% done; ETC: 19:39 (0:11:00 remaining)
7067SYN Stealth Scan Timing: About 33.90% done; ETC: 19:39 (0:10:10 remaining)
7068Discovered open port 7080/tcp on 144.76.114.219
7069SYN Stealth Scan Timing: About 43.51% done; ETC: 19:40 (0:09:22 remaining)
7070Discovered open port 2080/tcp on 144.76.114.219
7071Discovered open port 2086/tcp on 144.76.114.219
7072SYN Stealth Scan Timing: About 49.35% done; ETC: 19:40 (0:08:29 remaining)
7073SYN Stealth Scan Timing: About 56.26% done; ETC: 19:41 (0:07:38 remaining)
7074Discovered open port 64918/tcp on 144.76.114.219
7075Discovered open port 2079/tcp on 144.76.114.219
7076SYN Stealth Scan Timing: About 62.10% done; ETC: 19:41 (0:06:43 remaining)
7077Discovered open port 2077/tcp on 144.76.114.219
7078SYN Stealth Scan Timing: About 68.52% done; ETC: 19:42 (0:05:48 remaining)
7079Stats: 0:13:43 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
7080SYN Stealth Scan Timing: About 73.65% done; ETC: 19:42 (0:04:55 remaining)
7081SYN Stealth Scan Timing: About 79.03% done; ETC: 19:42 (0:03:55 remaining)
7082Discovered open port 2095/tcp on 144.76.114.219
7083SYN Stealth Scan Timing: About 84.20% done; ETC: 19:42 (0:02:55 remaining)
7084Discovered open port 2078/tcp on 144.76.114.219
7085Discovered open port 465/tcp on 144.76.114.219
7086SYN Stealth Scan Timing: About 89.35% done; ETC: 19:42 (0:01:56 remaining)
7087SYN Stealth Scan Timing: About 94.44% done; ETC: 19:42 (0:01:00 remaining)
7088Discovered open port 2096/tcp on 144.76.114.219
7089Discovered open port 2083/tcp on 144.76.114.219
7090Discovered open port 2082/tcp on 144.76.114.219
7091Completed SYN Stealth Scan at 19:42, 1090.00s elapsed (65535 total ports)
7092Initiating Service scan at 19:42
7093Scanning 24 services on ns1.akinmedya.com (144.76.114.219)
7094Service scan Timing: About 70.83% done; ETC: 19:46 (0:01:03 remaining)
7095Completed Service scan at 19:45, 162.43s elapsed (24 services on 1 host)
7096Initiating OS detection (try #1) against ns1.akinmedya.com (144.76.114.219)
7097Retrying OS detection (try #2) against ns1.akinmedya.com (144.76.114.219)
7098Initiating Traceroute at 19:45
7099Completed Traceroute at 19:45, 0.39s elapsed
7100Initiating Parallel DNS resolution of 13 hosts. at 19:45
7101Completed Parallel DNS resolution of 13 hosts. at 19:45, 0.20s elapsed
7102NSE: Script scanning 144.76.114.219.
7103Initiating NSE at 19:45
7104Completed NSE at 19:45, 41.29s elapsed
7105Initiating NSE at 19:45
7106Completed NSE at 19:45, 2.52s elapsed
7107Nmap scan report for ns1.akinmedya.com (144.76.114.219)
7108Host is up (0.19s latency).
7109Not shown: 65511 closed ports
7110PORT STATE SERVICE VERSION
711121/tcp open ftp Pure-FTPd
7112| vulscan: VulDB - https://vuldb.com:
7113| [102925] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface pureftpd.passwd HTTP Request privilege escalation
7114| [57510] Pureftpd Pure-FTPd up to 0.x Memory Consumption denial of service
7115| [57504] Pureftpd Pure-FTPd up to 0.x ftp_parser.c Cleartext unknown vulnerability
7116|
7117| MITRE CVE - https://cve.mitre.org:
7118| [CVE-2004-0656] The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.
7119|
7120| SecurityFocus - https://www.securityfocus.com/bid/:
7121| [10664] PureFTPd Accept_Client Remote Denial of Service Vulnerability
7122|
7123| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7124| No findings
7125|
7126| Exploit-DB - https://www.exploit-db.com:
7127| No findings
7128|
7129| OpenVAS (Nessus) - http://www.openvas.org:
7130| No findings
7131|
7132| SecurityTracker - https://www.securitytracker.com:
7133| [1010701] PureFTPd Logic Bug in accept_client() Lets Remote Users Crash the FTP Daemon
7134| [1008135] (Claim is Retracted) PureFTPd Buffer Overflow in displayrate() Lets Remote Users Crash the Service
7135| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
7136| [1001126] PureFTPd May Allow Remote Users to Deny Service on the Server
7137|
7138| OSVDB - http://www.osvdb.org:
7139| No findings
7140|_
714153/tcp open domain ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
7142| vulscan: VulDB - https://vuldb.com:
7143| [129818] ISC BIND up to 9.11.4/9.12.2 DDNS privilege escalation
7144| [129803] ISC BIND up to 9.11.1 Response Policy Zone Query Loop denial of service
7145| [129802] ISC BIND up to 9.11.0-P1 nxdomain-redirect Query Assertion denial of service
7146| [102965] ISC BIND up to 9.11.1-P1 TSIG weak authentication
7147| [102964] ISC BIND up to 9.11.1-P1 TSIG weak authentication
7148| [99868] ISC BIND up to 9.11.1rc2 Control Channel Crash denial of service
7149| [99867] ISC BIND up to 9.11.1rc1 DNS64 State Crash denial of service
7150| [99866] ISC BIND up to 9.11.1rc1 CNAME/DNAME Crash denial of service
7151| [96827] ISC BIND up to 9.11.1b1 RPZ/DNS64 State Error NULL Pointer Dereference denial of service
7152|
7153| MITRE CVE - https://cve.mitre.org:
7154| [CVE-2007-0494] ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.
7155| [CVE-2013-4869] Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0."
7156| [CVE-2013-4854] The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
7157| [CVE-2013-3919] resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone.
7158| [CVE-2013-3434] Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242.
7159| [CVE-2013-3433] Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276.
7160| [CVE-2013-3412] SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.
7161| [CVE-2013-3404] SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.
7162| [CVE-2013-3403] Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454.
7163| [CVE-2013-3402] An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.
7164| [CVE-2013-3382] The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device reload or traffic-processing outage) via fragmented (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCue88387.
7165| [CVE-2013-2266] libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
7166| [CVE-2013-1150] The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before 8.6(1.10), 8.7 before 8.7(1.4), 9.0 before 9.0(1.1), and 9.1 before 9.1(1.2) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCud16590.
7167| [CVE-2013-1139] The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134.
7168| [CVE-2013-1137] Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause a denial of service (CPU consumption) via crafted packets to the SIP TCP port, aka Bug ID CSCua89930.
7169| [CVE-2013-1134] The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against transaction records, and cause a denial of service (bandwidth-pool consumption and call outage), via unspecified vectors, aka Bug ID CSCub28920.
7170| [CVE-2013-0149] The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795.
7171| [CVE-2012-5689] ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.
7172| [CVE-2012-5688] ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
7173| [CVE-2012-5166] ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
7174| [CVE-2012-4244] ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.
7175| [CVE-2012-3868] Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.
7176| [CVE-2012-3817] ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2
7177| [CVE-2012-1667] ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.
7178| [CVE-2012-1328] Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237.
7179| [CVE-2012-1033] The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
7180| [CVE-2012-0882] Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
7181| [CVE-2011-5184] Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i 9.10 allow remote attackers to inject arbitrary web script or HTML via the (1) node parameter to nnm/mibdiscover
7182| [CVE-2011-4313] query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
7183| [CVE-2011-2465] Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.
7184| [CVE-2011-2464] Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
7185| [CVE-2011-1910] Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.
7186| [CVE-2011-1907] ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query.
7187| [CVE-2011-0414] ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update.
7188| [CVE-2010-3762] ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query.
7189| [CVE-2010-3615] named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism.
7190| [CVE-2010-3614] named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover.
7191| [CVE-2010-3613] named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.
7192| [CVE-2010-0382] ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.
7193| [CVE-2010-0290] Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.
7194| [CVE-2010-0218] ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query.
7195| [CVE-2010-0097] ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
7196| [CVE-2009-4022] Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
7197| [CVE-2009-2028] Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 have unknown impact and attack vectors, related to "Adobe internally discovered issues."
7198| [CVE-2009-1905] The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.
7199| [CVE-2009-0696] The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.
7200| [CVE-2009-0265] Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025.
7201| [CVE-2008-4163] Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors.
7202| [CVE-2008-0122] Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
7203| [CVE-2007-2926] ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.
7204| [CVE-2007-2925] The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.
7205| [CVE-2007-2241] Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.
7206| [CVE-2007-0493] Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."
7207| [CVE-2002-2037] The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and earlier, (2) VSC3000 9.1 and earlier, (3) PGW 2200 9.1 and earlier, (4) Billing and Management Server (BAMS) and (5) Voice Services Provisioning Tool (VSPT) runs on default installations of Solaris 2.6 with unnecessary services and without the latest security patches, which allows attackers to exploit known vulnerabilities.
7208| [CVE-2002-0400] ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.
7209| [CVE-2001-0497] dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
7210| [CVE-2000-0855] SunFTP build 9(1) allows remote attackers to cause a denial of service by connecting to the server and disconnecting before sending a newline.
7211| [CVE-2000-0368] Classic Cisco IOS 9.1 and later allows attackers with access to the loging prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.
7212| [CVE-1999-1466] Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote attackers to bypass access control lists when extended IP access lists are used on certain interfaces, the IP route cache is enabled, and the access list uses the "established" keyword.
7213| [CVE-1999-1306] Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters.
7214| [CVE-1999-1216] Cisco routers 9.17 and earlier allow remote attackers to bypass security restrictions via certain IP source routed packets that should normally be denied using the "no ip source-route" command.
7215|
7216| SecurityFocus - https://www.securityfocus.com/bid/:
7217| [70744] Cisco ASR 901 Series Routers CVE-2014-3293 Denial of Service Vulnerability
7218| [70658] ZTE ZXDSL 931VII 'manager_dev_config_t.gch' Information Disclosure Vulnerability
7219| [61774] ISC BIND 9 SRTT Algorithm Authoritative Server Selection Security Vulnerability
7220| [61479] ISC BIND 9 DNS RDATA Handling CVE-2013-4854 Remote Denial of Service Vulnerability
7221| [58736] ISC BIND 9 'libdns' Remote Denial of Service Vulnerability
7222| [57556] ISC BIND 9 DNS64 CVE-2012-5689 Remote Denial of Service Vulnerability
7223| [56817] ISC BIND 9 DNS64 Remote Denial of Service Vulnerability
7224| [55852] ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
7225| [55522] ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
7226| [54659] ISC BIND 9 TCP Query Remote Denial of Service Vulnerability
7227| [54658] ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability
7228| [53772] ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
7229| [50690] ISC BIND 9 Recursive Queries Remote Denial of Service Vulnerability
7230| [48566] ISC BIND 9 Unspecified Packet Processing Remote Denial of Service Vulnerability
7231| [48565] ISC BIND 9 RPZ Configurations Remote Denial of Service Vulnerabilities
7232| [48007] ISC BIND 9 Large RRSIG RRsets Remote Denial of Service Vulnerability
7233| [47734] ISC BIND 9 RRSIG Query Type Remote Denial of Service Vulnerability
7234| [46491] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
7235| [45385] ISC BIND 9 DNSSEC Validation Remote Denial of Service Vulnerability
7236| [45133] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
7237| [41730] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
7238| [37865] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
7239| [37118] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
7240| [35848] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
7241| [25076] ISC BIND 9 Default ACL Settings Recursive Queries And Cached Content Security Bypass Vulnerability
7242| [25037] ISC BIND 9 Remote Cache Poisoning Vulnerability
7243| [4936] ISC BIND 9 Remote Denial Of Service Vulnerability
7244| [100656] Cisco ASR 920 Series Routers CVE-2017-6795 Local Arbitrary File Overwrite Vulnerability
7245| [97450] Cisco ASR 903 and ASR 920 Series CVE-2017-6603 Denial of Service Vulnerability
7246| [93415] Cisco Nexus 9000 Series Switches CVE-2016-1455 Remote Information Disclosure Vulnerability
7247| [82579] Cisco Nexus 9000 Series ACI Mode Switches CVE-2015-6398 Denial of Service Vulnerability
7248| [77686] Cisco Firepower 9000 Series CVE-2015-6380 Unspecified OS Command Injection Vulnerability
7249| [77635] Cisco Firepower 9000 Series CVE-2015-6371 Multiple Arbitrary File Read Vulnerabilities
7250| [77634] Cisco Firepower 9000 Series CVE-2015-6370 Local Command Injection Vulnerability
7251| [77633] Cisco Firepower 9000 Series Switches CVE-2015-6372 HTML Injection Vulnerability
7252| [77631] Cisco Firepower 9000 Series Switches CVE-2015-6374 Clickjacking Vulnerability
7253| [77629] Cisco Firepower 9000 Series CVE-2015-6369 Local Denial of Service Vulnerability
7254| [77628] Cisco Firepower 9000 CVE-2015-6373 Cross Site Request Forgery Vulnerability
7255| [77614] Cisco Firepower 9000 Series Switches CVE-2015-6368 Information Disclosure Vulnerability
7256| [76913] Cisco NX-OS Software for Nexus 9000 Series Switches CVE-2015-6308 Denial of Service Vulnerability
7257| [76791] Cisco ASR 9000 Series Aggregation Services Routers CVE-2015-6301 Denial of Service Vulnerability
7258| [76762] Cisco NX-OS Software for Nexus 9000 Series CVE-2015-6295 Denial of Service Vulnerability
7259| [76329] Cisco Nexus 9000 Series Software CVE-2015-4301 Remote Denial of Service Vulnerability
7260| [76057] Cisco Firepower 9000 Series Devices CVE-2015-4287 Information Disclosure Vulnerability
7261| [75471] Cisco Unified IP Phones 9900 Series CVE-2015-4226 Denial of Service Vulnerability
7262| [75378] Cisco NX-OS Software for Nexus 9000 Series CVE-2015-4213 Information Disclosure Vulnerability
7263| [74029] Cisco ASR 9000 Series Routers CVE-2015-0694 Remote Security Bypass Vulnerability
7264| [73895] Cisco NX-OS Software for Nexus 9000 Series CVE-2015-0686 Denial of Service Vulnerability
7265| [73470] Cisco ASR 9000 Series Routers CVE-2015-0685 Denial of Service Vulnerability
7266| [73318] Cisco ASR 9000 Series Aggregation Services Routers CVE-2015-0672 Denial of Service Vulnerability
7267| [72485] Cisco Unified IP Phones 9900 Series CVE-2015-0604 Arbitrary File Upload Vulnerability
7268| [72484] Cisco Unified IP Phones 9900 Series CVE-2015-0603 Local Denial of Service Vulnerability
7269| [72483] Cisco Unified IP Phones 9900 Series CVE-2015-0601 Local Denial of Service Vulnerability
7270| [72482] Cisco Unified IP Phones 9900 Series CVE-2015-0602 Information Disclosure Vulnerability
7271| [72481] Cisco Unified IP Phones 9900 Series CVE-2015-0600 Denial of Service Vulnerability
7272| [71979] Cisco MDS 9000 NX-OS Software CVE-2015-0582 Denial of Service Vulnerability
7273| [69057] Cisco Nexus 9000 Series Switches CVE-2014-3330 Access List Security Bypass Vulnerability
7274| [64770] Cisco Unified IP Phones 9900 Series Crafted Header Unregister Denial of Service Vulnerability
7275| [63564] Cisco MDS 9000 NX-OS Software VRRP Frames Denial of Service Vulnerability
7276| [62944] Cisco Unified IP Phones 9900 Series CVE-2013-5532 Buffer Overflow Vulnerability
7277| [62943] Cisco Unified IP Phones 9900 Series CVE-2013-5533 Local Command Injection Vulnerability
7278| [62905] Cisco Unified IP Phones 9900 Series CVE-2013-5526 Denial of Service Vulnerability
7279| [61330] Cisco Unified IP Phones 9900 Series CVE-2013-3426 Arbitrary File Download Vulnerability
7280| [49633] Oracle Application Server 9i 'httpd.conf' Information Disclosure Vulnerability
7281| [48811] Cisco ASR 9000 Series Routers IP Version 4 Denial of Service Vulnerability
7282| [48264] Aastra 9480i CT Multiple Information Disclosure Vulnerabilities
7283| [15542] NetObjects Fusion 9 Information Disclosure Vulnerability
7284| [6556] Oracle 9i Application Server Sample Scripts Information Disclosure Vulnerability
7285| [6459] Oracle 9i Application Server Java Server Page Source Code Disclosure Vulnerability
7286| [5335] Multiple Lucent Router UDP Port 9 Information Disclosure Vulnerability
7287| [4290] Oracle 9i Default Configuration File Information Disclosure Vulnerability
7288| [4034] Oracle 9IAS OracleJSP Information Disclosure Vulnerability
7289| [3848] Mandrake Bind 9 Package Insecure File Permissions Vulnerability
7290| [2516] Microsoft Plus! 98 Windows ME Password Disclosure Vulnerability
7291|
7292| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7293| [85799] Cisco Unified IP Phones 9900 Series directory traversal
7294| [75412] Cisco Unified IP Phones 9900 series RT privilege escalation
7295| [68733] Cisco 9000 Series Aggregation Service Router IPv4 packet denial of service
7296| [9704] Multiple Lucent router UDP port 9 could disclose sensitive information
7297| [9250] BIND 9 dns_message_findtype() denial of service
7298| [1852] BIND prior to 4.9.7 buffer overflow affects Digital Firewall 97 users
7299| [539] Microsoft Windows 95 and Internet Explorer password disclosure
7300| [86004] ISC BIND RDATA denial of service
7301| [84767] ISC BIND denial of service
7302| [83066] ISC BIND denial of service
7303| [81504] ISC BIND AAAA denial of service
7304| [80510] ISC BIND DNS64 denial of service
7305| [79121] ISC BIND queries denial of service
7306| [78479] ISC BIND RDATA denial of service
7307| [77185] ISC BIND TCP queries denial of service
7308| [77184] ISC BIND bad cache denial of service
7309| [76034] ISC BIND rdata denial of service
7310| [73053] ISC BIND cache update policy security bypass
7311| [71332] ISC BIND recursive queries denial of service
7312| [68375] ISC BIND UPDATE denial of service
7313| [68374] ISC BIND Response Policy Zones denial of service
7314| [67665] ISC BIND RRSIG Rrsets denial of service
7315| [67297] ISC BIND RRSIG denial of service
7316| [65554] ISC BIND IXFR transfer denial of service
7317| [63602] ISC BIND allow-query security bypass
7318| [63596] ISC BIND zone data security bypass
7319| [63595] ISC BIND RRSIG denial of service
7320| [62072] ISC BIND DNSSEC query denial of service
7321| [62071] ISC BIND ACL security bypass
7322| [61871] ISC BIND anchors denial of service
7323| [60421] ISC BIND RRSIG denial of service
7324| [56049] ISC BIND out-of-bailiwick weak security
7325| [55937] ISC Bind unspecified cache poisoning
7326| [55753] ISC BIND DNSSEC NSEC/NSEC3 cache poisoning
7327| [54416] ISC BIND DNSSEC cache poisoning
7328| [52073] ISC BIND dns_db_findrdataset() denial of service
7329| [47409] Multiple Mozilla products XBL loadBindingDocument information disclosure
7330| [45234] ISC BIND UDP denial of service
7331| [39670] ISC BIND inet_network buffer overflow
7332| [37233] libgssapi ISC BIND Novell SUSE Linux Enterprise Server GSS-TSIG request denial of service
7333| [37128] RHSA update for ISC BIND RRset denial of service not installed
7334| [37127] RHSA update for ISC BIND named service denial of service not installed
7335| [36275] ISC BIND DNS query spoofing
7336| [35575] ISC BIND query ID cache poisoning
7337| [35571] ISC BIND ACL security bypass
7338| [31838] ISC BIND RRset denial of service
7339| [31799] ISC BIND named service denial of service
7340| [29876] HP Tru64 ypbind core dump information disclosure
7341| [28745] ISC BIND DNSSEC RRset denial of service
7342| [28744] ISC BIND recursive INSIST denial of service
7343| [22041] BEA WebLogic Server and Express LDAP anonymous bind information disclosure
7344| [18836] BIND hostname disclosure
7345| [10624] ISC BIND DNS stub resolver library (libresolv.a) stack buffer overflows
7346| [10333] ISC BIND SIG null pointer dereference denial of service
7347| [10332] ISC BIND OPT resource record (RR) denial of service
7348| [10304] ISC BIND SIG cached resource records (RR) heap buffer overflow
7349| [7027] Cisco CBOS Web-based configuration utility binds to port 80 by default
7350| [5814] ISC BIND "
7351| [5540] ISC BIND can be remotely crashed by issuing ZXFR requests
7352| [5462] ISC BIND AXFR host command remote buffer overflow
7353|
7354| Exploit-DB - https://www.exploit-db.com:
7355| [25305] ColdFusion 9-10 - Credential Disclosure Exploit
7356| [9300] ISC BIND 9 Remote Dynamic Update Message Denial of Service PoC
7357| [24689] cPanel 9.9.1 -R3 Front Page Extension Installation Information Disclosure
7358| [23059] Netbula Anyboard 9.9.5 6 Information Disclosure Vulnerability
7359| [21812] MS Word 95/97/98/2000/2002 INCLUDEPICTURE Document Sharing File Disclosure
7360| [21764] MS Word 95/97/98/2000/2002 Excel 2002 INCLUDETEXT Document Sharing File Disclosure
7361| [19877] FrontPage 98/Personal WebServer 1.0,Personal Web Server 2.0 htimage.exe File Existence Disclosure
7362| [17376] Aastra IP Phone 9480i Web Interface Data disclosure Vulnerability
7363| [13448] linux/x86 portbind port 5074 92 bytes
7364| [13388] linux/x86 Bind /bin/sh to 31337/tcp + fork() 98 bytes
7365| [13360] linux/x86 setuid/portbind shellcode 96 bytes
7366| [13245] bsd/x86 setuid/portbind shellcode 94 bytes
7367| [10638] Web Wiz Forums 9.64 - Database Disclosure Vulnerability
7368| [6775] Solaris 9 PortBind XDR-DECODE taddr2uaddr() Remote DoS Exploit
7369| [6236] BIND 9.5.0-P2 (randomized ports) Remote DNS Cache Poisoning Exploit
7370| [6130] BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c)
7371| [6123] BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py)
7372| [6122] BIND 9.4.1-9.4.2 - Remote DNS Cache Poisoning Flaw Exploit (meta)
7373| [4292] Diskeeper 9 Remote Memory Disclosure Exploit
7374| [4266] BIND 9 0.3beta - DNS Cache Poisoning Exploit
7375|
7376| OpenVAS (Nessus) - http://www.openvas.org:
7377| [103090] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
7378| [103031] ISC BIND 9 < 9.7.2-P2 Multiple Vulnerabilities
7379| [103030] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
7380| [100717] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
7381| [100458] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
7382| [100362] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
7383| [100251] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
7384| [63208] Fedora Core 9 FEDORA-2009-0350 (bind)
7385| [11226] Oracle 9iAS default error information disclosure
7386|
7387| SecurityTracker - https://www.securitytracker.com:
7388| [1025811] Cisco ASR 9000 Series Router IPv4 Packet Processing Flaw Lets Remote Users Deny Service
7389| [1012995] BIND 9 Validator Assumption Error May Let Remote Users Deny Service
7390| [1005048] Oracle Enterprise Manager Web Service Component of Oracle 9i Application Server Discloses the Web Cache Administrator Password to Local Users
7391| [1003675] Oracle 9iAS Application Server Discloses CGI-BIN Script Source Code to Remote Users
7392| [1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords
7393| [1028901] (McAfee Issues Advisory for McAfee Email Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
7394| [1028900] (McAfee Issues Advisory for McAfee Email and Web Security Appliance) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
7395| [1028899] (McAfee Issues Fix for McAfee Web Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
7396| [1028866] (McAfee Issues Fix for McAfee Firewall Enterprise) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
7397| [1028854] (NetBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
7398| [1028849] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
7399| [1028848] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
7400| [1028839] (FreeBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
7401| [1028838] ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
7402| [1028632] ISC BIND RUNTIME_CHECK Error Lets Remote Users Deny Service Against Recursive Resolvers
7403| [1028046] ISC BIND DNS64 and Response Policy Zones (RPZ) Bug Lets Remote Users Deny Service
7404| [1027835] ISC BIND DNS64 Bug Lets Remote Users Deny Service
7405| [1027642] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
7406| [1027529] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
7407| [1026647] ISC BIND Cache Update Policy Can Be Bypassed to Allow Revoked Domain Names to Remain Resolvable
7408| [1026335] ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service
7409| [1025743] ISC BIND Response Policy Zones DNAME/CNAME Processing Flaw Lets Remote Users Deny Service
7410| [1025742] ISC BIND Packet Processing Flaw Lets Remote Users Deny Service
7411| [1015850] Samba winbindd Daemon Discloses Server Password to Local Users
7412| [1003359] BindView NETinventory Discloses Password to Local Users During Auditing
7413| [1001721] BIND Domain Name System Software May Disclose DNS Transactional Signature (TSIG) Keys to Local Users
7414|
7415| OSVDB - http://www.osvdb.org:
7416| [95373] Cisco Unified IP Phones 9900 Series Serviceability Servlet Path Value Handling Arbitrary File Access
7417| [86219] Cardiac Science G3 Plus 9390A-501 AED AEDUpdate Cleartext Password Local Disclosure
7418| [76009] Cisco IOS DLSw FST IP Protocol 91 Packet Memory Leak Remote DoS
7419| [73985] Cisco ASR 9000 Series Line Card IPv4 Packet Parsing Remote DoS
7420| [72941] Aastra 9480i IP Phone Multiple Configuration File Direct Request Information Disclosure
7421| [34520] Cisco Linksys Multiple Router UDP 916 Remote Information Disclosure
7422| [22517] MPN HP-180W Wireless IP Phone UDP Port 9090 Information Disclosure
7423| [22516] ZyXEL P-2000W_v2 VoIP Wi-Fi Phone UDP Port 9090 Information Disclosure
7424| [21292] ZyXEL P2000W UDP 9090 Remote Information Disclosure
7425| [18220] Oracle 9iAS httpd.confg /perl Location Alias Arbitrary CGI File Script Disclosure
7426| [18218] Oracle 9iAS echo2 Sample Application Information Disclosure
7427| [18217] Oracle 9iAS echo Sample Application Information Disclosure
7428| [18216] Oracle 9iAS printenv Sample Application Information Disclosure
7429| [18215] Oracle 9iAS info.jsp Sample Application Information Disclosure
7430| [6674] Microsoft Office 98 for Macintosh Disk Space Information Disclosure
7431| [3108] Microsoft Office 98 Macintosh Information Disclosure
7432| [1146] Microsoft Windows 9x Credential Cache Cleartext Password Disclosure
7433| [665] Microsoft Windows 95 Online Registration Information Disclosure
7434| [95707] ISC BIND rdata.c RFC 5011 Implementation Malformed RDATA Section Handling Remote DoS
7435| [93913] ISC BIND Recursive Resolver resolver.c Malformed Zone Query Handling Remote DoS
7436| [91712] ISC BIND Crafted Regular Expression Handling Memory Exhaustion Remote DoS
7437| [89584] ISC BIND DNS64 Nameserver Response Policy Zone (RPZ) AAAA Record Query Remapping Remote DoS
7438| [89401] Foswiki LocalSite.cfg LDAP BindPassword Plaintext Local Disclosure
7439| [88126] ISC BIND DNS64 IPv6 Transition Mechanism DNS Query Parsing Remote DoS
7440| [86118] ISC BIND Nameserver RDATA Record Query Parsing Remote DoS
7441| [85417] ISC BIND Assertion Error Resource Record RDATA Query Parsing Remote DoS
7442| [84229] ISC BIND Memory Leak TCP Query Parsing ns_client Object Out-of-memory Remote DoS
7443| [84228] ISC BIND Query Handling Bad Cache Data Structure Assertion Remote DoS
7444| [82609] ISC BIND named DNS Resource Record Zero Length Rdata Handling Remote Information Disclosure
7445| [78916] ISC BIND Cache Update Policy Deleted Domain Name Resolving Weakness
7446| [77159] ISC BIND Recursive Query Parsing Remote DoS
7447| [73605] ISC BIND UPDATE Request Parsing Remote DoS
7448| [73604] ISC BIND Response Policy Zones (RPZ) DNAME / CNAME Parsing Remote DoS
7449| [72540] ISC BIND Caching Resolver Large RRSIG RRsets Negative Caching Remote DoS
7450| [72539] ISC BIND Authoritative Server Crafted IXFR / DDNS Query Update Deadlock DoS
7451| [72172] ISC BIND Response Policy Zones RRSIG Query Assertion Failure DoS
7452| [69568] ISC BIND named allow-query ACL Restriction Bypass
7453| [69559] ISC BIND named Key Algorithm Rollover Weakness
7454| [69558] ISC BIND named RRSIG Negative Caching DoS
7455| [68271] ISC BIND DNSSEC Query Validation Response Signature Handling Remote DoS
7456| [68270] ISC BIND ACL Application Weakness Cache Recursion Access Restriction Bypass
7457| [66395] ISC BIND RRSIG Requests Infinite Loop DoS
7458| [63373] Apple Mac OS X Server Admin Authenticated Directory Binding Handling Unspecified Open Directory Information Disclosure
7459| [62008] ISC BIND Secure Response Refetch Weakness Unspecified Issue
7460| [62007] ISC BIND Recursive Client Query CNAME / DNAME Response DNS Cache Poisoning
7461| [61853] ISC BIND DNSSEC Validation Crafted NXDOMAIN Request Cache Poisoning
7462| [60493] ISC BIND DNSSEC Recursive Query Additional Section Cache Poisoning
7463| [59272] ISC BIND named Multiple Symlink Arbitrary File Overwrite
7464| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
7465| [57060] ISC BIND DNS Message Malformed TSIG Remote DoS
7466| [56584] ISC BIND Dynamic Update Message Handling Remote DoS
7467| [56411] GNU wget DNS Rebinding Information Disclosure Weakness
7468| [53115] ISC BIND EVP_VerifyFinal() / DSA_do_verify() SSL/TLS Signature Validation Weakness
7469| [48243] ISC BIND for Windows UDP Client Handler Remote DoS
7470| [46776] ISC BIND DNS Query ID Field Prediction Cache Poisoning
7471| [42655] ISC BIND on Red Hat Linux /etc/rndc.key Insecure File Permission Local named Manipulation
7472| [41211] ISC BIND libbind inet_network() Function Off-By-One Memory Corruption
7473| [40935] ISC BIND on SUSE Linux Enterprise Server libgssapi named GSS-TSIG Request Remote DoS
7474| [37301] ISC BIND Signed Zone Signature Verification Remote DoS
7475| [36796] ISC BIND Outgoing Query Predictable DNS Query ID
7476| [36236] ISC BIND allow-query-cache/allow-recursion ACL Bypass
7477| [36235] ISC BIND Predictable DNS Query IDs Cache Poisoning
7478| [34753] ISC BIND stub Resolver libbind Crafted Query Remote DoS
7479| [34752] ISC BIND so_linger Remote DoS
7480| [34751] ISC BIND Malformed SIG Record Remote DoS
7481| [34750] ISC BIND Malformed NAPTR Record Local DoS
7482| [34749] ISC BIND named maxdname DoS
7483| [34748] ISC BIND query.c query_addsoa Function Unspecified Recursive Query DoS
7484| [31923] ISC BIND Crafted ANY Request Response Multiple RRsets DoS
7485| [31922] ISC BIND Unspecified Freed Fetch Context Dereference DoS
7486| [28558] ISC BIND Recursive Query Saturation DoS
7487| [28557] ISC BIND SIG Query Multiple RRsets Response DoS
7488| [25895] ISC BIND Cached Recursive Query DoS
7489| [24263] Samba winbindd Debug Log Server Credentials Local Disclosure
7490| [21353] BindView NetInventory HOSTCFG._NI Deletion Cleartext Password Disclosure
7491| [14878] ISC BIND rdataset Parameter Malformed DNS Packet DoS
7492| [14877] ISC BIND stub Resolver Libraries Malformed DNS Response DoS
7493| [14795] ISC BIND TSIG Handling Code Remote Overflow
7494| [14432] ISC BIND Multiple DNS Resolver Functions Remote Overflow
7495| [13752] ISC BIND host Command AXFR Response Remote Overflow
7496| [13176] ISC BIND q_usedns Array Remote Overflow DoS
7497| [13175] ISC BIND dnssec authvalidated Crafted Packet Remote DoS
7498| [9736] ISC BIND fdmax File Descriptor Consumption DoS
7499| [9735] ISC BIND -DALLOW_UPDATES Option Remote Record Modification
7500| [9734] ISC BIND CNAME Record Zone Transfer DoS
7501| [9733] ISC BIND Malformed DNS Message DoS
7502| [9725] ISC BIND SIG RR Elements Invalid Expirty Times DoS
7503| [9724] ISC BIND OPT Resource Record Large UDP Payload DoS
7504| [9723] Multiple Vendor LDAP Server NULL Bind Connection Information Disclosure
7505| [8330] ISC BIND DNS stub resolver (libresolv.a) DNS Response Overflow
7506| [7990] ISC BIND gethostbyname() DNS Handling Remote Overflow
7507| [5828] ISC BIND named SRV Remote DoS
7508| [5609] ISC BIND dnskeygen HMAC-MD5 Shared Secret Key File Disclosure
7509| [2866] ISC BIND Negative Record Cache Poisoning
7510| [1751] ISC BIND Environment Variable Information Disclosure
7511| [1747] ISC BIND 4 nslookupComplain() Remote Format String
7512| [1746] ISC BIND 4 nslookupComplain() Remote Overflow
7513| [913] ISC BIND Inverse-Query Remote Overflow
7514| [869] ISC BIND named SIG Resource Server Response RR Overflow
7515| [448] ISC BIND Compressed ZXFR Name Service Query Remote DoS
7516| [438] ISC BIND Predictable Query ID DNS Cache Poisoning
7517| [24] ISC BIND NXT Record Overflow
7518|_
751980/tcp open http LiteSpeed httpd
7520|_http-server-header: LiteSpeed
7521| vulscan: VulDB - https://vuldb.com:
7522| [127415] LiteSpeed OpenLiteSpeed up to 1.5.0 RC5 Byte Sequence Request privilege escalation
7523| [106897] Open Litespeed up to 1.3.9 Use-After-Free memory corruption
7524| [62114] Litespeedtech LiteSpeed Web Server 4.1.11 cross site scripting
7525| [53729] Litespeedtech LiteSpeed Web Server information disclosure
7526| [39420] Litespeed Technologies LiteSpeed Web Server up to 3.2.2 php%00.txt information disclosure
7527|
7528| MITRE CVE - https://cve.mitre.org:
7529| [CVE-2012-4871] Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.
7530| [CVE-2010-2333] LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
7531| [CVE-2007-5654] LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection."
7532| [CVE-2005-3695] Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter.
7533|
7534| SecurityFocus - https://www.securityfocus.com/bid/:
7535| [82240] PHP LiteSpeed SAPI Out of Bounds Read Memory Corruption Vulnerability
7536| [82027] PHP 'sapi/litespeed/lsapilib.c' Information Disclosure Vulnerability
7537| [74806] OpenLiteSpeed Heap Based Buffer Overflow and Denial of Service Vulnerabilities
7538| [74207] LiteSpeed Web Server 'httpreq.cpp' Use After Free Denial of Service Vulnerability
7539| [63484] LiteSpeed Web Server Local Privilege Escalation Vulnerability
7540| [63481] LiteSpeed Web Server Race Condition Insecure Temporary File Creation Vulnerability
7541| [55946] LiteSpeed Web Server 'gtitle' parameter Cross Site Scripting Vulnerability
7542| [45382] PHP LiteSpeed SAPI Arbitrary Code Execution Vulnerability
7543| [40815] LiteSpeed Web Server Source Code Information Disclosure Vulnerability
7544| [38317] LiteSpeed Web Server Cross Site Scripting and Request Forgery Vulnerabilities
7545| [36268] LiteSpeed Web Server Multiple Unspecified Remote Security Vulnerabilities
7546| [26163] LiteSpeed Web Server Null-Byte Handling Information Disclosure Vulnerability
7547| [15485] LiteSpeed ConfMgr.php Cross-Site Scripting Vulnerability
7548|
7549| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7550| [74144] LiteSpeed graph_html.php cross-site scripting
7551| [63979] LiteSpeed Web Server Null buffer overflow
7552| [59385] LiteSpeed Web Server information disclosure
7553| [56389] LiteSpeed Web Server Admin interface cross-site scripting
7554| [56388] LiteSpeed Web Server confMgr.php cross-site request forgery
7555| [54537] LiteSpeed Web Server post-authentication code execution
7556| [54536] LiteSpeed Web Server Lshttpd denial of service
7557| [37380] LiteSpeed Web Server mime-type information disclosure
7558| [23086] LiteSpeed Web Server /admin/config/confMgr.php cross-site scripting
7559|
7560| Exploit-DB - https://www.exploit-db.com:
7561| [26535] LiteSpeed 2.1.5 ConfMgr.php Cross-Site Scripting Vulnerability
7562| [15723] FreeBSD LiteSpeed Web Server 4.0.17 with PHP - Remote Exploit
7563| [13850] Litespeed Technologies Web Server Remote Poison null byte Exploit
7564| [11503] Litespeed Web Server 4.0.12 - (Add Admin) CSRF and XSS Vulnerabilities
7565| [4556] LiteSpeed Web Server <= 3.2.3 - Remote Source Code Disclosure Vuln
7566|
7567| OpenVAS (Nessus) - http://www.openvas.org:
7568| [100744] LiteSpeed Web Server Source Code Information Disclosure Vulnerability
7569|
7570| SecurityTracker - https://www.securitytracker.com:
7571| [1015234] LiteSpeed Web Server Input Validation Flaw in 'confMgr.php' Permits Cross-Site Scripting Attacks
7572|
7573| OSVDB - http://www.osvdb.org:
7574| [80213] LiteSpeed Web Server Admin Panel service/graph_html.php gtitle Parameter XSS
7575| [69916] LiteSpeed Web Server HTTP Header LSAPI PHP Extension Processing Overflow
7576| [65476] LiteSpeed Web Server Script Source Code Information Disclosure
7577| [62449] LiteSpeed Web Server Admin User Creation CSRF
7578| [57910] LiteSpeed Web Server Unspecified Post-authentication Issue
7579| [57909] LiteSpeed Web Server lshttpd Unspecified Infinite Loop DoS
7580| [41867] LiteSpeed Web Server MIME Type Injection Null Byte Script Source Code Disclosure
7581| [20908] LiteSpeed Web Server WebAdmin confMgr.php m Parameter XSS
7582|_
7583110/tcp open pop3 Dovecot pop3d
7584| vulscan: VulDB - https://vuldb.com:
7585| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
7586| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
7587| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
7588| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
7589| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
7590| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
7591| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
7592| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
7593| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
7594| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
7595| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
7596| [69835] Dovecot 2.2.0/2.2.1 denial of service
7597| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
7598| [65684] Dovecot up to 2.2.6 unknown vulnerability
7599| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
7600| [63692] Dovecot up to 2.0.15 spoofing
7601| [7062] Dovecot 2.1.10 mail-search.c denial of service
7602| [57517] Dovecot up to 2.0.12 Login directory traversal
7603| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
7604| [57515] Dovecot up to 2.0.12 Crash denial of service
7605| [54944] Dovecot up to 1.2.14 denial of service
7606| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
7607| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
7608| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
7609| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
7610| [53277] Dovecot up to 1.2.10 denial of service
7611| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
7612| [45256] Dovecot up to 1.1.5 directory traversal
7613| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
7614| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
7615| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
7616| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
7617| [40356] Dovecot 1.0.9 Cache unknown vulnerability
7618| [38222] Dovecot 1.0.2 directory traversal
7619| [36376] Dovecot up to 1.0.x directory traversal
7620| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
7621|
7622| MITRE CVE - https://cve.mitre.org:
7623| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
7624| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
7625| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
7626| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
7627| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
7628| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
7629| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
7630| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
7631| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
7632| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
7633| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
7634| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
7635| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
7636| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
7637| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
7638| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
7639| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
7640| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
7641| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
7642| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
7643| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
7644| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
7645| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
7646| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
7647| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
7648| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
7649| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
7650| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
7651| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
7652| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
7653| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
7654| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
7655| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
7656| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
7657| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
7658| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
7659| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
7660|
7661| SecurityFocus - https://www.securityfocus.com/bid/:
7662| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
7663| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
7664| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
7665| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
7666| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
7667| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
7668| [67306] Dovecot Denial of Service Vulnerability
7669| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
7670| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
7671| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
7672| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
7673| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
7674| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
7675| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
7676| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
7677| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
7678| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
7679| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
7680| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
7681| [39838] tpop3d Remote Denial of Service Vulnerability
7682| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
7683| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
7684| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
7685| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
7686| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
7687| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
7688| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
7689| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
7690| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
7691| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
7692| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
7693| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
7694| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
7695| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
7696| [17961] Dovecot Remote Information Disclosure Vulnerability
7697| [16672] Dovecot Double Free Denial of Service Vulnerability
7698| [8495] akpop3d User Name SQL Injection Vulnerability
7699| [8473] Vpop3d Remote Denial Of Service Vulnerability
7700| [3990] ZPop3D Bad Login Logging Failure Vulnerability
7701| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
7702|
7703| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7704| [86382] Dovecot POP3 Service denial of service
7705| [84396] Dovecot IMAP APPEND denial of service
7706| [80453] Dovecot mail-search.c denial of service
7707| [71354] Dovecot SSL Common Name (CN) weak security
7708| [67675] Dovecot script-login security bypass
7709| [67674] Dovecot script-login directory traversal
7710| [67589] Dovecot header name denial of service
7711| [63267] Apple Mac OS X Dovecot information disclosure
7712| [62340] Dovecot mailbox security bypass
7713| [62339] Dovecot IMAP or POP3 denial of service
7714| [62256] Dovecot mailbox security bypass
7715| [62255] Dovecot ACL entry security bypass
7716| [60639] Dovecot ACL plugin weak security
7717| [57267] Apple Mac OS X Dovecot Kerberos security bypass
7718| [56763] Dovecot header denial of service
7719| [54363] Dovecot base_dir privilege escalation
7720| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
7721| [46323] Dovecot dovecot.conf information disclosure
7722| [46227] Dovecot message parsing denial of service
7723| [45669] Dovecot ACL mailbox security bypass
7724| [45667] Dovecot ACL plugin rights security bypass
7725| [41085] Dovecot TAB characters authentication bypass
7726| [41009] Dovecot mail_extra_groups option unauthorized access
7727| [39342] Dovecot LDAP auth cache configuration security bypass
7728| [35767] Dovecot ACL plugin security bypass
7729| [34082] Dovecot mbox-storage.c directory traversal
7730| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
7731| [26578] Cyrus IMAP pop3d buffer overflow
7732| [26536] Dovecot IMAP LIST information disclosure
7733| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
7734| [24709] Dovecot APPEND command denial of service
7735| [13018] akpop3d authentication code SQL injection
7736| [7345] Slackware Linux imapd and ipop3d core dump
7737| [6269] imap, ipop2d and ipop3d buffer overflows
7738| [5923] Linuxconf vpop3d symbolic link
7739| [4918] IPOP3D, Buffer overflow attack
7740| [1560] IPOP3D, user login successful
7741| [1559] IPOP3D user login to remote host successful
7742| [1525] IPOP3D, user logout
7743| [1524] IPOP3D, user auto-logout
7744| [1523] IPOP3D, user login failure
7745| [1522] IPOP3D, brute force attack
7746| [1521] IPOP3D, user kiss of death logout
7747| [418] pop3d mktemp creates insecure temporary files
7748|
7749| Exploit-DB - https://www.exploit-db.com:
7750| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
7751| [23053] Vpop3d Remote Denial of Service Vulnerability
7752| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
7753| [11893] tPop3d 1.5.3 DoS
7754| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
7755| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
7756| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
7757| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
7758|
7759| OpenVAS (Nessus) - http://www.openvas.org:
7760| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
7761| [901025] Dovecot Version Detection
7762| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
7763| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
7764| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
7765| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
7766| [870607] RedHat Update for dovecot RHSA-2011:0600-01
7767| [870471] RedHat Update for dovecot RHSA-2011:1187-01
7768| [870153] RedHat Update for dovecot RHSA-2008:0297-02
7769| [863272] Fedora Update for dovecot FEDORA-2011-7612
7770| [863115] Fedora Update for dovecot FEDORA-2011-7258
7771| [861525] Fedora Update for dovecot FEDORA-2007-664
7772| [861394] Fedora Update for dovecot FEDORA-2007-493
7773| [861333] Fedora Update for dovecot FEDORA-2007-1485
7774| [860845] Fedora Update for dovecot FEDORA-2008-9202
7775| [860663] Fedora Update for dovecot FEDORA-2008-2475
7776| [860169] Fedora Update for dovecot FEDORA-2008-2464
7777| [860089] Fedora Update for dovecot FEDORA-2008-9232
7778| [840950] Ubuntu Update for dovecot USN-1295-1
7779| [840668] Ubuntu Update for dovecot USN-1143-1
7780| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
7781| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
7782| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
7783| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
7784| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
7785| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
7786| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
7787| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
7788| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
7789| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
7790| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
7791| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
7792| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
7793| [70259] FreeBSD Ports: dovecot
7794| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
7795| [66522] FreeBSD Ports: dovecot
7796| [65010] Ubuntu USN-838-1 (dovecot)
7797| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
7798| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
7799| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
7800| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
7801| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
7802| [62854] FreeBSD Ports: dovecot-managesieve
7803| [61916] FreeBSD Ports: dovecot
7804| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
7805| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
7806| [60528] FreeBSD Ports: dovecot
7807| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
7808| [60089] FreeBSD Ports: dovecot
7809| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
7810| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
7811|
7812| SecurityTracker - https://www.securitytracker.com:
7813| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
7814| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
7815| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
7816|
7817| OSVDB - http://www.osvdb.org:
7818| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
7819| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
7820| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
7821| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
7822| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
7823| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
7824| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
7825| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
7826| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
7827| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
7828| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
7829| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
7830| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
7831| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
7832| [66113] Dovecot Mail Root Directory Creation Permission Weakness
7833| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
7834| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
7835| [66110] Dovecot Multiple Unspecified Buffer Overflows
7836| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
7837| [64783] Dovecot E-mail Message Header Unspecified DoS
7838| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
7839| [62796] Dovecot mbox Format Email Header Handling DoS
7840| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
7841| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
7842| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
7843| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
7844| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
7845| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
7846| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
7847| [43137] Dovecot mail_extra_groups Symlink File Manipulation
7848| [42979] Dovecot passdbs Argument Injection Authentication Bypass
7849| [39876] Dovecot LDAP Auth Cache Security Bypass
7850| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
7851| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
7852| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
7853| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
7854| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
7855| [23281] Dovecot imap/pop3-login dovecot-auth DoS
7856| [23280] Dovecot Malformed APPEND Command DoS
7857| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
7858| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
7859| [5857] Linux pop3d Arbitrary Mail File Access
7860| [2471] akpop3d username SQL Injection
7861|_
7862143/tcp open imap Dovecot imapd
7863| vulscan: VulDB - https://vuldb.com:
7864| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
7865| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
7866| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
7867| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
7868| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
7869| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
7870| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
7871| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
7872| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
7873| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
7874| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
7875| [69835] Dovecot 2.2.0/2.2.1 denial of service
7876| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
7877| [65684] Dovecot up to 2.2.6 unknown vulnerability
7878| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
7879| [63692] Dovecot up to 2.0.15 spoofing
7880| [7062] Dovecot 2.1.10 mail-search.c denial of service
7881| [59792] Cyrus IMAPd 2.4.11 weak authentication
7882| [57517] Dovecot up to 2.0.12 Login directory traversal
7883| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
7884| [57515] Dovecot up to 2.0.12 Crash denial of service
7885| [54944] Dovecot up to 1.2.14 denial of service
7886| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
7887| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
7888| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
7889| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
7890| [53277] Dovecot up to 1.2.10 denial of service
7891| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
7892| [45256] Dovecot up to 1.1.5 directory traversal
7893| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
7894| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
7895| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
7896| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
7897| [40356] Dovecot 1.0.9 Cache unknown vulnerability
7898| [38222] Dovecot 1.0.2 directory traversal
7899| [37927] Ipswitch Ipswitch Collaboration Suite up to 2006.1 IMAP Service imapd32.exe memory corruption
7900| [36376] Dovecot up to 1.0.x directory traversal
7901| [35759] Atrium MERCUR IMAPD IMAP4 mcrimap4.exe memory corruption
7902| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
7903|
7904| MITRE CVE - https://cve.mitre.org:
7905| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
7906| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
7907| [CVE-2011-3481] The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
7908| [CVE-2011-3372] imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
7909| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
7910| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
7911| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
7912| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
7913| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
7914| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
7915| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
7916| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
7917| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
7918| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
7919| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
7920| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
7921| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
7922| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
7923| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
7924| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
7925| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
7926| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
7927| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
7928| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
7929| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
7930| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
7931| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
7932| [CVE-2007-5740] The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
7933| [CVE-2007-5018] Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.
7934| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
7935| [CVE-2007-3925] Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
7936| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
7937| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
7938| [CVE-2007-1579] Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
7939| [CVE-2007-1578] Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
7940| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
7941| [CVE-2006-6762] The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
7942| [CVE-2006-6761] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
7943| [CVE-2006-6425] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
7944| [CVE-2006-6424] Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow
7945| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
7946| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
7947| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
7948| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
7949| [CVE-2005-2278] Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
7950| [CVE-2005-1256] Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
7951| [CVE-2005-1249] The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
7952| [CVE-2005-1015] Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
7953| [CVE-2005-0546] Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
7954| [CVE-2003-1322] Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
7955| [CVE-2002-1782] The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.
7956| [CVE-2002-1604] Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
7957| [CVE-2002-0997] Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
7958| [CVE-2002-0379] Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
7959| [CVE-2001-0691] Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
7960| [CVE-2000-0284] Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
7961| [CVE-1999-1557] Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
7962| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
7963| [CVE-1999-1224] IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
7964|
7965| SecurityFocus - https://www.securityfocus.com/bid/:
7966| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
7967| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
7968| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
7969| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
7970| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
7971| [84478] imapd CVE-1999-1224 Denial-Of-Service Vulnerability
7972| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
7973| [67306] Dovecot Denial of Service Vulnerability
7974| [65650] Eudora WorldMail imapd 'UID' Command Buffer Overflow Vulnerability
7975| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
7976| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
7977| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
7978| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
7979| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
7980| [51403] Eudora WorldMail imapd 'LIST' Command Buffer Overflow Vulnerability
7981| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
7982| [49949] Cyrus IMAPd NTTP Logic Error Authentication Bypass Vulnerability
7983| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
7984| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
7985| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
7986| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
7987| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
7988| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
7989| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
7990| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
7991| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
7992| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
7993| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
7994| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
7995| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
7996| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
7997| [26270] Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
7998| [25733] Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
7999| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
8000| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
8001| [23058] Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
8002| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
8003| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
8004| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
8005| [17961] Dovecot Remote Information Disclosure Vulnerability
8006| [16672] Dovecot Double Free Denial of Service Vulnerability
8007| [15980] Qualcomm WorldMail IMAPD Buffer Overflow Vulnerability
8008| [15753] Ipswitch Collaboration Suite and IMail Server IMAPD LIST Command Denial Of Service Vulnerability
8009| [12636] Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities
8010| [11738] Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities
8011| [11729] Cyrus IMAPD Multiple Remote Vulnerabilities
8012| [6298] Cyrus IMAPD Pre-Login Heap Corruption Vulnerability
8013| [4713] Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability
8014| [2856] Imapd 'Local' Buffer Overflow Vulnerabilities
8015| [1110] Univ. Of Washington imapd Buffer Overflow Vulnerabilities
8016| [502] NT IMail Imapd Buffer Overflow DoS Vulnerability
8017| [130] imapd Buffer Overflow Vulnerability
8018|
8019| IBM X-Force - https://exchange.xforce.ibmcloud.com:
8020| [86382] Dovecot POP3 Service denial of service
8021| [84396] Dovecot IMAP APPEND denial of service
8022| [80453] Dovecot mail-search.c denial of service
8023| [71354] Dovecot SSL Common Name (CN) weak security
8024| [70325] Cyrus IMAPd NNTP security bypass
8025| [67675] Dovecot script-login security bypass
8026| [67674] Dovecot script-login directory traversal
8027| [67589] Dovecot header name denial of service
8028| [63267] Apple Mac OS X Dovecot information disclosure
8029| [62340] Dovecot mailbox security bypass
8030| [62339] Dovecot IMAP or POP3 denial of service
8031| [62256] Dovecot mailbox security bypass
8032| [62255] Dovecot ACL entry security bypass
8033| [60639] Dovecot ACL plugin weak security
8034| [57267] Apple Mac OS X Dovecot Kerberos security bypass
8035| [56763] Dovecot header denial of service
8036| [54363] Dovecot base_dir privilege escalation
8037| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
8038| [47526] UW-imapd rfc822_output_char() denial of service
8039| [46323] Dovecot dovecot.conf information disclosure
8040| [46227] Dovecot message parsing denial of service
8041| [45669] Dovecot ACL mailbox security bypass
8042| [45667] Dovecot ACL plugin rights security bypass
8043| [41085] Dovecot TAB characters authentication bypass
8044| [41009] Dovecot mail_extra_groups option unauthorized access
8045| [39342] Dovecot LDAP auth cache configuration security bypass
8046| [35767] Dovecot ACL plugin security bypass
8047| [34082] Dovecot mbox-storage.c directory traversal
8048| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
8049| [26536] Dovecot IMAP LIST information disclosure
8050| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
8051| [24709] Dovecot APPEND command denial of service
8052| [22629] RHSA-2005:408 updates for cyrus-imapd not installed
8053| [19460] Cyrus IMAP imapd buffer overflow
8054| [19455] Cyrus IMAP imapd extension off-by-one buffer overflow
8055| [18492] Novell NetMail IMAPD 101_mEna buffer overflow
8056| [10803] UW IMAP (wu-imapd) authenticated user buffer overflow
8057| [9238] UW IMAP (wu-imapd) could allow a remote attacker to access arbitrary files
8058| [9055] UW IMAP (wu-imapd) partial mailbox attributes to request buffer overflow
8059| [7345] Slackware Linux imapd and ipop3d core dump
8060| [573] Imapd denial of service
8061|
8062| Exploit-DB - https://www.exploit-db.com:
8063| [30724] Perdition 1.17 IMAPD __STR_VWRITE Remote Format String Vulnerability
8064| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
8065| [22061] Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 Pre-Login Heap Corruption Vulnerability
8066| [21443] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (2)
8067| [21442] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (1)
8068| [19849] UoW imapd 10.234/12.264 COPY Buffer Overflow (meta)
8069| [19848] UoW imapd 10.234/12.264 LSUB Buffer Overflow (meta)
8070| [19847] UoW imapd 10.234/12.264 Buffer Overflow Vulnerabilities
8071| [19377] Ipswitch IMail 5.0 Imapd Buffer Overflow DoS Vulnerability
8072| [19107] Netscape Messaging Server 3.55,University of Washington imapd 10.234 Buffer Overflow Vulnerability
8073| [18354] WorldMail imapd 3.0 SEH overflow (egg hunter)
8074| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
8075| [16485] MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow
8076| [16482] MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
8077| [16480] MailEnable IMAPD W3C Logging Buffer Overflow
8078| [16477] Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow
8079| [16475] MailEnable IMAPD (2.35) Login Request Buffer Overflow
8080| [16474] Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow
8081| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
8082| [4429] Mercury/32 4.52 IMAPD SEARCH command Post-Auth Overflow Exploit
8083| [3627] IPSwitch IMail Server <= 8.20 IMAPD Remote Buffer Overflow Exploit
8084| [3527] Mercur IMAPD 5.00.14 Remote Denial of Service Exploit (win32)
8085| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
8086| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
8087| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
8088| [1380] Eudora Qualcomm WorldMail 3.0 (IMAPd) Remote Overflow Exploit
8089| [1332] MailEnable 1.54 Pro Universal IMAPD W3C Logging BoF Exploit
8090| [1327] FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
8091| [1151] MDaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow Exploit
8092| [1124] IPSwitch IMail Server <= 8.15 IMAPD Remote Root Exploit
8093| [915] MailEnable Enterprise 1.x Imapd Remote Exploit
8094| [903] Cyrus imapd 2.2.4 - 2.2.8 (imapmagicplus) Remote Exploit
8095| [340] Linux imapd Remote Overflow File Retrieve Exploit
8096|
8097| OpenVAS (Nessus) - http://www.openvas.org:
8098| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
8099| [901025] Dovecot Version Detection
8100| [881425] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 x86_64
8101| [881403] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 x86_64
8102| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
8103| [881397] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 x86_64
8104| [881370] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 x86_64
8105| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
8106| [881318] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 x86_64
8107| [881255] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 x86_64
8108| [881050] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 i386
8109| [881049] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 i386
8110| [881007] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 i386
8111| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
8112| [880978] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 i386
8113| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
8114| [880958] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 i386
8115| [880905] CentOS Update for cyrus-imapd CESA-2009:1459 centos4 i386
8116| [880864] CentOS Update for cyrus-imapd CESA-2009:1459 centos5 i386
8117| [880826] CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386
8118| [880536] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 i386
8119| [870607] RedHat Update for dovecot RHSA-2011:0600-01
8120| [870520] RedHat Update for cyrus-imapd RHSA-2011:1508-01
8121| [870489] RedHat Update for cyrus-imapd RHSA-2011:1317-01
8122| [870471] RedHat Update for dovecot RHSA-2011:1187-01
8123| [870443] RedHat Update for cyrus-imapd RHSA-2011:0859-01
8124| [870153] RedHat Update for dovecot RHSA-2008:0297-02
8125| [864075] Fedora Update for cyrus-imapd FEDORA-2011-13832
8126| [863585] Fedora Update for cyrus-imapd FEDORA-2011-13869
8127| [863579] Fedora Update for cyrus-imapd FEDORA-2011-13860
8128| [863281] Fedora Update for cyrus-imapd FEDORA-2011-7193
8129| [863273] Fedora Update for cyrus-imapd FEDORA-2011-7217
8130| [863272] Fedora Update for dovecot FEDORA-2011-7612
8131| [863115] Fedora Update for dovecot FEDORA-2011-7258
8132| [861525] Fedora Update for dovecot FEDORA-2007-664
8133| [861394] Fedora Update for dovecot FEDORA-2007-493
8134| [861333] Fedora Update for dovecot FEDORA-2007-1485
8135| [860845] Fedora Update for dovecot FEDORA-2008-9202
8136| [860663] Fedora Update for dovecot FEDORA-2008-2475
8137| [860169] Fedora Update for dovecot FEDORA-2008-2464
8138| [860089] Fedora Update for dovecot FEDORA-2008-9232
8139| [840950] Ubuntu Update for dovecot USN-1295-1
8140| [840668] Ubuntu Update for dovecot USN-1143-1
8141| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
8142| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
8143| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
8144| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
8145| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
8146| [831590] Mandriva Update for cyrus-imapd MDVSA-2012:037 (cyrus-imapd)
8147| [831468] Mandriva Update for cyrus-imapd MDVSA-2011:149 (cyrus-imapd)
8148| [831410] Mandriva Update for cyrus-imapd MDVSA-2011:100 (cyrus-imapd)
8149| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
8150| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
8151| [831207] Mandriva Update for cyrus-imapd MDVA-2010:208 (cyrus-imapd)
8152| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
8153| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
8154| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
8155| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
8156| [800149] UW-imapd tmail and dmail BOF Vulnerabilities (Linux)
8157| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
8158| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
8159| [70696] Debian Security Advisory DSA 2377-1 (cyrus-imapd-2.2)
8160| [70407] Debian Security Advisory DSA 2318-1 (cyrus-imapd-2.2)
8161| [70259] FreeBSD Ports: dovecot
8162| [69965] Debian Security Advisory DSA 2258-1 (kolab-cyrus-imapd)
8163| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
8164| [69740] Debian Security Advisory DSA 2242-1 (cyrus-imapd-2.2)
8165| [66522] FreeBSD Ports: dovecot
8166| [66416] Mandriva Security Advisory MDVSA-2009:229-1 (cyrus-imapd)
8167| [66233] SLES10: Security update for Cyrus IMAPD
8168| [66226] SLES11: Security update for Cyrus IMAPD
8169| [66222] SLES9: Security update for Cyrus IMAPD
8170| [65938] SLES10: Security update for Cyrus IMAPD
8171| [65723] SLES11: Security update for Cyrus IMAPD
8172| [65523] SLES9: Security update for Cyrus IMAPD
8173| [65479] SLES9: Security update for cyrus-imapd
8174| [65094] SLES9: Security update for cyrus-imapd
8175| [65010] Ubuntu USN-838-1 (dovecot)
8176| [64989] CentOS Security Advisory CESA-2009:1459 (cyrus-imapd)
8177| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
8178| [64977] Debian Security Advisory DSA 1893-1 (cyrus-imapd-2.2 kolab-cyrus-imapd)
8179| [64965] Fedora Core 11 FEDORA-2009-9901 (cyrus-imapd)
8180| [64963] Fedora Core 10 FEDORA-2009-9869 (cyrus-imapd)
8181| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
8182| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
8183| [64898] FreeBSD Ports: cyrus-imapd
8184| [64864] Debian Security Advisory DSA 1881-1 (cyrus-imapd-2.2)
8185| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
8186| [64847] Fedora Core 10 FEDORA-2009-9428 (cyrus-imapd)
8187| [64846] Fedora Core 11 FEDORA-2009-9417 (cyrus-imapd)
8188| [64838] Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd)
8189| [64271] CentOS Security Advisory CESA-2009:1116 (cyrus-imapd)
8190| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
8191| [62854] FreeBSD Ports: dovecot-managesieve
8192| [61916] FreeBSD Ports: dovecot
8193| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
8194| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
8195| [60528] FreeBSD Ports: dovecot
8196| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
8197| [60089] FreeBSD Ports: dovecot
8198| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
8199| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
8200| [55807] Slackware Advisory SSA:2005-310-06 imapd
8201| [54861] Gentoo Security Advisory GLSA 200502-29 (cyrus-imapd)
8202| [54755] Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd)
8203| [53739] Debian Security Advisory DSA 215-1 (cyrus-imapd)
8204| [53288] Debian Security Advisory DSA 597-1 (cyrus-imapd)
8205| [52297] FreeBSD Ports: cyrus-imapd
8206| [52296] FreeBSD Ports: cyrus-imapd
8207| [52295] FreeBSD Ports: cyrus-imapd
8208| [52294] FreeBSD Ports: cyrus-imapd
8209| [52172] FreeBSD Ports: cyrus-imapd
8210|
8211| SecurityTracker - https://www.securitytracker.com:
8212| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
8213| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
8214| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
8215| [1013278] Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
8216|
8217| OSVDB - http://www.osvdb.org:
8218| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
8219| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
8220| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
8221| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
8222| [78304] Eudora WorldMail imapd SEH LIST Command Parsing Remote Overflow
8223| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
8224| [75445] Cyrus IMAP Server imapd index.c index_get_ids Function References Header NULL Dereference Remote DoS
8225| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
8226| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
8227| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
8228| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
8229| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
8230| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
8231| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
8232| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
8233| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
8234| [66113] Dovecot Mail Root Directory Creation Permission Weakness
8235| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
8236| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
8237| [66110] Dovecot Multiple Unspecified Buffer Overflows
8238| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
8239| [64783] Dovecot E-mail Message Header Unspecified DoS
8240| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
8241| [62796] Dovecot mbox Format Email Header Handling DoS
8242| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
8243| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
8244| [57843] Cyrus IMAP Server (cyrus-imapd) SIEVE Script Component (sieve/script.c) Crafted Script Handling Overflow
8245| [57681] UoW imap Server (uw-imapd) Arbitrary Remote File Access
8246| [52906] UW-imapd c-client Initial Request Remote Format String
8247| [52905] UW-imapd c-client Library RFC822BUFFER Routines rfc822_output_char Function Off-by-one
8248| [52456] UW-imapd on Debian Linux LOGIN Command Remote DoS
8249| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
8250| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
8251| [49485] UW-imapd dmail Utility Mailbox Name Handling Overflow
8252| [49484] UW-imapd tmail Utility Mailbox Name Handling Overflow
8253| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
8254| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
8255| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
8256| [43137] Dovecot mail_extra_groups Symlink File Manipulation
8257| [42979] Dovecot passdbs Argument Injection Authentication Bypass
8258| [42004] Perdition Mail Retrieval Proxy IMAPD IMAP Tag Remote Format String Arbitrary Code Execution
8259| [39876] Dovecot LDAP Auth Cache Security Bypass
8260| [39670] Mercury Mail Transport System IMAPD SEARCH Command Remote Overflow
8261| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
8262| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
8263| [31362] Novell NetMail IMAP Daemon (IMAPD) APPEND Command Remote Overflow
8264| [31361] Novell NetMail IMAP Daemon (IMAPD) APPEND Command DoS
8265| [31360] Novell NetMail IMAP Daemon (IMAPD) SUBSCRIBE Command Remote Overflow
8266| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
8267| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
8268| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
8269| [23281] Dovecot imap/pop3-login dovecot-auth DoS
8270| [23280] Dovecot Malformed APPEND Command DoS
8271| [18179] HP Tru64 UNIX imapd NLSPATH Environment Variable Local Overflow
8272| [13242] UW-imapd CRAM-MD5 Authentication Bypass
8273| [12385] Novell NetMail IMAPD 101_mEna Script Remote Overflow
8274| [12042] UoW imapd Multiple Unspecified Overflows
8275| [12037] UoW imapd (UW-IMAP) Multiple Command Remote Overflows
8276| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
8277| [911] UoW imapd AUTHENTICATE Command Remote Overflow
8278| [790] UoW imap Server (uw-imapd) BODY Request Remote Overflow
8279| [519] UoW imapd SIGABRT Signal Forced Crash Information Disclosure
8280|_
8281443/tcp open ssl/http LiteSpeed httpd
8282|_http-server-header: LiteSpeed
8283| vulscan: VulDB - https://vuldb.com:
8284| [127415] LiteSpeed OpenLiteSpeed up to 1.5.0 RC5 Byte Sequence Request privilege escalation
8285| [106897] Open Litespeed up to 1.3.9 Use-After-Free memory corruption
8286| [62114] Litespeedtech LiteSpeed Web Server 4.1.11 cross site scripting
8287| [53729] Litespeedtech LiteSpeed Web Server information disclosure
8288| [39420] Litespeed Technologies LiteSpeed Web Server up to 3.2.2 php%00.txt information disclosure
8289|
8290| MITRE CVE - https://cve.mitre.org:
8291| [CVE-2012-4871] Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.
8292| [CVE-2010-2333] LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
8293| [CVE-2007-5654] LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection."
8294| [CVE-2005-3695] Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter.
8295|
8296| SecurityFocus - https://www.securityfocus.com/bid/:
8297| [82240] PHP LiteSpeed SAPI Out of Bounds Read Memory Corruption Vulnerability
8298| [82027] PHP 'sapi/litespeed/lsapilib.c' Information Disclosure Vulnerability
8299| [74806] OpenLiteSpeed Heap Based Buffer Overflow and Denial of Service Vulnerabilities
8300| [74207] LiteSpeed Web Server 'httpreq.cpp' Use After Free Denial of Service Vulnerability
8301| [63484] LiteSpeed Web Server Local Privilege Escalation Vulnerability
8302| [63481] LiteSpeed Web Server Race Condition Insecure Temporary File Creation Vulnerability
8303| [55946] LiteSpeed Web Server 'gtitle' parameter Cross Site Scripting Vulnerability
8304| [45382] PHP LiteSpeed SAPI Arbitrary Code Execution Vulnerability
8305| [40815] LiteSpeed Web Server Source Code Information Disclosure Vulnerability
8306| [38317] LiteSpeed Web Server Cross Site Scripting and Request Forgery Vulnerabilities
8307| [36268] LiteSpeed Web Server Multiple Unspecified Remote Security Vulnerabilities
8308| [26163] LiteSpeed Web Server Null-Byte Handling Information Disclosure Vulnerability
8309| [15485] LiteSpeed ConfMgr.php Cross-Site Scripting Vulnerability
8310|
8311| IBM X-Force - https://exchange.xforce.ibmcloud.com:
8312| [74144] LiteSpeed graph_html.php cross-site scripting
8313| [63979] LiteSpeed Web Server Null buffer overflow
8314| [59385] LiteSpeed Web Server information disclosure
8315| [56389] LiteSpeed Web Server Admin interface cross-site scripting
8316| [56388] LiteSpeed Web Server confMgr.php cross-site request forgery
8317| [54537] LiteSpeed Web Server post-authentication code execution
8318| [54536] LiteSpeed Web Server Lshttpd denial of service
8319| [37380] LiteSpeed Web Server mime-type information disclosure
8320| [23086] LiteSpeed Web Server /admin/config/confMgr.php cross-site scripting
8321|
8322| Exploit-DB - https://www.exploit-db.com:
8323| [26535] LiteSpeed 2.1.5 ConfMgr.php Cross-Site Scripting Vulnerability
8324| [15723] FreeBSD LiteSpeed Web Server 4.0.17 with PHP - Remote Exploit
8325| [13850] Litespeed Technologies Web Server Remote Poison null byte Exploit
8326| [11503] Litespeed Web Server 4.0.12 - (Add Admin) CSRF and XSS Vulnerabilities
8327| [4556] LiteSpeed Web Server <= 3.2.3 - Remote Source Code Disclosure Vuln
8328|
8329| OpenVAS (Nessus) - http://www.openvas.org:
8330| [100744] LiteSpeed Web Server Source Code Information Disclosure Vulnerability
8331|
8332| SecurityTracker - https://www.securitytracker.com:
8333| [1015234] LiteSpeed Web Server Input Validation Flaw in 'confMgr.php' Permits Cross-Site Scripting Attacks
8334|
8335| OSVDB - http://www.osvdb.org:
8336| [80213] LiteSpeed Web Server Admin Panel service/graph_html.php gtitle Parameter XSS
8337| [69916] LiteSpeed Web Server HTTP Header LSAPI PHP Extension Processing Overflow
8338| [65476] LiteSpeed Web Server Script Source Code Information Disclosure
8339| [62449] LiteSpeed Web Server Admin User Creation CSRF
8340| [57910] LiteSpeed Web Server Unspecified Post-authentication Issue
8341| [57909] LiteSpeed Web Server lshttpd Unspecified Infinite Loop DoS
8342| [41867] LiteSpeed Web Server MIME Type Injection Null Byte Script Source Code Disclosure
8343| [20908] LiteSpeed Web Server WebAdmin confMgr.php m Parameter XSS
8344|_
8345465/tcp open ssl/smtp Exim smtpd 4.92
8346| vulners:
8347| cpe:/a:exim:exim:4.92:
8348| CVE-2019-15846 10.0 https://vulners.com/cve/CVE-2019-15846
8349| CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
8350|_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
8351| vulscan: VulDB - https://vuldb.com:
8352| [141327] Exim up to 4.92.1 Backslash privilege escalation
8353| [138827] Exim up to 4.92 Expansion Code Execution
8354| [135932] Exim up to 4.92 privilege escalation
8355| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
8356|
8357| MITRE CVE - https://cve.mitre.org:
8358| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
8359| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
8360| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
8361| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
8362| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
8363| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
8364| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
8365| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
8366| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
8367| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
8368| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
8369| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
8370| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
8371| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
8372| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
8373| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
8374|
8375| SecurityFocus - https://www.securityfocus.com/bid/:
8376| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
8377| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
8378| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
8379| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
8380| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
8381| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
8382| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
8383| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
8384| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
8385| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
8386| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
8387| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
8388| [45308] Exim Crafted Header Remote Code Execution Vulnerability
8389| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
8390| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
8391| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
8392| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
8393| [17110] sa-exim Unauthorized File Access Vulnerability
8394| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
8395| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
8396| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
8397| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
8398| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
8399| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
8400| [6314] Exim Internet Mailer Format String Vulnerability
8401| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
8402| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
8403| [2828] Exim Format String Vulnerability
8404| [1859] Exim Buffer Overflow Vulnerability
8405|
8406| IBM X-Force - https://exchange.xforce.ibmcloud.com:
8407| [84758] Exim sender_address parameter command execution
8408| [84015] Exim command execution
8409| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
8410| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
8411| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
8412| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
8413| [67455] Exim DKIM processing code execution
8414| [67299] Exim dkim_exim_verify_finish() format string
8415| [65028] Exim open_log privilege escalation
8416| [63967] Exim config file privilege escalation
8417| [63960] Exim header buffer overflow
8418| [59043] Exim mail directory privilege escalation
8419| [59042] Exim MBX symlink
8420| [52922] ikiwiki teximg plugin information disclosure
8421| [34265] Exim spamd buffer overflow
8422| [25286] Sa-exim greylistclean.cron file deletion
8423| [22687] RHSA-2005:025 updates for exim not installed
8424| [18901] Exim dns_build_reverse buffer overflow
8425| [18764] Exim spa_base64_to_bits function buffer overflow
8426| [18763] Exim host_aton buffer overflow
8427| [16079] Exim require_verify buffer overflow
8428| [16077] Exim header_check_syntax buffer overflow
8429| [16075] Exim sender_verify buffer overflow
8430| [13067] Exim HELO or EHLO command heap overflow
8431| [10761] Exim daemon.c format string
8432| [8194] Exim configuration file -c command-line argument buffer overflow
8433| [7738] Exim allows attacker to hide commands in localhost names using pipes
8434| [6671] Exim "
8435| [1893] Exim MTA allows local users to gain root privileges
8436|
8437| Exploit-DB - https://www.exploit-db.com:
8438| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
8439| [15725] Exim 4.63 Remote Root Exploit
8440| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
8441| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
8442| [796] Exim <= 4.42 Local Root Exploit
8443| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
8444|
8445| OpenVAS (Nessus) - http://www.openvas.org:
8446| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
8447|
8448| SecurityTracker - https://www.securitytracker.com:
8449| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
8450| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
8451| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
8452| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
8453| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
8454| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
8455| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
8456| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
8457| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
8458| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
8459| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
8460| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
8461|
8462| OSVDB - http://www.osvdb.org:
8463| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
8464| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
8465| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
8466| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
8467| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
8468| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
8469| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
8470| [70696] Exim log.c open_log() Function Local Privilege Escalation
8471| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
8472| [69685] Exim string_format Function Remote Overflow
8473| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
8474| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
8475| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
8476| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
8477| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
8478| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
8479| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
8480| [12726] Exim -be Command Line Option host_aton Function Local Overflow
8481| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
8482| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
8483| [10032] libXpm CreateXImage Function Integer Overflow
8484| [7160] Exim .forward :include: Option Privilege Escalation
8485| [6479] Vexim COOKIE Authentication Credential Disclosure
8486| [6478] Vexim Multiple Parameter SQL Injection
8487| [5930] Exim Parenthesis File Name Filter Bypass
8488| [5897] Exim header_syntax Function Remote Overflow
8489| [5896] Exim sender_verify Function Remote Overflow
8490| [5530] Exim Localhost Name Arbitrary Command Execution
8491| [5330] Exim Configuration File Variable Overflow
8492| [1855] Exim Batched SMTP Mail Header Format String
8493|_
8494587/tcp open smtp Exim smtpd 4.92
8495| vulners:
8496| cpe:/a:exim:exim:4.92:
8497| CVE-2019-15846 10.0 https://vulners.com/cve/CVE-2019-15846
8498| CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
8499|_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
8500| vulscan: VulDB - https://vuldb.com:
8501| [141327] Exim up to 4.92.1 Backslash privilege escalation
8502| [138827] Exim up to 4.92 Expansion Code Execution
8503| [135932] Exim up to 4.92 privilege escalation
8504| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
8505|
8506| MITRE CVE - https://cve.mitre.org:
8507| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
8508| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
8509| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
8510| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
8511| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
8512| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
8513| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
8514| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
8515| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
8516| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
8517| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
8518| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
8519| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
8520| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
8521| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
8522| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
8523|
8524| SecurityFocus - https://www.securityfocus.com/bid/:
8525| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
8526| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
8527| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
8528| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
8529| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
8530| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
8531| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
8532| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
8533| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
8534| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
8535| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
8536| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
8537| [45308] Exim Crafted Header Remote Code Execution Vulnerability
8538| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
8539| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
8540| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
8541| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
8542| [17110] sa-exim Unauthorized File Access Vulnerability
8543| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
8544| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
8545| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
8546| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
8547| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
8548| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
8549| [6314] Exim Internet Mailer Format String Vulnerability
8550| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
8551| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
8552| [2828] Exim Format String Vulnerability
8553| [1859] Exim Buffer Overflow Vulnerability
8554|
8555| IBM X-Force - https://exchange.xforce.ibmcloud.com:
8556| [84758] Exim sender_address parameter command execution
8557| [84015] Exim command execution
8558| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
8559| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
8560| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
8561| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
8562| [67455] Exim DKIM processing code execution
8563| [67299] Exim dkim_exim_verify_finish() format string
8564| [65028] Exim open_log privilege escalation
8565| [63967] Exim config file privilege escalation
8566| [63960] Exim header buffer overflow
8567| [59043] Exim mail directory privilege escalation
8568| [59042] Exim MBX symlink
8569| [52922] ikiwiki teximg plugin information disclosure
8570| [34265] Exim spamd buffer overflow
8571| [25286] Sa-exim greylistclean.cron file deletion
8572| [22687] RHSA-2005:025 updates for exim not installed
8573| [18901] Exim dns_build_reverse buffer overflow
8574| [18764] Exim spa_base64_to_bits function buffer overflow
8575| [18763] Exim host_aton buffer overflow
8576| [16079] Exim require_verify buffer overflow
8577| [16077] Exim header_check_syntax buffer overflow
8578| [16075] Exim sender_verify buffer overflow
8579| [13067] Exim HELO or EHLO command heap overflow
8580| [10761] Exim daemon.c format string
8581| [8194] Exim configuration file -c command-line argument buffer overflow
8582| [7738] Exim allows attacker to hide commands in localhost names using pipes
8583| [6671] Exim "
8584| [1893] Exim MTA allows local users to gain root privileges
8585|
8586| Exploit-DB - https://www.exploit-db.com:
8587| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
8588| [15725] Exim 4.63 Remote Root Exploit
8589| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
8590| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
8591| [796] Exim <= 4.42 Local Root Exploit
8592| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
8593|
8594| OpenVAS (Nessus) - http://www.openvas.org:
8595| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
8596|
8597| SecurityTracker - https://www.securitytracker.com:
8598| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
8599| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
8600| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
8601| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
8602| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
8603| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
8604| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
8605| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
8606| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
8607| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
8608| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
8609| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
8610|
8611| OSVDB - http://www.osvdb.org:
8612| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
8613| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
8614| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
8615| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
8616| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
8617| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
8618| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
8619| [70696] Exim log.c open_log() Function Local Privilege Escalation
8620| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
8621| [69685] Exim string_format Function Remote Overflow
8622| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
8623| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
8624| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
8625| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
8626| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
8627| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
8628| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
8629| [12726] Exim -be Command Line Option host_aton Function Local Overflow
8630| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
8631| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
8632| [10032] libXpm CreateXImage Function Integer Overflow
8633| [7160] Exim .forward :include: Option Privilege Escalation
8634| [6479] Vexim COOKIE Authentication Credential Disclosure
8635| [6478] Vexim Multiple Parameter SQL Injection
8636| [5930] Exim Parenthesis File Name Filter Bypass
8637| [5897] Exim header_syntax Function Remote Overflow
8638| [5896] Exim sender_verify Function Remote Overflow
8639| [5530] Exim Localhost Name Arbitrary Command Execution
8640| [5330] Exim Configuration File Variable Overflow
8641| [1855] Exim Batched SMTP Mail Header Format String
8642|_
8643993/tcp open imaps?
8644995/tcp open pop3s?
86452077/tcp open tsrmagt?
8646| fingerprint-strings:
8647| SIPOptions:
8648| HTTP/1.1 302 Moved
8649| Date: Mon, 25 Nov 2019 00:44:06 GMT
8650| Server: cPanel
8651| Persistent-Auth: false
8652| Host: server.akinmedya.com.tr:2077
8653| Cache-Control: no-cache, no-store, must-revalidate, private
8654| Connection: close
8655| Location: https://server.akinmedya.com.tr:2078sip:nm
8656| Vary: Accept-Encoding
8657| Expires: Fri, 01 Jan 1990 00:00:00 GMT
8658|_ X-Redirect-Reason: requiressl
86592078/tcp open ssl/http cPanel httpd (unauthorized)
8660|_http-server-header: cPanel
8661| vulscan: VulDB - https://vuldb.com:
8662| [139613] cPanel up to 57.9999.53 TTY enablefileprotect unknown vulnerability
8663| [139612] cPanel up to 57.9999.53 TTY /scripts/unsuspendacct unknown vulnerability
8664| [139611] cPanel up to 57.9999.53 TTY maildir_converter unknown vulnerability
8665| [139610] cPanel up to 57.9999.53 TTY /scripts/checkinfopages unknown vulnerability
8666| [139609] cPanel up to 57.9999.53 TTY /scripts/addpop unknown vulnerability
8667| [139608] cPanel up to 57.9999.53 /scripts/killpvhost denial of service
8668| [139607] cPanel up to 57.9999.53 Paper Lantern Landing Page cross site scripting
8669| [139606] cPanel up to 57.9999.53 ajax_maketext_syntax_util.pl Code Execution
8670| [139605] cPanel up to 57.9999.53 SQLite Journal directory traversal
8671| [139604] cPanel up to 57.9999.104 LOC Record Newline Injection privilege escalation
8672| [139603] cPanel up to 58.0.4 PHP CGI Code Execution
8673| [139602] cPanel up to 58.0.3 Session unknown vulnerability
8674| [139601] cPanel up to 58.0.3 BoxTrapper API API Call privilege escalation
8675| [139599] cPanel before up to 58.0.3 unknown vulnerability
8676| [139551] cPanel up to 58.0.3 Purchase and Install an SSL Certificate Page Domain information disclosure
8677| [139549] cPanel up to 59.9999.144 tail_upcp2.cgi cross site scripting
8678| [139548] cPanel up to 59.9999.144 Multipart Message File privilege escalation
8679| [139547] cPanel up to 59.9999.144 Script Code Execution
8680| [139546] cPanel up to 59.9999.144 Mailman List Archive Code Execution
8681| [139545] cPanel up to 60.0.14 Password Policy denial of service
8682| [139544] cPanel up to 60.0.24 HTTP POST weak encryption
8683| [139543] cPanel up to 60.0.24 Error Response Code Execution
8684| [139542] cPanel up to 60.0.24 Maketext Code Execution
8685| [139541] cPanel up to 60.0.24 Access Control privilege escalation
8686| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
8687| [139539] cPanel up to 60.0.24 File Copy information disclosure
8688| [139538] cPanel up to 60.0.24 Alias Upload Interface cross site scripting
8689| [139537] cPanel up to 60.0.24 SSL_listkeys Stored cross site scripting
8690| [139536] cPanel up to 60.0.24 postgres API1 listdbs Stored cross site scripting
8691| [139535] cPanel up to 60.0.24 UI_confirm API cross site scripting
8692| [139534] cPanel up to 60.0.24 ftp_sessions API Stored cross site scripting
8693| [139533] cPanel up to 60.0.24 api1_listautoresponders Stored cross site scripting
8694| [139532] cPanel up to 60.0.24 listftpstable API Stored cross site scripting
8695| [139531] cPanel up to 60.0.24 WHM Tweak Settings for autodiscover_host cross site scripting
8696| [139530] cPanel up to 60.0.24 WHM Account Termination Stored cross site scripting
8697| [139495] cPanel up to 62.0.3 WHM API privilege escalation
8698| [139494] cPanel up to 62.0.3 Account Suspension Stored cross site scripting
8699| [139493] cPanel up to 62.0.3 WHM API API Call privilege escalation
8700| [139492] cPanel up to 62.0.3 WHM SSL certificate Generation Email privilege escalation
8701| [139491] cPanel up to 62.0.3 XML-API ACL privilege escalation
8702| [139490] cPanel up to 62.0.3 Exim privilege escalation
8703| [139489] cPanel up to 62.0.3 Leech Protect privilege escalation
8704| [139488] cPanel up to 62.0.3 Exim privilege escalation
8705| [139487] cPanel up to 62.0.3 Exim directory traversal
8706| [139486] cPanel up to 62.0.3 WebMail cross site scripting
8707| [139485] cPanel up to 62.0.3 Password Reset Reflected cross site scripting
8708| [139484] cPanel up to 62.0.3 Password Change cross site scripting
8709| [139483] cPanel up to 62.0.3 Test Account Default Credentials weak authentication
8710| [139482] cPanel up to 62.0.16 API API Call Code Execution
8711| [139481] cPanel up to 62.0.16 API setphppreference Code Execution
8712| [139480] cPanel up to 62.0.16 URL Filter privilege escalation
8713| [139479] cPanel up to 62.0.16 Domain privilege escalation
8714| [139477] cPanel up to 62.0.16 WHM Zone Template Editor privilege escalation
8715| [139476] cPanel up to 62.0.16 IP Protection Bypass privilege escalation
8716| [139475] cPanel up to 60.0.24 reassign_post_terminate_cruft privilege escalation
8717| [139474] cPanel up to 60.0.24 tail_ea4_migration.cgi cross site scripting
8718| [139473] cPanel up to 60.0.24 Message Format String
8719| [139471] cPanel up to 60.0.24 ModSecurity Audit Logfile privilege escalation
8720| [139470] cPanel up to 60.0.24 RoundCube Update privilege escalation
8721| [139469] cPanel up to 60.0.24 FormMail-clone.cgi Open Redirect
8722| [139468] cPanel up to 60.0.24 MySQL Upgrade File privilege escalation
8723| [139467] cPanel up to 60.0.24 WHM Repair Mailbox Permissions Interface Stored cross site scripting
8724| [139361] cPanel up to 62.0.16 Security Policy privilege escalation
8725| [139356] cPanel up to 62.0.16 WHM cPAddons showsecurity Interface cross site scripting
8726| [139355] cPanel up to 62.0.16 Addon Domain Conversion privilege escalation
8727| [139354] cPanel up to 62.0.23 WHM cPAddons Install Interface Stored cross site scripting
8728| [139353] cPanel up to 64.0.20 Account Rename privilege escalation
8729| [139351] cPanel up to 64.0.20 crontab Timing information disclosure
8730| [139350] cPanel up to 64.0.20 convert_roundcube_mysql2sqlite privilege escalation
8731| [139349] cPanel up to 64.0.20 convert_roundcube_mysql2sqlite privilege escalation
8732| [139348] cPanel up to 64.0.20 Serverinfo_manpage API API Call directory traversal
8733| [139347] cPanel up to 64.0.20 ClamScanner_getsocket API Code Execution
8734| [139346] cPanel up to 64.0.20 SourceIPCheck API directory traversal
8735| [139345] cPanel up to 64.0.20 SSL API API Call privilege escalation
8736| [139344] cPanel up to 64.0.20 SSH API Command privilege escalation
8737| [139343] cPanel up to 64.0.20 SSH Port Forwarding privilege escalation
8738| [139342] cPanel up to 64.0.20 API Cpanel::SPFUI privilege escalation
8739| [139341] cPanel up to 64.0.20 Demo Account Open Redirect
8740| [139340] cPanel up to 64.0.20 traceroute privilege escalation
8741| [139339] cPanel up to 64.0.20 ImageManager API Call Code Execution
8742| [139338] cPanel up to 64.0.20 Encoding API Call Code Execution
8743| [139336] cPanel up to 64.0.20 API Call Fileman::getfileactions directory traversal
8744| [139335] cPanel up to 64.0.20 BoxTrapper API Code Execution
8745| [139333] cPanel up to 64.0.20 Filter API API Call Code Execution
8746| [139331] cPanel up to 66.0.0 Suspend privilege escalation
8747| [139326] cPanel up to 66.0.1 Log File information disclosure
8748| [139320] cPanel up to 66.0.1 WHM cPAddons Processing Stored cross site scripting
8749| [139319] cPanel up to 66.0.1 WHM cPAddons Uninstallation Stored cross site scripting
8750| [139318] cPanel up to 66.0.1 WHM cPAddons file Operation Stored cross site scripting
8751| [139317] cPanel up to 66.0.1 WHM cPAddons Installation Stored cross site scripting
8752| [139316] cPanel up to 67.9999.102 Roundcube SQLite Schema Update directory traversal
8753| [139314] cPanel up to 67.9999.102 redirect.html Open Redirect
8754| [139311] cPanel up to 67.9999.102 Addon Domain Conversion privilege escalation
8755| [139310] cPanel up to 67.9999.102 Backup Archive information disclosure
8756| [139309] cPanel up to 67.9999.102 Backup Interface Archive information disclosure
8757| [139308] cPanel up to 67.9999.102 WHM MySQL Password Change Interfaces Stored cross site scripting
8758| [139307] cPanel up to 67.9999.102 Support-Agreement Download weak authentication
8759| [139306] cPanel up to 67.9999.102 eximstats sql injection
8760| [139304] cPanel up to 68.0.14 Domain denial of service
8761| [139303] cPanel up to 68.0.14 Mailman Archive Code Execution
8762| [139302] cPanel up to 68.0.14 cpaddons Stored cross site scripting
8763| [139301] cPanel up to 68.0.14 Username unknown vulnerability
8764| [139299] cPanel up to 68.0.14 sqloptimizer information disclosure
8765| [139298] cPanel up to 68.0.14 Hostname privilege escalation
8766| [139295] cPanel up to 68.0.14 SSL Username privilege escalation
8767| [139294] cPanel up to 68.0.14 Username privilege escalation
8768| [139293] cPanel up to 68.0.14 Email Username privilege escalation
8769| [139292] cPanel up to 68.0.14 PostgreSQL Database Collision privilege escalation
8770| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
8771| [139287] cPanel up to 68.0.14 Reseller Style Upload Code Execution
8772| [139286] cPanel up to 68.0.14 PostgresAdmin Code Execution
8773| [139282] cPanel up to 68.0.14 DNS Zone SOA Record privilege escalation
8774| [139260] cPanel up to 68.0.26 WHM listips Interface cross site scripting
8775| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
8776| [139258] cPanel up to 68.0.26 WHM Spamd Startup Config cross site scripting
8777| [139257] cPanel up to 68.0.26 WHM Account Transfer Stored cross site scripting
8778| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
8779| [139255] cPanel up to 68.0.26 Backup cross site scripting
8780| [139252] cPanel up to 68.0.26 bin/csvprocess privilege escalation
8781| [139245] cPanel up to 68.0.26 WHM API API Call privilege escalation
8782| [139244] cPanel up to 68.0.26 Rename User Name information disclosure
8783| [139242] cPanel up to 70.0.22 WHM Reset a DNS Zone Stored cross site scripting
8784| [139241] cPanel up to 70.0.22 Account Suspension privilege escalation
8785| [139240] cPanel up to 70.0.22 WHM Edit DNS Zone Stored cross site scripting
8786| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
8787| [139238] cPanel up to 70.0.22 Landing Page Code Execution
8788| [139237] cPanel up to 70.0.22 Htaccess Optimization Bypass privilege escalation
8789| [139236] cPanel up to 70.0.22 redirect.html Open Redirect
8790| [139235] cPanel up to 70.0.22 cpaddons Vendor Interface Stored cross site scripting
8791| [139231] cPanel up to 70.0.22 WHM Style Upload privilege escalation
8792| [139230] cPanel up to 70.0.22 WHM Synchronize DNS Record Stored cross site scripting
8793| [139229] cPanel up to 70.0.22 WHM DNS Cleanup Stored cross site scripting
8794| [139228] cPanel up to 70.0.22 WHM Delete a DNS Zone Stored cross site scripting
8795| [139227] cPanel up to 70.0.22 HM Edit DNS Zone Stored cross site scripting
8796| [139226] cPanel up to 70.0.22 WHM Create Account Stored cross site scripting
8797| [139225] cPanel up to 70.0.22 WHM DNS Cluster Stored cross site scripting
8798| [139223] cPanel up to 70.0.22 WHM Edit MX Entry Stored cross site scripting
8799| [139222] cPanel up to 70.0.22 WHM Edit DNS Zone Stored cross site scripting
8800| [139221] cPanel up to 70.0.22 OpenID Injection privilege escalation
8801| [139220] cPanel up to 70.0.22 trustclustermaster.cgi information disclosure
8802| [139219] cPanel up to 70.0.22 awstats Code Execution
8803| [139218] cPanel up to 70.0.22 cpaddonsup Code Execution
8804| [139217] cPanel up to 70.0.22 WHM cPAddons showsecurity Interface cross site scripting
8805| [139214] cPanel up to 71.9980.36 API Mime::list_hotlinks privilege escalation
8806| [139213] cPanel up to 71.9980.36 Image Feature API Call privilege escalation
8807| [139212] cPanel up to 71.9980.36 Backup API Call privilege escalation
8808| [139211] cPanel up to 71.9980.36 cron API Call privilege escalation
8809| [139210] cPanel up to 71.9980.36 WHM Backup Configuration Interface cross site scripting
8810| [139208] cPanel up to 71.9980.36 WHM Save Theme Interface Stored cross site scripting
8811| [139207] cPanel up to 71.9980.36 YUM Autorepair Stored cross site scripting
8812| [139206] cPanel up to 71.9980.36 WHM cPAddons Installation Interface Stored cross site scripting
8813| [139205] cPanel up to 71.9980.36 cPAddons Moderation Injection privilege escalation
8814| [139202] cPanel up to 71.9980.36 API Token ACL unknown vulnerability
8815| [139199] cPanel up to 73.x CAA Record privilege escalation
8816| [139197] cPanel up to 73.x Record privilege escalation
8817| [139194] cPanel up to 73.x Database Backup sql injection
8818| [139190] cPanel up to 11.53.x WHM API Zone privilege escalation
8819| [139189] cPanel up to 11.53.x Webmail API Password Reset privilege escalation
8820| [139188] cPanel up to 11.53.x DNS NS Entry Code Execution
8821| [139187] cPanel up to 11.53.x Email Sending privilege escalation
8822| [139186] cPanel up to 11.53.x Comet Feed information disclosure
8823| [139185] cPanel up to 11.54.0.3 cpsrvd Code Execution
8824| [139184] cPanel up to 11.54.0.3 X3 Entropy Banner Interface cross site scripting
8825| [139183] cPanel up to 11.54.0.3 WHM Feature Manager interface Stored cross site scripting
8826| [139182] cPanel up to 11.54.0.3 AppConfig Subsystem ACL privilege escalation
8827| [139181] cPanel up to 11.54.0.3 WHM PHP Configuration Editor Interface cross site scripting
8828| [139180] cPanel up to 11.54.0.3 synccpaddonswithsqlhost Code Execution
8829| [139179] cPanel up to 11.54.0.3 scripts/secureit privilege escalation
8830| [139178] cPanel up to 11.54.0.3 scripts/quotacheck directory traversal
8831| [139177] cPanel up to 11.54.0.3 scripts/fixmailboxpath directory traversal
8832| [139176] cPanel up to 11.54.0.3 Roundcube Database Conversion privilege escalation
8833| [139175] cPanel up to 11.54.0.3 check_system_storable directory traversal
8834| [139174] cPanel up to 11.54.0.3 chcpass Password information disclosure
8835| [139173] cPanel up to 11.54.0.3 JSON-API Code Execution
8836| [139172] cPanel up to 11.54.0.3 setup_global_spam_filter.pl directory traversal
8837| [139171] cPanel up to 11.54.0.3 bin/mkvhostspasswd information disclosure
8838| [139170] cPanel up to 11.54.0.3 Duplication Code Execution
8839| [139169] cPanel up to 11.54.0.3 horde_update_usernames sql injection
8840| [139168] cPanel up to 11.54.0.3 bin/fmq directory traversal
8841| [139167] cPanel up to 11.54.0.3 @INC Path Code Execution
8842| [139166] cPanel up to 55.9999.140 Authentication directory traversal
8843| [139165] cPanel up to 55.9999.140 cPHulkd privilege escalation
8844| [139164] cPanel up to 55.9999.140 FTP Lockout privilege escalation
8845| [139163] cPanel up to 55.9999.140 cPHulkd privilege escalation
8846| [139162] cPanel up to 55.9999.140 FTP cPHulk privilege escalation
8847| [139161] cPanel up to 55.9999.140 Two-factor Authentication weak authentication
8848| [139160] cPanel up to 55.9999.140 ACL Bypass privilege escalation
8849| [139158] cPanel up to 55.9999.140 @INC Path Code Execution
8850| [139157] cPanel up to 55.9999.140 WHM Edit System Mail Preferences Stored cross site scripting
8851| [139156] cPanel up to 55.9999.140 Two Factor Authentication DNS Clustering Request Bypass weak authentication
8852| [139155] cPanel up to 55.9999.140 Security Policy Bypass privilege escalation
8853| [139154] cPanel up to 55.9999.140 DNS NS Entry Code Execution
8854| [139153] cPanel up to 55.9999.140 Maketext Code Execution
8855| [139152] cPanel up to 55.9999.140 X3 Reseller Branding Image cross site scripting
8856| [139151] cPanel up to 55.9999.140 Scripts/addpop information disclosure
8857| [139150] cPanel up to 55.9999.140 Daemons privilege escalation
8858| [139149] cPanel up to 57.9999.53 cpanellogd information disclosure
8859| [139148] cPanel up to 57.9999.53 File Permission Log privilege escalation
8860| [139147] cPanel up to 57.9999.53 ModSecurity TailWatch Log File sql injection
8861| [139146] cPanel up to 57.9999.53 WebMail Code Execution
8862| [139145] cPanel up to 57.9999.53 WebMail directory traversal
8863| [139144] cPanel up to 57.9999.53 Demo Mode show_template.stor privilege escalation
8864| [139143] cPanel up to 57.9999.53 FTP Account cross site scripting
8865| [139142] cPanel up to 11.52.0.12 get_information_for_applications directory traversal
8866| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
8867| [139129] cPanel up to 73.x WHM File Restoration Interface Stored cross site scripting
8868| [139128] cPanel up to 74.0.7 Account Suspension privilege escalation
8869| [139126] cPanel up to 74.0.7 Security Questions Login Page Stored cross site scripting
8870| [139124] cPanel up to 74.0.7 Demo Account Fileman::viewfile Code Execution
8871| [139123] cPanel up to 74.0.7 File and Directory Restoration Stored cross site scripting
8872| [139122] cPanel up to 74.0.7 WHM Style Upload Interface cross site scripting
8873| [139121] cPanel up to 74.0.7 Site Software Moderation Interface cross site scripting
8874| [139120] cPanel up to 74.0.7 WHM Security Questions Interface cross site scripting
8875| [139119] cPanel up to 74.0.7 Create a New Account cross site scripting
8876| [139021] cPanel up to 78.0.1 Connection Reset File privilege escalation
8877| [139019] cPanel up to 78.0.1 DCV API privilege escalation
8878| [139016] cPanel up to 78.0.1 Demo Account privilege escalation
8879| [139015] cPanel up to 78.0.1 OpenID information disclosure
8880| [139014] cPanel up to 78.0.17 BoxTrapper Queue Listing Stored cross site scripting
8881| [139013] cPanel up to 78.0.17 securitypolicy.cg Code Execution
8882| [139011] cPanel up to 78.0.17 Mail Relay Spam privilege escalation
8883| [139009] cPanel up to 78.0.17 API Code Execution
8884| [139006] cPanel up to 80.0.4 ajax_maketext_syntax_util.pl Code Execution
8885| [139005] cPanel up to 80.0.4 API privilege escalation
8886| [139000] cPanel up to 80.0.21 Demo Account Code Execution
8887| [138998] cPanel up to 82.0.1 Modify Account Interface Stored cross site scripting
8888| [138996] cPanel up to 82.0.1 Exim Log Parser privilege escalation
8889| [138995] cPanel up to 82.0.1 Webmail Master Template cross site scripting
8890| [138994] cPanel up to 82.0.1 WHM Tomcat Manager Interface Stored cross site scripting
8891| [138974] cPanel up to 76.0.7 MultiPHP Manager Interface Stored cross site scripting
8892| [138973] cPanel up to 76.0.7 Connection Open Redirect
8893| [138972] cPanel up to 76.0.7 DNS Zone Stored cross site scripting
8894| [138971] cPanel up to 76.0.7 Backup cross site scripting
8895| [138970] cPanel up to 76.0.7 Virtual FTP Server privilege escalation
8896| [138969] cPanel up to 76.0.7 Attachment Code Execution
8897| [123444] cPanel up to 74 HTML Rendering index.html cross site scripting
8898| [114155] Afian FileRun ?module=users§ion=cpanel&page=list Parameter sql injection
8899| [103771] cPanel up to 66.0.1 WHM Upload Locale Interface Filename cross site scripting
8900| [95199] cPanel entropysearch.cgi information disclosure
8901| [95198] cPanel entropysearch.cgi information disclosure
8902| [75240] GoAutoDial GoAdmin CE up to 3.3 cPanel go_site.php privilege escalation
8903| [75239] GoAutoDial GoAdmin CE up to 3.3 cPanel go_site.php privilege escalation
8904| [13380] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Interfaces cross site scripting
8905| [13379] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Locales ACL privilege escalation
8906| [13378] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Mailman List Password change_pw weak encryption
8907| [13377] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Configure Customer Contact privilege escalation
8908| [13376] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 DNS Clustering ACL privilege escalation
8909| [13375] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 DNS Clustering Commands privilege escalation
8910| [13370] cPanel 11.40.1.13/11.42.1.15 Database ADDDBPRIVS Command privilege escalation
8911| [13369] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Boxtrapper cgi-sys Script bxd.cgi denial of service
8912| [13368] cPanel 11.40.1.13/11.42.1.15 Transfer CGI Scripts privilege escalation
8913| [13367] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Thirdparty Service Call serviceinfo privilege escalation
8914| [13366] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Thirdparty Service Call /scripts2/showservice privilege escalation
8915| [13365] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 SSH Key Password privilege escalation
8916| [13363] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 cgiemail 1.6 privilege escalation
8917| [13361] cPanel up to 11.43.0.11/11.42.1.15/11.40.1.13 unknown vulnerability
8918| [12816] cPanel 11.38.2/11.40.1/11.42.0 Modify Account Interface privilege escalation
8919| [12814] cPanel 11.38.2/11.40.1/11.42.0 URL cross site scripting
8920| [12813] cPanel 11.38.2/11.40.1/11.42.0 Password Reset privilege escalation
8921| [12809] cPanel 11.38.2/11.40.1/11.42.0 Form Mailer Header FormMail.pl privilege escalation
8922| [12808] cPanel 11.38.2/11.40.1/11.42.0 XML-API batch memory corruption
8923| [12807] cPanel 11.38.2/11.40.1/11.42.0 wwwacct Interface /scripts5/wwwacct privilege escalation
8924| [12806] cPanel 11.38.2/11.40.1/11.42.0 objcache Storage System Template Toolkit memory corruption
8925| [12805] cPanel 11.38.2/11.40.1/11.42.0 XML information disclosure
8926| [12798] cPanel 11.38.2/11.40.1/11.42.0 /cgi/cpaddons_report.pl cross site scripting
8927| [12797] cPanel 11.38.2/11.40.1/11.42.0 DNS Zone Editor information disclosure
8928| [12796] cPanel WHM 11.38.2/11.40.1/11.42.0 /cgi/sshcheck.cgi cross site scripting
8929| [12795] cPanel WHM 11.38.2/11.40.1/11.42.0 /scripts/installfp cross site scripting
8930| [12794] cPanel WHM 11.38.2/11.40.1/11.42.0 /scripts/uninstallfp cross site scripting
8931| [12793] cPanel 11.38.2/11.40.1/11.42.0 entropysearch.cgi cross site scripting
8932| [12792] cPanel 11.38.2/11.40.1/11.42.0 activate_remote_nameservers.cgi maketext privilege escalation
8933| [12285] cPanel 11.38.2/11.40.1/11.42.0 filelist-thumbs.html cross site scripting
8934| [12284] cPanel 11.38.2/11.40.1/11.42.0 editit.html cross site scripting
8935| [12283] cPanel 11.38.2/11.40.1/11.42.0 def.html cross site scripting
8936| [12282] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 DNS Cluster privilege escalation
8937| [12281] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 New Account wwwacctform locale/cpmod Parameter privilege escalation
8938| [12280] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 /cgi/cpaddons_feature.pl cross site scripting
8939| [12279] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Account Creation Ruby Code privilege escalation
8940| [12278] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 XML API Backup Restore privilege escalation
8941| [12277] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 XML API Bypass privilege escalation
8942| [12276] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 /cgi/zoneeditor.cgi Newline privilege escalation
8943| [12275] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 WHM Interface /scripts/park directory traversal
8944| [12274] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 XML API get_remote_access_hash information disclosure
8945| [12273] cPanel 11.36.2.9/11.38.2.12 Account Creation directory traversal
8946| [12220] cPanel 11.36.2.10/11.38.2.13/11.40.0.29/11.40.1.3 WHM XML/JSON API getpkginfo information disclosure
8947| [11601] cPanel WHM 11.36.2.11/11.38.2.14/11.40.0.30/11.40.1.6 XML/JSON getpkginfo information disclosure
8948| [11625] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Login Security Token information disclosure
8949| [11624] cPanel WHM 11.38.2.12 Branding Subsystem privilege escalation
8950| [11621] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 cPAddons Upgrade Password information disclosure
8951| [11620] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Edit DNS Zone Interface Entry information disclosure
8952| [11619] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 SSH Authentication User Name privilege escalation
8953| [11618] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 X3 Theme countedit.cgi directory traversal
8954| [11616] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 cpsrvd HTTP Request Bypass privilege escalation
8955| [11613] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Bandmin Reflected cross site scripting
8956| [11612] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 API Call UI::dynamicincludelist directory traversal
8957| [11609] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Config cross site request forgery
8958| [11608] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Translatable Phrase Locale::Maketext privilege escalation
8959| [11607] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 CSRF Protection Token Bypass cross site request forgery
8960| [11606] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 cross site scripting
8961| [11604] cPanel WHM 11.36.2.9 Virtualhost Installation privilege escalation
8962| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
8963| [11017] cPanel WHM up to 11.40.0.11 SSL Certificate denial of service
8964| [11016] cPanel WHM up to 11.40.0.11 Configure Customer Contact Interface Bypass privilege escalation
8965| [11015] cPanel WHM up to 11.40.0.11 Bypass cross site scripting
8966| [11014] cPanel WHM up to 11.40.0.11 File Upload Bypass privilege escalation
8967| [11013] cPanel WHM up to 11.40.0.11 POST Request privilege escalation
8968| [11011] cPanel WHM up to 11.40.0.11 Cpanel::LogMeIn weak authentication
8969| [11010] cPanel WHM up to 11.40.0.11 logaholic_lang Cookie privilege escalation
8970| [11007] cPanel WHM up to 11.40.0.11 Manage SSL Hosts Interface cross site request forgery
8971| [9921] cPanel WHM 11.34.1.24/11.36.1.14/11.38.1.12/11.39.0.4 SSL Certificate privilege escalation
8972| [9920] cPanel WHM 11.34.1.24/11.36.1.14/11.38.1.12/11.39.0.4 Web Host Manager WHM privilege escalation
8973| [9919] cPanel WHM 11.34.1.24/11.36.1.14/11.38.1.12/11.39.0.4 Web Host Manager WHM privilege escalation
8974| [10129] cPanel WHM up to 11.38.0.14 cross site scripting
8975| [10126] cPanel WHM up to 11.38.0.14 weak authentication
8976| [9361] cPanel WHM up to 11.38.0.14 Web Host Manager privilege escalation
8977| [9352] cPanel WHM up to 11.38.0.8 Restore Full Backup Symlink unknown vulnerability
8978| [9348] cPanel WHM up to 11.36.1.5 scripts2/ssh_doaddkey unknown vulnerability
8979| [10123] cPanel WHM up to 11.36.0.9 Access Control privilege escalation
8980| [10122] cPanel WHM up to 11.36.0.9 countedit.cgi cross site scripting
8981| [91109] cPanel WHM v11.24.7.x cross site scripting
8982| [52940] cPanel up to 11.24.7 cross site scripting
8983| [86883] cPanel fileop.html cross site scripting
8984| [48827] cPanel up to 11.23.1 Current index.php directory traversal
8985| [48812] cPanel directory traversal
8986| [49331] cPanel autoinstall4imagesgalleryupgrade.php cross site scripting
8987| [42542] cPanel 11.8.6/11.23.1 memory corruption
8988| [42303] cPanel up to 11.22.2 WHM Interface cross site request forgery
8989| [42302] cPanel up to 11.22.2 WHM Interface cross site scripting
8990| [42219] cPanel 11.18.3/11.19.3 cross site request forgery
8991| [41689] cPanel 11.18.3/11.21 cross site scripting
8992| [49762] cPanel 11.18.3 index.html directory traversal
8993| [40642] cPanel 11.16 dohtaccess.html cross site scripting
8994| [38023] cPanel 10.9.1 changepro.html cross site scripting
8995| [37433] cPanel 10.9.0 Build 10300/11.4.19 Error Message information disclosure
8996| [37432] cPanel 10.9.0 Build 10300/11.4.19 CGI Wrapper cross site scripting
8997| [35618] cPanel 10.x directory traversal
8998| [34925] cPanel WebHost Manager memory corruption
8999| [34986] cPanel WebHost Manager up to 11.0.0 cross site scripting
9000| [85585] cPanel scripts2/objcache memory corruption
9001| [85156] cPanel WebHost Manager scripts2/objcache privilege escalation
9002| [30642] cPanel privilege escalation
9003| [33838] cPanel WebHost Manager 3.1.0 cross site scripting
9004| [33814] cPanel 11 cross site scripting
9005| [33536] cPanel WebHost Manager 3.1.0 cross site scripting
9006| [84843] cPanel newuser.html cross site scripting
9007| [33243] cPanel 10 seldir.html cross site scripting
9008| [32973] cPanel 10.9.0 R50 cross site scripting
9009|
9010| MITRE CVE - https://cve.mitre.org:
9011| [CVE-2009-4823] Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter.
9012| [CVE-2009-3316] SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php.
9013| [CVE-2009-2275] Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter.
9014| [CVE-2009-2168] cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters.
9015| [CVE-2009-2167] Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
9016| [CVE-2008-7142] Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter.
9017| [CVE-2008-6927] Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action.
9018| [CVE-2008-6926] Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.
9019| [CVE-2008-6843] Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter.
9020| [CVE-2008-4181] Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
9021| [CVE-2008-2478] ** DISPUTED ** scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel."
9022| [CVE-2008-2071] Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors.
9023| [CVE-2008-2070] The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors.
9024| [CVE-2008-2043] Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html.
9025| [CVE-2008-1499] Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string.
9026| [CVE-2008-0370] Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information.
9027| [CVE-2007-4022] Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter.
9028| [CVE-2007-3367] Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown
9029| [CVE-2007-3366] Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown
9030| [CVE-2007-1455] Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.
9031| [CVE-2007-0890] Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter.
9032| [CVE-2007-0854] Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used to overwrite files in /var/cpanel/objcache or provide unexpected web page contents.
9033| [CVE-2006-6566] PHP remote file inclusion vulnerability in includes/profilcp_constants.php in the Profile Control Panel (CPanel) module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
9034| [CVE-2006-6548] Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct. NOTE: the feature parameter to scripts2/dofeaturemanager is already covered by CVE-2006-6198.
9035| [CVE-2006-6523] Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter.
9036| [CVE-2006-6198] Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park.
9037| [CVE-2006-5883] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html.
9038| [CVE-2006-5535] Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate.
9039| [CVE-2006-5014] Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.
9040| [CVE-2006-4293] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html.
9041| [CVE-2006-3337] Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
9042| [CVE-2006-2825] cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive.
9043| [CVE-2006-1119] fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message.
9044| [CVE-2006-0763] Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter.
9045| [CVE-2006-0574] Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type.
9046| [CVE-2006-0573] Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to (a) editquota.html or (b) dodelpop.html
9047| [CVE-2006-0533] Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter.
9048| [CVE-2005-3505] Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as <b>, which are processed by Internet Explorer.
9049| [CVE-2005-2021] Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page.
9050| [CVE-2004-2398] Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.
9051| [CVE-2004-2308] Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html.
9052| [CVE-2004-1875] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10.
9053| [CVE-2004-1849] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to dodelautores.html or (2) handle parameter to addhandle.html.
9054| [CVE-2004-1770] The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter.
9055| [CVE-2004-1769] The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.
9056| [CVE-2004-1604] cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled.
9057| [CVE-2004-1603] cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.
9058| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
9059| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
9060| [CVE-2003-1426] Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.
9061| [CVE-2003-1425] guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
9062| [CVE-2003-0521] Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens.
9063|
9064| SecurityFocus - https://www.securityfocus.com/bid/:
9065| [95395] cPanel Multiple Security Vulnerabilities
9066| [90463] cPanel CVE-2004-1604 Remote Security Vulnerability
9067| [85002] cPanel CVE-2008-2043 Cross-Site Request Forgery Vulnerability
9068| [84099] cPanel CVE-2006-0573 Cross-Site Scripting Vulnerability
9069| [84076] cPanel CVE-2006-0533 Cross-Site Scripting Vulnerability
9070| [84074] cPanel CVE-2006-0574 Cross-Site Scripting Vulnerability
9071| [84064] cPanel CVE-2006-0763 Cross-Site Scripting Vulnerability
9072| [82752] cPanel CVE-2003-0521 Cross-Site Scripting Vulnerability
9073| [80161] cPanel CVE-2006-2825 Remote Security Vulnerability
9074| [67611] cPanel Multiple Unspecified Security Vulnerabilities
9075| [66561] cPanel Multiple Security Vulnerabilities
9076| [65618] cPanel Horde Backup Archive Insecure File Permissions Vulnerability
9077| [65464] cPanel Multiple Security Vulnerabilities
9078| [65159] Cpanel CloudFlare Plugin Local Security Bypass Vulnerability
9079| [64511] cPanel WHM XML and JSON APIs Multiple Arbitrary File Disclosure Vulnerabilities
9080| [64472] cPanel Multiple Security Vulnerabilities
9081| [64016] cPanel Varnish Plugin Multiple Security Vulnerabilities
9082| [63831] Add-On Domain to Main Account Convertor cPanel WHM Plugin Arbitrary Command Execution Vulnerability
9083| [63829] Add-On Domain to Main Account Convertor cPanel WHM Plugin Local Privilege Escalation Vulnerability
9084| [63371] cPanel Multiple Security Vulnerabilities
9085| [63220] CloudFlare Plugin For cPanel Arbitrary File Write Local Privilege Escalation Vulnerability
9086| [62140] cPanel Multiple Security Vulnerabilities
9087| [61812] cPanel Multiple Remote Security Vulnerabilities
9088| [61018] cPanel 'cpanellogd' Multiple Remote Privilege Escalation Vulnerabilities
9089| [60672] WHMXtra Cpanel Xtra Plugin Unspecified Local Security Bypass Vulnerability
9090| [60663] cPanel Varnish Plugin Remote Privilege Escalation Vulnerability
9091| [57064] cPanel 'dir' Parameter Cross Site Scripting Vulnerability
9092| [57060] cPanel and WHM Multiple Cross Site Scripting Vulnerabilities
9093| [57045] cPanel 'account' Parameter Cross Site Scripting Vulnerability
9094| [56818] cPanel Multiple Unspecified Vulnerabilities
9095| [53757] cPanel Multiple Unspecified Vulnerabilities
9096| [47621] cPanel X3 File Manager Module Cross-Site Scripting Vulnerability
9097| [41723] cPanel Unspecified Cross Site Scripting Vulnerability
9098| [41391] cPanel Cross-Site Request Forgery Vulnerability
9099| [40622] cPanel Image Manager 'target' Parameter Local File Include Vulnerability
9100| [37902] cPanel and WHM 'failurl' Parameter HTTP Response Splitting Vulnerability
9101| [37394] cPanel 'fileop' Parameter Multiple Cross Site Scripting Vulnerabilities
9102| [35518] cPanel 'lastvisit.html' Arbitrary File Disclosure Vulnerability
9103| [34142] cPanel Legacy File Manager File Name HTML Injection Vulnerability
9104| [33840] cPanel HTML Injection and Cross-Site Scripting Vulnerabilities
9105| [29277] cPanel 'wwwact' Remote Privilege Escalation Vulnerability
9106| [29125] cPanel Multiple Cross-Site Scripting Vulnerabilities
9107| [28403] cPanel 'manpage.html' Cross-Site Scripting Vulnerability
9108| [28300] cPanel List Directories and Folders Information Disclosure Vulnerability
9109| [27308] cPanel 'dohtaccess.html' Cross-Site Scripting Vulnerability
9110| [25047] CPanel Resname Parameter Cross-Site Scripting Vulnerability
9111| [24586] CPanel SCGIwrap Path Disclosure And Cross-Site Scripting Vulnerabilities
9112| [22915] cPanel Multiple Local File Include Vulnerabilities
9113| [22474] CPanel PassWDMySQL Cross-Site Scripting Vulnerability
9114| [22455] Cpanel Web Hosting Manager OBJCache.PHP Remote File Include Vulnerability
9115| [21497] CPanel BoxTrapper Manage.HTML Cross-Site Scripting Vulnerability
9116| [21387] CPanel Multiple HTML Injection Vulnerabilities
9117| [21287] CPanel 11 Beta Multiple Cross-Site Scripting Vulnerabilities
9118| [21142] CPanel DNSlook.HTML Cross-Site Scripting Vulnerability
9119| [21027] CPanel User and Dir Parameters Multiple Cross-Site Scripting Vulnerabilities
9120| [20683] CPanel Multiple Cross-Site Scripting Vulnerabilities
9121| [20163] CPanel SUID Wrapper Remote Privilege Escalation Vulnerability
9122| [19624] CPanel Multiple Cross-Site Scripting Vulnerabilities
9123| [18671] cPanel OnMouseover Cross-Site Scripting Vulnerability
9124| [18655] Cpanel Select.HTML Cross-Site Scripting Vulnerability
9125| [16482] cPanel Multiple Cross-Site Scripting Vulnerabilities
9126| [15327] cPanel Chat Message Field HTML Injection Vulnerability
9127| [13996] cPanel User Parameter Cross-Site Scripting Vulnerability
9128| [11456] cPanel Front Page Extension Installation Information Disclosure Vulnerability
9129| [11455] cPanel Front Page Extension Installation File Ownership Vulnerability
9130| [11449] cPanel Remote Backup Information Disclosure Vulnerability
9131| [10505] cPanel Passwd Remote SQL Injection Vulnerability
9132| [10479] Multiple CPanel Perl Script Failure To Implement Taint Mode Weakness
9133| [10468] cPanel Killacct Script Customer Account DNS Information Deletion Vulnerability
9134| [10407] cPanel Local Privilege Escalation Vulnerability
9135| [10002] cPanel Multiple Module Cross-Site Scripting Vulnerabilities
9136| [9965] CPanel Multiple Cross-Site Scripting Vulnerabilities
9137| [9855] cPanel Login Script Remote Command Execution Vulnerability
9138| [9853] cPanel dir Parameter Cross-Site Scripting Vulnerability
9139| [9848] cPanel Resetpass Remote Command Execution Vulnerability
9140| [8119] CPanel Admin Interface HTML Injection Vulnerability
9141| [7758] cPanel/Formail-Clone E-Mail Restriction Bypass Vulnerability
9142| [6885] cPanel Openwebmail Local Privileges Escalation Vulnerability
9143| [6882] cPanel Guestbook.cgi Remote Command Execution Vulnerability
9144|
9145| IBM X-Force - https://exchange.xforce.ibmcloud.com:
9146| [85491] cPanel cpanellogd multiple privilege escalation
9147| [85114] Cpanel Xtra plugin for WHMXtra unspecified security bypass
9148| [80880] cPanel dir.html dir parameter cross-site scripting
9149| [80854] cPanel and WHM clientconf.html and detailbw.html cross-site scripting
9150| [80822] cPanel manage.html cross-site scripting
9151| [80514] cPanel multiple unspecified vulns
9152| [79604] cPanel Pro multiple cross-site request forgery
9153| [76017] cPanel multiple unspecified
9154| [71957] Whois.Cart Billing cpanel_2_log.htm information disclosure
9155| [67678] cPanel savefile.html cross-site request forgery
9156| [67175] cPanel X3 File Manager index.html cross-site scripting
9157| [63399] cPanel saveemail.html cross-site request forgery
9158| [61515] cPanel autoinstallhome.php security bypass
9159| [60429] cPanel unspecified cross-site scripting
9160| [60035] cPanel doaddftp.html cross-site request forgery
9161| [59275] Jreservation Component for Joomla! Property-Cpanel.html cross-site scripting
9162| [59274] Jreservation Component for Joomla! Property-Cpanel.html SQL Injection
9163| [59216] cPanel Image Manager target parameter file include
9164| [56437] cPanel addb.html cross-site request forgery
9165| [55814] cPanel failurl HTTP response splitting
9166| [55211] Whois.Cart cpanel_1_log.htm infomation disclosure
9167| [51426] cPanel lastvisit.html directory traversal
9168| [51412] Whois.Cart cpanel_1_log.htm information disclosure
9169| [51366] EgyPlus 7ml cpanel/login.php authentication bypass
9170| [49293] cPanel file manager cross-site scripting
9171| [48832] cPanel WHM interface cross-site request forgery
9172| [48831] cPanel scripts2/confdkillproc cross-site scripting
9173| [48830] cPanel .contactemail file cross-site scripting
9174| [46991] cPanel index.php directory traversal
9175| [46253] cPanel autoinstall4imagesgalleryupgrade.php cross-site scripting
9176| [46252] cPanel autoinstall4imagesgalleryupgrade.php file include
9177| [45147] Fantastico De Luxe module for cPanel xml.php file include
9178| [42529] cPanel wwwact privilege escalation
9179| [42306] cPanel WHM interface cross-site request forgery
9180| [42305] cPanel WHM interface cross-site scripting
9181| [42114] cPanel HTTP requests cross-site request forgery
9182| [41374] cPanel manpage.html cross-site scripting
9183| [41266] cPanel index.php showtree parameter information disclosure
9184| [39711] cPanel Hosting Manager dohtaccess.html cross-site scripting
9185| [35652] cPanel changepro.html cross-site scripting
9186| [35009] cPanel scgiwrap (Simple CGI Wrapper) path disclosure
9187| [35008] cPanel scgiwrap (Simple CGI Wrapper) cross-site scripting
9188| [32933] cPanel load_language.php and mysqlconfig.php file include
9189| [32462] cPanel passwdmysql cross-site scripting
9190| [32400] cPanel and WebHost Manager (WHM) Module scripts2/objcache cross-site scripting
9191| [30821] mxBB Cpanel Profile Module profilcp_constants.php file include
9192| [30793] cPanel pops.html cross-site scripting
9193| [30788] cPanel BoxTrapper manage.html cross-site scripting
9194| [30493] cPanel multiple scripts cross-site scripting
9195| [30413] cPanel Network Tools dnslook.html cross-site scripting
9196| [30229] cPanel user parameter cross-site scripting
9197| [29808] cPanel theme parameter cross-site scripting
9198| [29249] cPanel unspecified privilege escalation
9199| [28447] cPanel dohtaccess.html, editit.html and showfile.html cross-site scripting
9200| [27403] cPanel files/select.html cross-site scripting
9201| [26613] cPanel OpenBaseDir phpshell.php security bypass
9202| [25277] cPanel fantastico path disclosure
9203| [24839] cPanel dowebmailforward.cgi cross-site scripting
9204| [24580] cPanel admin username disclosure
9205| [24468] cPanel multiple scripts allow cross-site scripting
9206| [22993] cPanel Entropy Chat script can allow cross-site scripting
9207| [21781] cPanel administrator password allows domain access
9208| [21084] cPanel cpsrvd.pl cross-site scripting
9209| [17837] cPanel allows attacker to brute force account passwords
9210| [17781] cPanel _private modify permissions
9211| [17780] cPanel .htaccess modify ownership of files
9212| [17779] cPanel backup could allow an attacker to view files
9213| [16410] cPanel passwd allows password modification
9214| [16381] cPanel taint weak security
9215| [16347] cPanel suEXEC allows command execution
9216| [16325] cPanel killacct account deletion
9217| [16239] cPanel mod_phpsuexec allows command execution
9218| [16197] cPanel Fantastico information disclosure
9219| [15671] cPanel multiple scripts cross-site scripting
9220| [15517] cPanel dodelautores.html or addhandle.html cross-site scripting
9221| [15486] cPanel login scripts allows command execution
9222| [15485] cPanel dir parameter allows cross-site scripting
9223| [15443] cPanel resetpass section allows execution of commands
9224| [12508] cPanel Error Log and Latest Visitors page cross-site scripting
9225| [12237] cPanel Formail-clone domain name bypass allows email relaying
9226| [11357] cPanel SCRIPT_FILENAME privilege elevation
9227| [11356] cPanel guestbook.cgi command execution
9228|
9229| Exploit-DB - https://www.exploit-db.com:
9230| [30380] CPanel 10.9.1 Resname Parameter Cross-Site Scripting Vulnerability
9231| [29572] CPanel <= 11 PassWDMySQL Cross-Site Scripting Vulnerability
9232| [29238] cPanel Web Hosting Manager 3.1 - Multiple Cross-Site Scripting Vulnerabilities
9233| [29237] CPanel 11 BoxTrapper Manage.HTML Cross-Site Scripting Vulnerability
9234| [29188] cPanel WebHost Manager 3.1 park ndomain Parameter XSS
9235| [29187] cPanel WebHost Manager 3.1 dofeaturemanager feature Parameter XSS
9236| [29186] cPanel WebHost Manager 3.1 editzone domain Parameter XSS
9237| [29185] cPanel WebHost Manager 3.1 domts2 domain Parameter XSS
9238| [29184] cPanel WebHost Manager 3.1 editpkg pkg Parameter XSS
9239| [29183] cPanel WebHost Manager 3.1 addon_configsupport.cgi supporturl Parameter XSS
9240| [29182] cPanel WebHost Manager 3.1 dochangeemail email Parameter XSS
9241| [29181] CPanel 11 Beta Multiple Cross-Site Scripting Vulnerabilities
9242| [29071] CPanel 10 DNSlook.HTML Cross-Site Scripting Vulnerability
9243| [28983] cPanel 10 newuser.html Multiple Parameter XSS
9244| [28982] cPanel 10 seldir.html dir Parameter XSS
9245| [28844] cPanel 10.9 editzonetemplate template Parameter XSS
9246| [28843] cPanel 10.9 dosetmytheme theme Parameter XSS
9247| [28660] CPanel 5-10 SUID Wrapper Remote Privilege Escalation Vulnerability
9248| [28415] cPanel 10.x showfile.html file Parameter XSS
9249| [28414] cPanel 10.x editit.html file Parameter XSS
9250| [28413] cPanel 10.x dohtaccess.html dir Parameter XSS
9251| [28113] cPanel 10.8.1/10.8.2 OnMouseover Cross-Site Scripting Vulnerability
9252| [28107] Cpanel 10 Select.HTML Cross-Site Scripting Vulnerability
9253| [27162] cPanel 10.8.1 - Multiple Cross-Site Scripting Vulnerabilities
9254| [25846] cPanel <= 9.1 User Parameter Cross-Site Scripting Vulnerability
9255| [24689] cPanel 9.9.1 -R3 Front Page Extension Installation Information Disclosure
9256| [24183] cPanel 5-9 Passwd Remote SQL Injection Vulnerability
9257| [24172] cPanel 5-9 Killacct Script Customer Account DNS Information Deletion Vulnerability
9258| [24141] cPanel 5-9 Local Privilege Escalation Vulnerability
9259| [23807] cPanel 5/6/7/8/9 Login Script Remote Command Execution Vulnerability
9260| [23806] cPanel 5/6/7/8/9 dir Parameter Cross-Site Scripting Vulnerability
9261| [23804] cPanel 5/6/7/8/9 Resetpass Remote Command Execution Vulnerability
9262| [22874] CPanel 5.0/5.3/6.x Admin Interface HTML Injection Vulnerability
9263| [22693] cPanel 5/6,Formail-Clone E-Mail Restriction Bypass Vulnerability
9264| [22265] cPanel 5.0 Openwebmail Local Privileges Escalation Vulnerability
9265| [22263] cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (4)
9266| [22262] cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (3)
9267| [22261] cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (2)
9268| [22260] cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (1)
9269| [17330] cPanel < 11.25 CSRF - Add User php Script
9270| [15593] Cpanel 11.x - Edit E-mail Cross Site Request Forgery exploit
9271| [14854] MOAUB #1 - Cpanel PHP Restriction Bypass Vulnerability 0day
9272| [14188] Cpanel 11.25 - CSRF Add FTP Account Exploit
9273| [11527] cPanel Multiple CSRF Vulnerabilities
9274| [11211] cPanel HTTP Response Splitting Vulnerability
9275| [9039] Cpanel - (lastvisit.html domain) Arbitrary File Disclosure Vulnerability (auth)
9276| [6897] cpanel 11.x XSS / Local File Inclusion Vulnerability
9277| [6461] Cpanel <= 11.x (Fantastico) LFI Vulnerability (sec bypass)
9278| [3459] cPanel <= 10.9.x (fantastico) Local File Inclusion Vulnerabilities
9279| [2554] cPanel <= 10.8.x (cpwrap via mysqladmin) Local Root Exploit (php)
9280| [2466] cPanel <= 10.8.x (cpwrap via mysqladmin) Local Root Exploit
9281|
9282| OpenVAS (Nessus) - http://www.openvas.org:
9283| No findings
9284|
9285| SecurityTracker - https://www.securitytracker.com:
9286| [1028743] cPanel Flaws in Archive Function Let Local Users Gain Elevated Privileges
9287| [1027928] cPanel Input Validation Flaws in 'clientconf.html' and 'detailbw.html' Permit Cross-Site Scripting Attacks
9288| [1027923] cPanel Input Validation Flaw in 'account' Parameter Permits Cross-Site Scripting Attacks
9289| [1027839] cPanel Unspecified Flaws Have Unspecified Impact
9290| [1027111] cPanel Unspecified Flaws Have Unspecified Impact
9291| [1024382] cPanel Error in 'autoinstallhome.php' Lets Local Users Bypass PHP Restrictions
9292| [1022490] cPanel Input Validation Flaw in 'lastvisit.html' Lets Remote Users View Files
9293| [1020042] cPanel Input Validation Flaw in 'Email' Parameter Lets Local Users Gain Elevated Privileges
9294| [1016913] cPanel Bug Lets Remote Authenticated Users Gain Root Access
9295| [1016383] cPanel Input Validation Flaw in 'select.html' Permits Cross-Site Scripting Attacks
9296| [1015589] cPanel 'mime/handle.html' Input Validation Bug Permits Cross-Site Scripting Attacks
9297| [1015157] cPanel Input Validation Hole in Entropy Chat Permits Cross-Site Scripting Attacks
9298| [1014633] cPanel Domain Access Control Flaw May Let Remote Users Access Other Domains in Certain Cases
9299| [1011877] cPanel Webmail Only Requires First Eight Characters of Password
9300| [1011762] cPanel Backup and FrontPage Management Bugs Let Remote Authenticated Users View, Edit, and Own Arbitrary Files
9301| [1010449] cPanel Access Control Flaw Lets Remote Authenticated Users Make Unauthorized Database Password Changes
9302| [1010411] cPanel suEXEC Flaw May Let Remote Authenticated Users Execute Abitrary Code
9303| [1010398] cPanel 'killacct' May Let Remote Authenticated Administrators Delete Accounts Belonging to Other Administrators
9304| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
9305| [1009541] cPanel 'dodelautores.html' and 'addhandle.html' Input Validation Flaws Permit Cross-Site Scripting Attacks
9306| [1009402] cPanel 'dohtaccess' Input Validation Flaw Permits Cross-Site Scripting Attacks
9307| [1009400] cPanel Password Reset and Login Features Let Remote Users Execute Arbitrary Commands With Root Privileges
9308| [1007113] cPanel Log File Filtering Flaw Permits Remote Cross-Site Scripting Attacks Against Administrators
9309| [1006127] cPanel Web Hosting Control Panel Bugs Let Remote Users Execute Arbitrary Commands and Local Users Gain Root Privileges
9310|
9311| OSVDB - http://www.osvdb.org:
9312| [96167] SecPanel Unspecified User Plaintext Local Password Disclosure
9313| [96166] cPanel WHM Suspend Function Arbitrary Account Lockout Local DoS
9314| [96165] cPanel WHM Purchase and Install an SSL Certificate Feature Arbitrary File Overwrite
9315| [96164] cPanel WHM Unspecified Arbitrary Domain Manipulation
9316| [96163] cPanel WHM Unspecified Arbitrary DNS Zone Modification
9317| [94918] cPanel cpanellogd Cpanel::Logs::prep_logs_path Archive Creation Local Privilege Escalation
9318| [94904] RVSiteBuilder Plugin for cPanel Unspecified Symlink Local Privilege Escalation
9319| [94903] RVSkin rvwrapper Arbitrary cPanel Account Manipulation
9320| [94902] RVSiteBuilder Plugin for cPanel Unspecified Hardlink Arbitrary File Access
9321| [94884] cPanel Web Host Manager (WHM) locale Function Privilege Escalation
9322| [94868] cPanel Restore a Full Backup/cpmove File Feature Crafted Archive Restoration Symlink Arbitrary File Access
9323| [94865] cPremote Plugin for cPanel Unauthorized User Backup Service Access
9324| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
9325| [94859] cPanel /scripts2/ssh_doaddkey Arbitrary SSH Key Overwrite DoS
9326| [94427] WHMXtra Ultimate Pro Cpanel Xtra Plugin Arbitrary File Manipulation
9327| [94333] Varnish Plugin for cPanel Advanced Configuration Page Remote Privilege Escalation
9328| [88872] cPanel WebHost Manager (WHM) /webmail/x3/mail/filters/editfilter.html filtername Parameter XSS
9329| [88820] cPanel dir.html dir Parameter XSS
9330| [88773] cPanel WebHost Manager (WHM) /webmail/x3/mail/clientconf.html acct Parameter XSS
9331| [88749] cPanel frontend/x3/mail/manage.html account Parameter XSS
9332| [88125] cPanel Multiple Unspecified Issues
9333| [82646] cPanel cPDAVd Filename Parsing Remote Code Execution
9334| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
9335| [80801] Almnzm /admincpanel/index.php Arbitrary Admin Creation CSRF
9336| [68373] cPanel Local safe_mode Bypass
9337| [67159] cPanel Unspecified XSS
9338| [61954] cPanel login/index.php failurl Parameter HTTP Response Splitting
9339| [61231] cPanel frontend/x3/files/fileop.html fileop Parameter XSS
9340| [56919] Fantastico De Luxe Module for cPanel autoinstall4imagesgalleryupgrade.php scriptpath_show Parameter Traversal Local File Inclusion
9341| [55545] Fantastico for cPanel index.php sup3r Parameter Traversal Arbitrary File Access
9342| [55515] cPanel frontend/x3/stats/lastvisit.html domain Parameter Traversal Arbitrary File Access
9343| [55301] 7ammel (7ml) cpanel/login.php Multiple Parameter SQL Injection
9344| [55286] 7ammel (7ml) cpanel/login.php Multiple Parameter SQL Injection
9345| [54356] Fantastico De Luxe Module for cPanel language.php Manipulation Privilege Escalation
9346| [53264] cPanel Legacy File Manager Filename XSS
9347| [53263] cPanel Standard File Manager Filename XSS
9348| [52253] cPanel Module Installation Function CSRF
9349| [52252] cPanel Password Change Function CSRF
9350| [52251] cPanel scripts2/confdkillproc Query String XSS
9351| [52250] cPanel .contactemail Local File XSS
9352| [51582] cPanel Disk Usage Module frontend/x/diskusage/index.html showtree Parameter Traversal Arbitrary Directory Listing
9353| [49518] Fantastico De Luxe Module for cPanel autoinstall4imagesgalleryupgrade.php Multiple Parameter XSS
9354| [48126] Fantastico De Luxe Module for cPanel includes/xml.php fantasticopath Parameter Local File Inclusion
9355| [45816] cPanel scripts/wwwacct Email Address Field Arbitrary Shell Command Execution
9356| [45068] WHM Interface for cPanel cpanel/whm/webmail CSRF
9357| [45067] WHM Interface for cPanel scripts2/listaccts search Parameter XSS
9358| [45066] WHM Interface for cPanel scripts2/changeip user Parameter XSS
9359| [45065] WHM Interface for cPanel scripts2/knowlegebase issue Parameter XSS
9360| [44848] cPanel frontend/x2/ftp/doaddftp.html command1 Parameter CSRF
9361| [44847] cPanel frontend/x2/sql/adduser.html command1 Parameter CSRF
9362| [44846] cPanel frontend/x2/sql/adddb.html command1 Parameter CSRF
9363| [44845] cPanel frontend/x2/cron/editcronsimple.html command1 Parameter CSRF
9364| [43854] cPanel frontend/x/manpage.html Query String XSS
9365| [40512] cPanel dohtaccess.html rurl Parameter XSS
9366| [39286] Dada Mail cpanel Mass Add/DL Subscriber XSS
9367| [36468] cPanel frontend/x/htaccess/changepro.html resname Parameter XSS
9368| [35861] cPanel Simple CGI Wrapper Direct Request Path Disclosure
9369| [35860] cPanel Simple CGI Wrapper URI XSS
9370| [35750] cPanel scripts2/objcache objcache Parameter Remote File Inclusion
9371| [35037] Fantastico for cPanel includes/mysqlconfig.php fantasticopath Parameter Traversal Local File Inclusion
9372| [35036] Fantastico for cPanel includes/load_language.php userlanguage Parameter Traversal Local File Inclusion
9373| [33240] cPanel WebHost Manager (WHM) scripts2/objcache obj Variable Arbitrary Limited File Overwrite
9374| [33239] cPanel WebHost Manager (WHM) scripts/rearrangeacct domain Parameter XSS
9375| [33238] cPanel WebHost Manager (WHM) scripts2/dofeaturemanager feature Parameter XSS
9376| [33237] cPanel WebHost Manager (WHM) scripts2/limitbw domain Parameter XSS
9377| [33236] cPanel WebHost Manager (WHM) scripts2/changeemail domain Parameter XSS
9378| [33235] cPanel err/erredit.html dir Parameter XSS
9379| [33234] cPanel cpanelpro/dohtaccess.html dir Parameter XSS
9380| [33233] cPanel mail/pops.html domain Parameter XSS
9381| [32044] cPanel WebHost Manager (WHM) scripts/passwdmysql password Parameter XSS
9382| [32043] cPanel scripts2/objcache objcache Parameter XSS
9383| [32042] cPanel BoxTrapper /mail/manage.html account Parameter XSS
9384| [31835] cPanel PHP OpenBaseDir Configuration Local Access Restriction Bypass
9385| [31757] cPanel WebHost Manager (WHM) park ndomain Parameter XSS
9386| [31756] cPanel WebHost Manager (WHM) dofeaturemanager feature Parameter XSS
9387| [31755] cPanel WebHost Manager (WHM) editzone domain Parameter XSS
9388| [31754] cPanel WebHost Manager (WHM) domts2 domain Parameter XSS
9389| [31753] cPanel WebHost Manager (WHM) editpkg pkg Parameter XSS
9390| [31752] cPanel WebHost Manager (WHM) addon_configsupport.cgi supporturl Parameter XSS
9391| [31751] cPanel WebHost Manager (WHM) dochangeemail email Parameter XSS
9392| [30586] cPanel dnslook.html dns Parameter XSS
9393| [30387] cPanel newuser.html Multiple Parameter XSS
9394| [30386] cPanel seldir.html dir Parameter XSS
9395| [30048] cPanel editzonetemplate template Parameter XSS
9396| [30047] cPanel dosetmytheme theme Parameter XSS
9397| [29122] cPanel mysqladmin/hooksadmin Unspecified Privilege Escalation
9398| [29072] cPanel Multiple Password User Authentication Weakness
9399| [28043] cPanel showfile.html file Parameter XSS
9400| [28042] cPanel editit.html file Parameter XSS
9401| [28041] cPanel dohtaccess.html dir Parameter XSS
9402| [26866] cPanel select.html file Parameter XSS
9403| [24056] Fantastico cPanel Add-on Script Installation Failure Path Disclosure
9404| [22972] cPanel Null Login Administrator Username Disclosure
9405| [22971] cPanel dowebmailforward.cgi fwd Parameter XSS
9406| [22940] cPanel handle.html Multiple Field XSS
9407| [22939] cPanel detailbw.html target Parameter XSS
9408| [22938] cPanel diskusage.html showtree Parameter XSS
9409| [22937] cPanel dodelpop.html email Parameter XSS
9410| [22936] cPanel editquota.html email Parameter XSS
9411| [22906] cPanel webmailaging.cgi numdays Parameter XSS
9412| [20459] cPanel Entropy Chat Message Field XSS
9413| [18661] cPanel Common Password Cross Domain Privilege Escalation
9414| [17399] cPanel cpsrvd.pl user Parameter XSS
9415| [15298] cPanel/WHM SSH Port Forwarding Anonymous Proxy
9416| [11043] cPanel Webmail Truncated Password Weakness
9417| [10962] cPanel Frontpage _private Symlink Arbitrary File Permission Modification
9418| [10961] cPanel Frontpage .htaccess Hardlink Arbitrary File Owernship Modification
9419| [10960] cPanel Backup Feature Hardlink Arbitrary File Access
9420| [7665] cPanel whm Password File Locking Issue
9421| [7006] cPanel passwd Script Unauthorized Database Password Change
9422| [6946] cPanel detailbw.html Multiple Parameter XSS
9423| [6945] cPanel detailsubbw.html Multiple Parameter XSS
9424| [6944] cPanel bwday.html Multiple Parameter XSS
9425| [6943] cPanel detailsubbw.html View Unauthorized Domain Statistics
9426| [6942] cPanel bwday.html View Unauthorized Domain Statistics
9427| [6941] cPanel detailbw.html View Unauthorized Domain Statistics
9428| [6940] cPanel suEXEC Privilege Escalation
9429| [6712] cPanel killacct Script Arbitrary DNS Deletion
9430| [6418] cPanel mod_phpsuexec Arbitrary Code Execution
9431| [4530] cPanel addhandle.html handle Parameter XSS
9432| [4529] cPanel dodelautores.html email Parameter XSS
9433| [4244] cPanel htaccess/index.html dir Parameter XSS
9434| [4243] cPanel del.html account Parameter XSS
9435| [4222] cPanel Formail-clone E-Mail Relay
9436| [4220] cPanel guestbook.cgi template Variable Arbitrary Command Execution
9437| [4219] cPanel dohtaccess.html dir Parameter XSS
9438| [4218] cPanel Login Page user Parameter Arbitrary Command Execution
9439| [4217] cPanel editmsg.html Arbitrary File Access
9440| [4216] cPanel erredit.html Arbitrary File Access
9441| [4215] cPanel editmsg.html account Parameter XSS
9442| [4214] cPanel doaddftp.html login Parameter XSS
9443| [4213] cPanel repairdb.html db Parameter XSS
9444| [4212] cPanel showlog.html account Parameter XSS
9445| [4211] cPanel ignorelist.html account Parameter XSS
9446| [4210] cPanel dnslook.html dns Parameter XSS
9447| [4209] cPanel erredit.html file Parameter XSS
9448| [4208] cPanel testfile.html email Parameter XSS
9449| [4205] cPanel resetpass Arbitrary Command Execution
9450| [2277] cPanel Error Log Malicious HTML Tags Injection
9451|_
94522079/tcp open idware-router?
9453| fingerprint-strings:
9454| SIPOptions:
9455| HTTP/1.1 302 Moved
9456| Date: Mon, 25 Nov 2019 00:44:06 GMT
9457| Server: cPanel
9458| Persistent-Auth: false
9459| Host: server.akinmedya.com.tr:2079
9460| Cache-Control: no-cache, no-store, must-revalidate, private
9461| Connection: close
9462| Location: https://server.akinmedya.com.tr:2080sip:nm
9463| Vary: Accept-Encoding
9464| Expires: Fri, 01 Jan 1990 00:00:00 GMT
9465|_ X-Redirect-Reason: requiressl
94662080/tcp open ssl/http cPanel httpd (unauthorized)
9467|_http-server-header: cPanel
9468| vulscan: VulDB - https://vuldb.com:
9469| [139613] cPanel up to 57.9999.53 TTY enablefileprotect unknown vulnerability
9470| [139612] cPanel up to 57.9999.53 TTY /scripts/unsuspendacct unknown vulnerability
9471| [139611] cPanel up to 57.9999.53 TTY maildir_converter unknown vulnerability
9472| [139610] cPanel up to 57.9999.53 TTY /scripts/checkinfopages unknown vulnerability
9473| [139609] cPanel up to 57.9999.53 TTY /scripts/addpop unknown vulnerability
9474| [139608] cPanel up to 57.9999.53 /scripts/killpvhost denial of service
9475| [139607] cPanel up to 57.9999.53 Paper Lantern Landing Page cross site scripting
9476| [139606] cPanel up to 57.9999.53 ajax_maketext_syntax_util.pl Code Execution
9477| [139605] cPanel up to 57.9999.53 SQLite Journal directory traversal
9478| [139604] cPanel up to 57.9999.104 LOC Record Newline Injection privilege escalation
9479| [139603] cPanel up to 58.0.4 PHP CGI Code Execution
9480| [139602] cPanel up to 58.0.3 Session unknown vulnerability
9481| [139601] cPanel up to 58.0.3 BoxTrapper API API Call privilege escalation
9482| [139599] cPanel before up to 58.0.3 unknown vulnerability
9483| [139551] cPanel up to 58.0.3 Purchase and Install an SSL Certificate Page Domain information disclosure
9484| [139549] cPanel up to 59.9999.144 tail_upcp2.cgi cross site scripting
9485| [139548] cPanel up to 59.9999.144 Multipart Message File privilege escalation
9486| [139547] cPanel up to 59.9999.144 Script Code Execution
9487| [139546] cPanel up to 59.9999.144 Mailman List Archive Code Execution
9488| [139545] cPanel up to 60.0.14 Password Policy denial of service
9489| [139544] cPanel up to 60.0.24 HTTP POST weak encryption
9490| [139543] cPanel up to 60.0.24 Error Response Code Execution
9491| [139542] cPanel up to 60.0.24 Maketext Code Execution
9492| [139541] cPanel up to 60.0.24 Access Control privilege escalation
9493| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
9494| [139539] cPanel up to 60.0.24 File Copy information disclosure
9495| [139538] cPanel up to 60.0.24 Alias Upload Interface cross site scripting
9496| [139537] cPanel up to 60.0.24 SSL_listkeys Stored cross site scripting
9497| [139536] cPanel up to 60.0.24 postgres API1 listdbs Stored cross site scripting
9498| [139535] cPanel up to 60.0.24 UI_confirm API cross site scripting
9499| [139534] cPanel up to 60.0.24 ftp_sessions API Stored cross site scripting
9500| [139533] cPanel up to 60.0.24 api1_listautoresponders Stored cross site scripting
9501| [139532] cPanel up to 60.0.24 listftpstable API Stored cross site scripting
9502| [139531] cPanel up to 60.0.24 WHM Tweak Settings for autodiscover_host cross site scripting
9503| [139530] cPanel up to 60.0.24 WHM Account Termination Stored cross site scripting
9504| [139495] cPanel up to 62.0.3 WHM API privilege escalation
9505| [139494] cPanel up to 62.0.3 Account Suspension Stored cross site scripting
9506| [139493] cPanel up to 62.0.3 WHM API API Call privilege escalation
9507| [139492] cPanel up to 62.0.3 WHM SSL certificate Generation Email privilege escalation
9508| [139491] cPanel up to 62.0.3 XML-API ACL privilege escalation
9509| [139490] cPanel up to 62.0.3 Exim privilege escalation
9510| [139489] cPanel up to 62.0.3 Leech Protect privilege escalation
9511| [139488] cPanel up to 62.0.3 Exim privilege escalation
9512| [139487] cPanel up to 62.0.3 Exim directory traversal
9513| [139486] cPanel up to 62.0.3 WebMail cross site scripting
9514| [139485] cPanel up to 62.0.3 Password Reset Reflected cross site scripting
9515| [139484] cPanel up to 62.0.3 Password Change cross site scripting
9516| [139483] cPanel up to 62.0.3 Test Account Default Credentials weak authentication
9517| [139482] cPanel up to 62.0.16 API API Call Code Execution
9518| [139481] cPanel up to 62.0.16 API setphppreference Code Execution
9519| [139480] cPanel up to 62.0.16 URL Filter privilege escalation
9520| [139479] cPanel up to 62.0.16 Domain privilege escalation
9521| [139477] cPanel up to 62.0.16 WHM Zone Template Editor privilege escalation
9522| [139476] cPanel up to 62.0.16 IP Protection Bypass privilege escalation
9523| [139475] cPanel up to 60.0.24 reassign_post_terminate_cruft privilege escalation
9524| [139474] cPanel up to 60.0.24 tail_ea4_migration.cgi cross site scripting
9525| [139473] cPanel up to 60.0.24 Message Format String
9526| [139471] cPanel up to 60.0.24 ModSecurity Audit Logfile privilege escalation
9527| [139470] cPanel up to 60.0.24 RoundCube Update privilege escalation
9528| [139469] cPanel up to 60.0.24 FormMail-clone.cgi Open Redirect
9529| [139468] cPanel up to 60.0.24 MySQL Upgrade File privilege escalation
9530| [139467] cPanel up to 60.0.24 WHM Repair Mailbox Permissions Interface Stored cross site scripting
9531| [139361] cPanel up to 62.0.16 Security Policy privilege escalation
9532| [139356] cPanel up to 62.0.16 WHM cPAddons showsecurity Interface cross site scripting
9533| [139355] cPanel up to 62.0.16 Addon Domain Conversion privilege escalation
9534| [139354] cPanel up to 62.0.23 WHM cPAddons Install Interface Stored cross site scripting
9535| [139353] cPanel up to 64.0.20 Account Rename privilege escalation
9536| [139351] cPanel up to 64.0.20 crontab Timing information disclosure
9537| [139350] cPanel up to 64.0.20 convert_roundcube_mysql2sqlite privilege escalation
9538| [139349] cPanel up to 64.0.20 convert_roundcube_mysql2sqlite privilege escalation
9539| [139348] cPanel up to 64.0.20 Serverinfo_manpage API API Call directory traversal
9540| [139347] cPanel up to 64.0.20 ClamScanner_getsocket API Code Execution
9541| [139346] cPanel up to 64.0.20 SourceIPCheck API directory traversal
9542| [139345] cPanel up to 64.0.20 SSL API API Call privilege escalation
9543| [139344] cPanel up to 64.0.20 SSH API Command privilege escalation
9544| [139343] cPanel up to 64.0.20 SSH Port Forwarding privilege escalation
9545| [139342] cPanel up to 64.0.20 API Cpanel::SPFUI privilege escalation
9546| [139341] cPanel up to 64.0.20 Demo Account Open Redirect
9547| [139340] cPanel up to 64.0.20 traceroute privilege escalation
9548| [139339] cPanel up to 64.0.20 ImageManager API Call Code Execution
9549| [139338] cPanel up to 64.0.20 Encoding API Call Code Execution
9550| [139336] cPanel up to 64.0.20 API Call Fileman::getfileactions directory traversal
9551| [139335] cPanel up to 64.0.20 BoxTrapper API Code Execution
9552| [139333] cPanel up to 64.0.20 Filter API API Call Code Execution
9553| [139331] cPanel up to 66.0.0 Suspend privilege escalation
9554| [139326] cPanel up to 66.0.1 Log File information disclosure
9555| [139320] cPanel up to 66.0.1 WHM cPAddons Processing Stored cross site scripting
9556| [139319] cPanel up to 66.0.1 WHM cPAddons Uninstallation Stored cross site scripting
9557| [139318] cPanel up to 66.0.1 WHM cPAddons file Operation Stored cross site scripting
9558| [139317] cPanel up to 66.0.1 WHM cPAddons Installation Stored cross site scripting
9559| [139316] cPanel up to 67.9999.102 Roundcube SQLite Schema Update directory traversal
9560| [139314] cPanel up to 67.9999.102 redirect.html Open Redirect
9561| [139311] cPanel up to 67.9999.102 Addon Domain Conversion privilege escalation
9562| [139310] cPanel up to 67.9999.102 Backup Archive information disclosure
9563| [139309] cPanel up to 67.9999.102 Backup Interface Archive information disclosure
9564| [139308] cPanel up to 67.9999.102 WHM MySQL Password Change Interfaces Stored cross site scripting
9565| [139307] cPanel up to 67.9999.102 Support-Agreement Download weak authentication
9566| [139306] cPanel up to 67.9999.102 eximstats sql injection
9567| [139304] cPanel up to 68.0.14 Domain denial of service
9568| [139303] cPanel up to 68.0.14 Mailman Archive Code Execution
9569| [139302] cPanel up to 68.0.14 cpaddons Stored cross site scripting
9570| [139301] cPanel up to 68.0.14 Username unknown vulnerability
9571| [139299] cPanel up to 68.0.14 sqloptimizer information disclosure
9572| [139298] cPanel up to 68.0.14 Hostname privilege escalation
9573| [139295] cPanel up to 68.0.14 SSL Username privilege escalation
9574| [139294] cPanel up to 68.0.14 Username privilege escalation
9575| [139293] cPanel up to 68.0.14 Email Username privilege escalation
9576| [139292] cPanel up to 68.0.14 PostgreSQL Database Collision privilege escalation
9577| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
9578| [139287] cPanel up to 68.0.14 Reseller Style Upload Code Execution
9579| [139286] cPanel up to 68.0.14 PostgresAdmin Code Execution
9580| [139282] cPanel up to 68.0.14 DNS Zone SOA Record privilege escalation
9581| [139260] cPanel up to 68.0.26 WHM listips Interface cross site scripting
9582| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
9583| [139258] cPanel up to 68.0.26 WHM Spamd Startup Config cross site scripting
9584| [139257] cPanel up to 68.0.26 WHM Account Transfer Stored cross site scripting
9585| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
9586| [139255] cPanel up to 68.0.26 Backup cross site scripting
9587| [139252] cPanel up to 68.0.26 bin/csvprocess privilege escalation
9588| [139245] cPanel up to 68.0.26 WHM API API Call privilege escalation
9589| [139244] cPanel up to 68.0.26 Rename User Name information disclosure
9590| [139242] cPanel up to 70.0.22 WHM Reset a DNS Zone Stored cross site scripting
9591| [139241] cPanel up to 70.0.22 Account Suspension privilege escalation
9592| [139240] cPanel up to 70.0.22 WHM Edit DNS Zone Stored cross site scripting
9593| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
9594| [139238] cPanel up to 70.0.22 Landing Page Code Execution
9595| [139237] cPanel up to 70.0.22 Htaccess Optimization Bypass privilege escalation
9596| [139236] cPanel up to 70.0.22 redirect.html Open Redirect
9597| [139235] cPanel up to 70.0.22 cpaddons Vendor Interface Stored cross site scripting
9598| [139231] cPanel up to 70.0.22 WHM Style Upload privilege escalation
9599| [139230] cPanel up to 70.0.22 WHM Synchronize DNS Record Stored cross site scripting
9600| [139229] cPanel up to 70.0.22 WHM DNS Cleanup Stored cross site scripting
9601| [139228] cPanel up to 70.0.22 WHM Delete a DNS Zone Stored cross site scripting
9602| [139227] cPanel up to 70.0.22 HM Edit DNS Zone Stored cross site scripting
9603| [139226] cPanel up to 70.0.22 WHM Create Account Stored cross site scripting
9604| [139225] cPanel up to 70.0.22 WHM DNS Cluster Stored cross site scripting
9605| [139223] cPanel up to 70.0.22 WHM Edit MX Entry Stored cross site scripting
9606| [139222] cPanel up to 70.0.22 WHM Edit DNS Zone Stored cross site scripting
9607| [139221] cPanel up to 70.0.22 OpenID Injection privilege escalation
9608| [139220] cPanel up to 70.0.22 trustclustermaster.cgi information disclosure
9609| [139219] cPanel up to 70.0.22 awstats Code Execution
9610| [139218] cPanel up to 70.0.22 cpaddonsup Code Execution
9611| [139217] cPanel up to 70.0.22 WHM cPAddons showsecurity Interface cross site scripting
9612| [139214] cPanel up to 71.9980.36 API Mime::list_hotlinks privilege escalation
9613| [139213] cPanel up to 71.9980.36 Image Feature API Call privilege escalation
9614| [139212] cPanel up to 71.9980.36 Backup API Call privilege escalation
9615| [139211] cPanel up to 71.9980.36 cron API Call privilege escalation
9616| [139210] cPanel up to 71.9980.36 WHM Backup Configuration Interface cross site scripting
9617| [139208] cPanel up to 71.9980.36 WHM Save Theme Interface Stored cross site scripting
9618| [139207] cPanel up to 71.9980.36 YUM Autorepair Stored cross site scripting
9619| [139206] cPanel up to 71.9980.36 WHM cPAddons Installation Interface Stored cross site scripting
9620| [139205] cPanel up to 71.9980.36 cPAddons Moderation Injection privilege escalation
9621| [139202] cPanel up to 71.9980.36 API Token ACL unknown vulnerability
9622| [139199] cPanel up to 73.x CAA Record privilege escalation
9623| [139197] cPanel up to 73.x Record privilege escalation
9624| [139194] cPanel up to 73.x Database Backup sql injection
9625| [139190] cPanel up to 11.53.x WHM API Zone privilege escalation
9626| [139189] cPanel up to 11.53.x Webmail API Password Reset privilege escalation
9627| [139188] cPanel up to 11.53.x DNS NS Entry Code Execution
9628| [139187] cPanel up to 11.53.x Email Sending privilege escalation
9629| [139186] cPanel up to 11.53.x Comet Feed information disclosure
9630| [139185] cPanel up to 11.54.0.3 cpsrvd Code Execution
9631| [139184] cPanel up to 11.54.0.3 X3 Entropy Banner Interface cross site scripting
9632| [139183] cPanel up to 11.54.0.3 WHM Feature Manager interface Stored cross site scripting
9633| [139182] cPanel up to 11.54.0.3 AppConfig Subsystem ACL privilege escalation
9634| [139181] cPanel up to 11.54.0.3 WHM PHP Configuration Editor Interface cross site scripting
9635| [139180] cPanel up to 11.54.0.3 synccpaddonswithsqlhost Code Execution
9636| [139179] cPanel up to 11.54.0.3 scripts/secureit privilege escalation
9637| [139178] cPanel up to 11.54.0.3 scripts/quotacheck directory traversal
9638| [139177] cPanel up to 11.54.0.3 scripts/fixmailboxpath directory traversal
9639| [139176] cPanel up to 11.54.0.3 Roundcube Database Conversion privilege escalation
9640| [139175] cPanel up to 11.54.0.3 check_system_storable directory traversal
9641| [139174] cPanel up to 11.54.0.3 chcpass Password information disclosure
9642| [139173] cPanel up to 11.54.0.3 JSON-API Code Execution
9643| [139172] cPanel up to 11.54.0.3 setup_global_spam_filter.pl directory traversal
9644| [139171] cPanel up to 11.54.0.3 bin/mkvhostspasswd information disclosure
9645| [139170] cPanel up to 11.54.0.3 Duplication Code Execution
9646| [139169] cPanel up to 11.54.0.3 horde_update_usernames sql injection
9647| [139168] cPanel up to 11.54.0.3 bin/fmq directory traversal
9648| [139167] cPanel up to 11.54.0.3 @INC Path Code Execution
9649| [139166] cPanel up to 55.9999.140 Authentication directory traversal
9650| [139165] cPanel up to 55.9999.140 cPHulkd privilege escalation
9651| [139164] cPanel up to 55.9999.140 FTP Lockout privilege escalation
9652| [139163] cPanel up to 55.9999.140 cPHulkd privilege escalation
9653| [139162] cPanel up to 55.9999.140 FTP cPHulk privilege escalation
9654| [139161] cPanel up to 55.9999.140 Two-factor Authentication weak authentication
9655| [139160] cPanel up to 55.9999.140 ACL Bypass privilege escalation
9656| [139158] cPanel up to 55.9999.140 @INC Path Code Execution
9657| [139157] cPanel up to 55.9999.140 WHM Edit System Mail Preferences Stored cross site scripting
9658| [139156] cPanel up to 55.9999.140 Two Factor Authentication DNS Clustering Request Bypass weak authentication
9659| [139155] cPanel up to 55.9999.140 Security Policy Bypass privilege escalation
9660| [139154] cPanel up to 55.9999.140 DNS NS Entry Code Execution
9661| [139153] cPanel up to 55.9999.140 Maketext Code Execution
9662| [139152] cPanel up to 55.9999.140 X3 Reseller Branding Image cross site scripting
9663| [139151] cPanel up to 55.9999.140 Scripts/addpop information disclosure
9664| [139150] cPanel up to 55.9999.140 Daemons privilege escalation
9665| [139149] cPanel up to 57.9999.53 cpanellogd information disclosure
9666| [139148] cPanel up to 57.9999.53 File Permission Log privilege escalation
9667| [139147] cPanel up to 57.9999.53 ModSecurity TailWatch Log File sql injection
9668| [139146] cPanel up to 57.9999.53 WebMail Code Execution
9669| [139145] cPanel up to 57.9999.53 WebMail directory traversal
9670| [139144] cPanel up to 57.9999.53 Demo Mode show_template.stor privilege escalation
9671| [139143] cPanel up to 57.9999.53 FTP Account cross site scripting
9672| [139142] cPanel up to 11.52.0.12 get_information_for_applications directory traversal
9673| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
9674| [139129] cPanel up to 73.x WHM File Restoration Interface Stored cross site scripting
9675| [139128] cPanel up to 74.0.7 Account Suspension privilege escalation
9676| [139126] cPanel up to 74.0.7 Security Questions Login Page Stored cross site scripting
9677| [139124] cPanel up to 74.0.7 Demo Account Fileman::viewfile Code Execution
9678| [139123] cPanel up to 74.0.7 File and Directory Restoration Stored cross site scripting
9679| [139122] cPanel up to 74.0.7 WHM Style Upload Interface cross site scripting
9680| [139121] cPanel up to 74.0.7 Site Software Moderation Interface cross site scripting
9681| [139120] cPanel up to 74.0.7 WHM Security Questions Interface cross site scripting
9682| [139119] cPanel up to 74.0.7 Create a New Account cross site scripting
9683| [139021] cPanel up to 78.0.1 Connection Reset File privilege escalation
9684| [139019] cPanel up to 78.0.1 DCV API privilege escalation
9685| [139016] cPanel up to 78.0.1 Demo Account privilege escalation
9686| [139015] cPanel up to 78.0.1 OpenID information disclosure
9687| [139014] cPanel up to 78.0.17 BoxTrapper Queue Listing Stored cross site scripting
9688| [139013] cPanel up to 78.0.17 securitypolicy.cg Code Execution
9689| [139011] cPanel up to 78.0.17 Mail Relay Spam privilege escalation
9690| [139009] cPanel up to 78.0.17 API Code Execution
9691| [139006] cPanel up to 80.0.4 ajax_maketext_syntax_util.pl Code Execution
9692| [139005] cPanel up to 80.0.4 API privilege escalation
9693| [139000] cPanel up to 80.0.21 Demo Account Code Execution
9694| [138998] cPanel up to 82.0.1 Modify Account Interface Stored cross site scripting
9695| [138996] cPanel up to 82.0.1 Exim Log Parser privilege escalation
9696| [138995] cPanel up to 82.0.1 Webmail Master Template cross site scripting
9697| [138994] cPanel up to 82.0.1 WHM Tomcat Manager Interface Stored cross site scripting
9698| [138974] cPanel up to 76.0.7 MultiPHP Manager Interface Stored cross site scripting
9699| [138973] cPanel up to 76.0.7 Connection Open Redirect
9700| [138972] cPanel up to 76.0.7 DNS Zone Stored cross site scripting
9701| [138971] cPanel up to 76.0.7 Backup cross site scripting
9702| [138970] cPanel up to 76.0.7 Virtual FTP Server privilege escalation
9703| [138969] cPanel up to 76.0.7 Attachment Code Execution
9704| [123444] cPanel up to 74 HTML Rendering index.html cross site scripting
9705| [114155] Afian FileRun ?module=users§ion=cpanel&page=list Parameter sql injection
9706| [103771] cPanel up to 66.0.1 WHM Upload Locale Interface Filename cross site scripting
9707| [95199] cPanel entropysearch.cgi information disclosure
9708| [95198] cPanel entropysearch.cgi information disclosure
9709| [75240] GoAutoDial GoAdmin CE up to 3.3 cPanel go_site.php privilege escalation
9710| [75239] GoAutoDial GoAdmin CE up to 3.3 cPanel go_site.php privilege escalation
9711| [13380] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Interfaces cross site scripting
9712| [13379] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Locales ACL privilege escalation
9713| [13378] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Mailman List Password change_pw weak encryption
9714| [13377] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Configure Customer Contact privilege escalation
9715| [13376] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 DNS Clustering ACL privilege escalation
9716| [13375] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 DNS Clustering Commands privilege escalation
9717| [13370] cPanel 11.40.1.13/11.42.1.15 Database ADDDBPRIVS Command privilege escalation
9718| [13369] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Boxtrapper cgi-sys Script bxd.cgi denial of service
9719| [13368] cPanel 11.40.1.13/11.42.1.15 Transfer CGI Scripts privilege escalation
9720| [13367] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Thirdparty Service Call serviceinfo privilege escalation
9721| [13366] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Thirdparty Service Call /scripts2/showservice privilege escalation
9722| [13365] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 SSH Key Password privilege escalation
9723| [13363] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 cgiemail 1.6 privilege escalation
9724| [13361] cPanel up to 11.43.0.11/11.42.1.15/11.40.1.13 unknown vulnerability
9725| [12816] cPanel 11.38.2/11.40.1/11.42.0 Modify Account Interface privilege escalation
9726| [12814] cPanel 11.38.2/11.40.1/11.42.0 URL cross site scripting
9727| [12813] cPanel 11.38.2/11.40.1/11.42.0 Password Reset privilege escalation
9728| [12809] cPanel 11.38.2/11.40.1/11.42.0 Form Mailer Header FormMail.pl privilege escalation
9729| [12808] cPanel 11.38.2/11.40.1/11.42.0 XML-API batch memory corruption
9730| [12807] cPanel 11.38.2/11.40.1/11.42.0 wwwacct Interface /scripts5/wwwacct privilege escalation
9731| [12806] cPanel 11.38.2/11.40.1/11.42.0 objcache Storage System Template Toolkit memory corruption
9732| [12805] cPanel 11.38.2/11.40.1/11.42.0 XML information disclosure
9733| [12798] cPanel 11.38.2/11.40.1/11.42.0 /cgi/cpaddons_report.pl cross site scripting
9734| [12797] cPanel 11.38.2/11.40.1/11.42.0 DNS Zone Editor information disclosure
9735| [12796] cPanel WHM 11.38.2/11.40.1/11.42.0 /cgi/sshcheck.cgi cross site scripting
9736| [12795] cPanel WHM 11.38.2/11.40.1/11.42.0 /scripts/installfp cross site scripting
9737| [12794] cPanel WHM 11.38.2/11.40.1/11.42.0 /scripts/uninstallfp cross site scripting
9738| [12793] cPanel 11.38.2/11.40.1/11.42.0 entropysearch.cgi cross site scripting
9739| [12792] cPanel 11.38.2/11.40.1/11.42.0 activate_remote_nameservers.cgi maketext privilege escalation
9740| [12285] cPanel 11.38.2/11.40.1/11.42.0 filelist-thumbs.html cross site scripting
9741| [12284] cPanel 11.38.2/11.40.1/11.42.0 editit.html cross site scripting
9742| [12283] cPanel 11.38.2/11.40.1/11.42.0 def.html cross site scripting
9743| [12282] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 DNS Cluster privilege escalation
9744| [12281] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 New Account wwwacctform locale/cpmod Parameter privilege escalation
9745| [12280] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 /cgi/cpaddons_feature.pl cross site scripting
9746| [12279] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Account Creation Ruby Code privilege escalation
9747| [12278] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 XML API Backup Restore privilege escalation
9748| [12277] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 XML API Bypass privilege escalation
9749| [12276] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 /cgi/zoneeditor.cgi Newline privilege escalation
9750| [12275] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 WHM Interface /scripts/park directory traversal
9751| [12274] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 XML API get_remote_access_hash information disclosure
9752| [12273] cPanel 11.36.2.9/11.38.2.12 Account Creation directory traversal
9753| [12220] cPanel 11.36.2.10/11.38.2.13/11.40.0.29/11.40.1.3 WHM XML/JSON API getpkginfo information disclosure
9754| [11601] cPanel WHM 11.36.2.11/11.38.2.14/11.40.0.30/11.40.1.6 XML/JSON getpkginfo information disclosure
9755| [11625] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Login Security Token information disclosure
9756| [11624] cPanel WHM 11.38.2.12 Branding Subsystem privilege escalation
9757| [11621] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 cPAddons Upgrade Password information disclosure
9758| [11620] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Edit DNS Zone Interface Entry information disclosure
9759| [11619] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 SSH Authentication User Name privilege escalation
9760| [11618] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 X3 Theme countedit.cgi directory traversal
9761| [11616] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 cpsrvd HTTP Request Bypass privilege escalation
9762| [11613] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Bandmin Reflected cross site scripting
9763| [11612] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 API Call UI::dynamicincludelist directory traversal
9764| [11609] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Config cross site request forgery
9765| [11608] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Translatable Phrase Locale::Maketext privilege escalation
9766| [11607] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 CSRF Protection Token Bypass cross site request forgery
9767| [11606] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 cross site scripting
9768| [11604] cPanel WHM 11.36.2.9 Virtualhost Installation privilege escalation
9769| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
9770| [11017] cPanel WHM up to 11.40.0.11 SSL Certificate denial of service
9771| [11016] cPanel WHM up to 11.40.0.11 Configure Customer Contact Interface Bypass privilege escalation
9772| [11015] cPanel WHM up to 11.40.0.11 Bypass cross site scripting
9773| [11014] cPanel WHM up to 11.40.0.11 File Upload Bypass privilege escalation
9774| [11013] cPanel WHM up to 11.40.0.11 POST Request privilege escalation
9775| [11011] cPanel WHM up to 11.40.0.11 Cpanel::LogMeIn weak authentication
9776| [11010] cPanel WHM up to 11.40.0.11 logaholic_lang Cookie privilege escalation
9777| [11007] cPanel WHM up to 11.40.0.11 Manage SSL Hosts Interface cross site request forgery
9778| [9921] cPanel WHM 11.34.1.24/11.36.1.14/11.38.1.12/11.39.0.4 SSL Certificate privilege escalation
9779| [9920] cPanel WHM 11.34.1.24/11.36.1.14/11.38.1.12/11.39.0.4 Web Host Manager WHM privilege escalation
9780| [9919] cPanel WHM 11.34.1.24/11.36.1.14/11.38.1.12/11.39.0.4 Web Host Manager WHM privilege escalation
9781| [10129] cPanel WHM up to 11.38.0.14 cross site scripting
9782| [10126] cPanel WHM up to 11.38.0.14 weak authentication
9783| [9361] cPanel WHM up to 11.38.0.14 Web Host Manager privilege escalation
9784| [9352] cPanel WHM up to 11.38.0.8 Restore Full Backup Symlink unknown vulnerability
9785| [9348] cPanel WHM up to 11.36.1.5 scripts2/ssh_doaddkey unknown vulnerability
9786| [10123] cPanel WHM up to 11.36.0.9 Access Control privilege escalation
9787| [10122] cPanel WHM up to 11.36.0.9 countedit.cgi cross site scripting
9788| [91109] cPanel WHM v11.24.7.x cross site scripting
9789| [52940] cPanel up to 11.24.7 cross site scripting
9790| [86883] cPanel fileop.html cross site scripting
9791| [48827] cPanel up to 11.23.1 Current index.php directory traversal
9792| [48812] cPanel directory traversal
9793| [49331] cPanel autoinstall4imagesgalleryupgrade.php cross site scripting
9794| [42542] cPanel 11.8.6/11.23.1 memory corruption
9795| [42303] cPanel up to 11.22.2 WHM Interface cross site request forgery
9796| [42302] cPanel up to 11.22.2 WHM Interface cross site scripting
9797| [42219] cPanel 11.18.3/11.19.3 cross site request forgery
9798| [41689] cPanel 11.18.3/11.21 cross site scripting
9799| [49762] cPanel 11.18.3 index.html directory traversal
9800| [40642] cPanel 11.16 dohtaccess.html cross site scripting
9801| [38023] cPanel 10.9.1 changepro.html cross site scripting
9802| [37433] cPanel 10.9.0 Build 10300/11.4.19 Error Message information disclosure
9803| [37432] cPanel 10.9.0 Build 10300/11.4.19 CGI Wrapper cross site scripting
9804| [35618] cPanel 10.x directory traversal
9805| [34925] cPanel WebHost Manager memory corruption
9806| [34986] cPanel WebHost Manager up to 11.0.0 cross site scripting
9807| [85585] cPanel scripts2/objcache memory corruption
9808| [85156] cPanel WebHost Manager scripts2/objcache privilege escalation
9809| [30642] cPanel privilege escalation
9810| [33838] cPanel WebHost Manager 3.1.0 cross site scripting
9811| [33814] cPanel 11 cross site scripting
9812| [33536] cPanel WebHost Manager 3.1.0 cross site scripting
9813| [84843] cPanel newuser.html cross site scripting
9814| [33243] cPanel 10 seldir.html cross site scripting
9815| [32973] cPanel 10.9.0 R50 cross site scripting
9816|
9817| MITRE CVE - https://cve.mitre.org:
9818| [CVE-2009-4823] Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter.
9819| [CVE-2009-3316] SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php.
9820| [CVE-2009-2275] Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter.
9821| [CVE-2009-2168] cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters.
9822| [CVE-2009-2167] Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
9823| [CVE-2008-7142] Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter.
9824| [CVE-2008-6927] Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action.
9825| [CVE-2008-6926] Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.
9826| [CVE-2008-6843] Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter.
9827| [CVE-2008-4181] Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
9828| [CVE-2008-2478] ** DISPUTED ** scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel."
9829| [CVE-2008-2071] Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors.
9830| [CVE-2008-2070] The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors.
9831| [CVE-2008-2043] Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html.
9832| [CVE-2008-1499] Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string.
9833| [CVE-2008-0370] Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information.
9834| [CVE-2007-4022] Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter.
9835| [CVE-2007-3367] Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown
9836| [CVE-2007-3366] Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown
9837| [CVE-2007-1455] Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.
9838| [CVE-2007-0890] Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter.
9839| [CVE-2007-0854] Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used to overwrite files in /var/cpanel/objcache or provide unexpected web page contents.
9840| [CVE-2006-6566] PHP remote file inclusion vulnerability in includes/profilcp_constants.php in the Profile Control Panel (CPanel) module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
9841| [CVE-2006-6548] Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct. NOTE: the feature parameter to scripts2/dofeaturemanager is already covered by CVE-2006-6198.
9842| [CVE-2006-6523] Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter.
9843| [CVE-2006-6198] Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park.
9844| [CVE-2006-5883] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html.
9845| [CVE-2006-5535] Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate.
9846| [CVE-2006-5014] Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.
9847| [CVE-2006-4293] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html.
9848| [CVE-2006-3337] Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
9849| [CVE-2006-2825] cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive.
9850| [CVE-2006-1119] fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message.
9851| [CVE-2006-0763] Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter.
9852| [CVE-2006-0574] Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type.
9853| [CVE-2006-0573] Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to (a) editquota.html or (b) dodelpop.html
9854| [CVE-2006-0533] Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter.
9855| [CVE-2005-3505] Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as <b>, which are processed by Internet Explorer.
9856| [CVE-2005-2021] Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page.
9857| [CVE-2004-2398] Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.
9858| [CVE-2004-2308] Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html.
9859| [CVE-2004-1875] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10.
9860| [CVE-2004-1849] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to dodelautores.html or (2) handle parameter to addhandle.html.
9861| [CVE-2004-1770] The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter.
9862| [CVE-2004-1769] The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.
9863| [CVE-2004-1604] cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled.
9864| [CVE-2004-1603] cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.
9865| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
9866| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
9867| [CVE-2003-1426] Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.
9868| [CVE-2003-1425] guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
9869| [CVE-2003-0521] Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens.
9870|
9871| SecurityFocus - https://www.securityfocus.com/bid/:
9872| [95395] cPanel Multiple Security Vulnerabilities
9873| [90463] cPanel CVE-2004-1604 Remote Security Vulnerability
9874| [85002] cPanel CVE-2008-2043 Cross-Site Request Forgery Vulnerability
9875| [84099] cPanel CVE-2006-0573 Cross-Site Scripting Vulnerability
9876| [84076] cPanel CVE-2006-0533 Cross-Site Scripting Vulnerability
9877| [84074] cPanel CVE-2006-0574 Cross-Site Scripting Vulnerability
9878| [84064] cPanel CVE-2006-0763 Cross-Site Scripting Vulnerability
9879| [82752] cPanel CVE-2003-0521 Cross-Site Scripting Vulnerability
9880| [80161] cPanel CVE-2006-2825 Remote Security Vulnerability
9881| [67611] cPanel Multiple Unspecified Security Vulnerabilities
9882| [66561] cPanel Multiple Security Vulnerabilities
9883| [65618] cPanel Horde Backup Archive Insecure File Permissions Vulnerability
9884| [65464] cPanel Multiple Security Vulnerabilities
9885| [65159] Cpanel CloudFlare Plugin Local Security Bypass Vulnerability
9886| [64511] cPanel WHM XML and JSON APIs Multiple Arbitrary File Disclosure Vulnerabilities
9887| [64472] cPanel Multiple Security Vulnerabilities
9888| [64016] cPanel Varnish Plugin Multiple Security Vulnerabilities
9889| [63831] Add-On Domain to Main Account Convertor cPanel WHM Plugin Arbitrary Command Execution Vulnerability
9890| [63829] Add-On Domain to Main Account Convertor cPanel WHM Plugin Local Privilege Escalation Vulnerability
9891| [63371] cPanel Multiple Security Vulnerabilities
9892| [63220] CloudFlare Plugin For cPanel Arbitrary File Write Local Privilege Escalation Vulnerability
9893| [62140] cPanel Multiple Security Vulnerabilities
9894| [61812] cPanel Multiple Remote Security Vulnerabilities
9895| [61018] cPanel 'cpanellogd' Multiple Remote Privilege Escalation Vulnerabilities
9896| [60672] WHMXtra Cpanel Xtra Plugin Unspecified Local Security Bypass Vulnerability
9897| [60663] cPanel Varnish Plugin Remote Privilege Escalation Vulnerability
9898| [57064] cPanel 'dir' Parameter Cross Site Scripting Vulnerability
9899| [57060] cPanel and WHM Multiple Cross Site Scripting Vulnerabilities
9900| [57045] cPanel 'account' Parameter Cross Site Scripting Vulnerability
9901| [56818] cPanel Multiple Unspecified Vulnerabilities
9902| [53757] cPanel Multiple Unspecified Vulnerabilities
9903| [47621] cPanel X3 File Manager Module Cross-Site Scripting Vulnerability
9904| [41723] cPanel Unspecified Cross Site Scripting Vulnerability
9905| [41391] cPanel Cross-Site Request Forgery Vulnerability
9906| [40622] cPanel Image Manager 'target' Parameter Local File Include Vulnerability
9907| [37902] cPanel and WHM 'failurl' Parameter HTTP Response Splitting Vulnerability
9908| [37394] cPanel 'fileop' Parameter Multiple Cross Site Scripting Vulnerabilities
9909| [35518] cPanel 'lastvisit.html' Arbitrary File Disclosure Vulnerability
9910| [34142] cPanel Legacy File Manager File Name HTML Injection Vulnerability
9911| [33840] cPanel HTML Injection and Cross-Site Scripting Vulnerabilities
9912| [29277] cPanel 'wwwact' Remote Privilege Escalation Vulnerability
9913| [29125] cPanel Multiple Cross-Site Scripting Vulnerabilities
9914| [28403] cPanel 'manpage.html' Cross-Site Scripting Vulnerability
9915| [28300] cPanel List Directories and Folders Information Disclosure Vulnerability
9916| [27308] cPanel 'dohtaccess.html' Cross-Site Scripting Vulnerability
9917| [25047] CPanel Resname Parameter Cross-Site Scripting Vulnerability
9918| [24586] CPanel SCGIwrap Path Disclosure And Cross-Site Scripting Vulnerabilities
9919| [22915] cPanel Multiple Local File Include Vulnerabilities
9920| [22474] CPanel PassWDMySQL Cross-Site Scripting Vulnerability
9921| [22455] Cpanel Web Hosting Manager OBJCache.PHP Remote File Include Vulnerability
9922| [21497] CPanel BoxTrapper Manage.HTML Cross-Site Scripting Vulnerability
9923| [21387] CPanel Multiple HTML Injection Vulnerabilities
9924| [21287] CPanel 11 Beta Multiple Cross-Site Scripting Vulnerabilities
9925| [21142] CPanel DNSlook.HTML Cross-Site Scripting Vulnerability
9926| [21027] CPanel User and Dir Parameters Multiple Cross-Site Scripting Vulnerabilities
9927| [20683] CPanel Multiple Cross-Site Scripting Vulnerabilities
9928| [20163] CPanel SUID Wrapper Remote Privilege Escalation Vulnerability
9929| [19624] CPanel Multiple Cross-Site Scripting Vulnerabilities
9930| [18671] cPanel OnMouseover Cross-Site Scripting Vulnerability
9931| [18655] Cpanel Select.HTML Cross-Site Scripting Vulnerability
9932| [16482] cPanel Multiple Cross-Site Scripting Vulnerabilities
9933| [15327] cPanel Chat Message Field HTML Injection Vulnerability
9934| [13996] cPanel User Parameter Cross-Site Scripting Vulnerability
9935| [11456] cPanel Front Page Extension Installation Information Disclosure Vulnerability
9936| [11455] cPanel Front Page Extension Installation File Ownership Vulnerability
9937| [11449] cPanel Remote Backup Information Disclosure Vulnerability
9938| [10505] cPanel Passwd Remote SQL Injection Vulnerability
9939| [10479] Multiple CPanel Perl Script Failure To Implement Taint Mode Weakness
9940| [10468] cPanel Killacct Script Customer Account DNS Information Deletion Vulnerability
9941| [10407] cPanel Local Privilege Escalation Vulnerability
9942| [10002] cPanel Multiple Module Cross-Site Scripting Vulnerabilities
9943| [9965] CPanel Multiple Cross-Site Scripting Vulnerabilities
9944| [9855] cPanel Login Script Remote Command Execution Vulnerability
9945| [9853] cPanel dir Parameter Cross-Site Scripting Vulnerability
9946| [9848] cPanel Resetpass Remote Command Execution Vulnerability
9947| [8119] CPanel Admin Interface HTML Injection Vulnerability
9948| [7758] cPanel/Formail-Clone E-Mail Restriction Bypass Vulnerability
9949| [6885] cPanel Openwebmail Local Privileges Escalation Vulnerability
9950| [6882] cPanel Guestbook.cgi Remote Command Execution Vulnerability
9951|
9952| IBM X-Force - https://exchange.xforce.ibmcloud.com:
9953| [85491] cPanel cpanellogd multiple privilege escalation
9954| [85114] Cpanel Xtra plugin for WHMXtra unspecified security bypass
9955| [80880] cPanel dir.html dir parameter cross-site scripting
9956| [80854] cPanel and WHM clientconf.html and detailbw.html cross-site scripting
9957| [80822] cPanel manage.html cross-site scripting
9958| [80514] cPanel multiple unspecified vulns
9959| [79604] cPanel Pro multiple cross-site request forgery
9960| [76017] cPanel multiple unspecified
9961| [71957] Whois.Cart Billing cpanel_2_log.htm information disclosure
9962| [67678] cPanel savefile.html cross-site request forgery
9963| [67175] cPanel X3 File Manager index.html cross-site scripting
9964| [63399] cPanel saveemail.html cross-site request forgery
9965| [61515] cPanel autoinstallhome.php security bypass
9966| [60429] cPanel unspecified cross-site scripting
9967| [60035] cPanel doaddftp.html cross-site request forgery
9968| [59275] Jreservation Component for Joomla! Property-Cpanel.html cross-site scripting
9969| [59274] Jreservation Component for Joomla! Property-Cpanel.html SQL Injection
9970| [59216] cPanel Image Manager target parameter file include
9971| [56437] cPanel addb.html cross-site request forgery
9972| [55814] cPanel failurl HTTP response splitting
9973| [55211] Whois.Cart cpanel_1_log.htm infomation disclosure
9974| [51426] cPanel lastvisit.html directory traversal
9975| [51412] Whois.Cart cpanel_1_log.htm information disclosure
9976| [51366] EgyPlus 7ml cpanel/login.php authentication bypass
9977| [49293] cPanel file manager cross-site scripting
9978| [48832] cPanel WHM interface cross-site request forgery
9979| [48831] cPanel scripts2/confdkillproc cross-site scripting
9980| [48830] cPanel .contactemail file cross-site scripting
9981| [46991] cPanel index.php directory traversal
9982| [46253] cPanel autoinstall4imagesgalleryupgrade.php cross-site scripting
9983| [46252] cPanel autoinstall4imagesgalleryupgrade.php file include
9984| [45147] Fantastico De Luxe module for cPanel xml.php file include
9985| [42529] cPanel wwwact privilege escalation
9986| [42306] cPanel WHM interface cross-site request forgery
9987| [42305] cPanel WHM interface cross-site scripting
9988| [42114] cPanel HTTP requests cross-site request forgery
9989| [41374] cPanel manpage.html cross-site scripting
9990| [41266] cPanel index.php showtree parameter information disclosure
9991| [39711] cPanel Hosting Manager dohtaccess.html cross-site scripting
9992| [35652] cPanel changepro.html cross-site scripting
9993| [35009] cPanel scgiwrap (Simple CGI Wrapper) path disclosure
9994| [35008] cPanel scgiwrap (Simple CGI Wrapper) cross-site scripting
9995| [32933] cPanel load_language.php and mysqlconfig.php file include
9996| [32462] cPanel passwdmysql cross-site scripting
9997| [32400] cPanel and WebHost Manager (WHM) Module scripts2/objcache cross-site scripting
9998| [30821] mxBB Cpanel Profile Module profilcp_constants.php file include
9999| [30793] cPanel pops.html cross-site scripting
10000| [30788] cPanel BoxTrapper manage.html cross-site scripting
10001| [30493] cPanel multiple scripts cross-site scripting
10002| [30413] cPanel Network Tools dnslook.html cross-site scripting
10003| [30229] cPanel user parameter cross-site scripting
10004| [29808] cPanel theme parameter cross-site scripting
10005| [29249] cPanel unspecified privilege escalation
10006| [28447] cPanel dohtaccess.html, editit.html and showfile.html cross-site scripting
10007| [27403] cPanel files/select.html cross-site scripting
10008| [26613] cPanel OpenBaseDir phpshell.php security bypass
10009| [25277] cPanel fantastico path disclosure
10010| [24839] cPanel dowebmailforward.cgi cross-site scripting
10011| [24580] cPanel admin username disclosure
10012| [24468] cPanel multiple scripts allow cross-site scripting
10013| [22993] cPanel Entropy Chat script can allow cross-site scripting
10014| [21781] cPanel administrator password allows domain access
10015| [21084] cPanel cpsrvd.pl cross-site scripting
10016| [17837] cPanel allows attacker to brute force account passwords
10017| [17781] cPanel _private modify permissions
10018| [17780] cPanel .htaccess modify ownership of files
10019| [17779] cPanel backup could allow an attacker to view files
10020| [16410] cPanel passwd allows password modification
10021| [16381] cPanel taint weak security
10022| [16347] cPanel suEXEC allows command execution
10023| [16325] cPanel killacct account deletion
10024| [16239] cPanel mod_phpsuexec allows command execution
10025| [16197] cPanel Fantastico information disclosure
10026| [15671] cPanel multiple scripts cross-site scripting
10027| [15517] cPanel dodelautores.html or addhandle.html cross-site scripting
10028| [15486] cPanel login scripts allows command execution
10029| [15485] cPanel dir parameter allows cross-site scripting
10030| [15443] cPanel resetpass section allows execution of commands
10031| [12508] cPanel Error Log and Latest Visitors page cross-site scripting
10032| [12237] cPanel Formail-clone domain name bypass allows email relaying
10033| [11357] cPanel SCRIPT_FILENAME privilege elevation
10034| [11356] cPanel guestbook.cgi command execution
10035|
10036| Exploit-DB - https://www.exploit-db.com:
10037| [30380] CPanel 10.9.1 Resname Parameter Cross-Site Scripting Vulnerability
10038| [29572] CPanel <= 11 PassWDMySQL Cross-Site Scripting Vulnerability
10039| [29238] cPanel Web Hosting Manager 3.1 - Multiple Cross-Site Scripting Vulnerabilities
10040| [29237] CPanel 11 BoxTrapper Manage.HTML Cross-Site Scripting Vulnerability
10041| [29188] cPanel WebHost Manager 3.1 park ndomain Parameter XSS
10042| [29187] cPanel WebHost Manager 3.1 dofeaturemanager feature Parameter XSS
10043| [29186] cPanel WebHost Manager 3.1 editzone domain Parameter XSS
10044| [29185] cPanel WebHost Manager 3.1 domts2 domain Parameter XSS
10045| [29184] cPanel WebHost Manager 3.1 editpkg pkg Parameter XSS
10046| [29183] cPanel WebHost Manager 3.1 addon_configsupport.cgi supporturl Parameter XSS
10047| [29182] cPanel WebHost Manager 3.1 dochangeemail email Parameter XSS
10048| [29181] CPanel 11 Beta Multiple Cross-Site Scripting Vulnerabilities
10049| [29071] CPanel 10 DNSlook.HTML Cross-Site Scripting Vulnerability
10050| [28983] cPanel 10 newuser.html Multiple Parameter XSS
10051| [28982] cPanel 10 seldir.html dir Parameter XSS
10052| [28844] cPanel 10.9 editzonetemplate template Parameter XSS
10053| [28843] cPanel 10.9 dosetmytheme theme Parameter XSS
10054| [28660] CPanel 5-10 SUID Wrapper Remote Privilege Escalation Vulnerability
10055| [28415] cPanel 10.x showfile.html file Parameter XSS
10056| [28414] cPanel 10.x editit.html file Parameter XSS
10057| [28413] cPanel 10.x dohtaccess.html dir Parameter XSS
10058| [28113] cPanel 10.8.1/10.8.2 OnMouseover Cross-Site Scripting Vulnerability
10059| [28107] Cpanel 10 Select.HTML Cross-Site Scripting Vulnerability
10060| [27162] cPanel 10.8.1 - Multiple Cross-Site Scripting Vulnerabilities
10061| [25846] cPanel <= 9.1 User Parameter Cross-Site Scripting Vulnerability
10062| [24689] cPanel 9.9.1 -R3 Front Page Extension Installation Information Disclosure
10063| [24183] cPanel 5-9 Passwd Remote SQL Injection Vulnerability
10064| [24172] cPanel 5-9 Killacct Script Customer Account DNS Information Deletion Vulnerability
10065| [24141] cPanel 5-9 Local Privilege Escalation Vulnerability
10066| [23807] cPanel 5/6/7/8/9 Login Script Remote Command Execution Vulnerability
10067| [23806] cPanel 5/6/7/8/9 dir Parameter Cross-Site Scripting Vulnerability
10068| [23804] cPanel 5/6/7/8/9 Resetpass Remote Command Execution Vulnerability
10069| [22874] CPanel 5.0/5.3/6.x Admin Interface HTML Injection Vulnerability
10070| [22693] cPanel 5/6,Formail-Clone E-Mail Restriction Bypass Vulnerability
10071| [22265] cPanel 5.0 Openwebmail Local Privileges Escalation Vulnerability
10072| [22263] cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (4)
10073| [22262] cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (3)
10074| [22261] cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (2)
10075| [22260] cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (1)
10076| [17330] cPanel < 11.25 CSRF - Add User php Script
10077| [15593] Cpanel 11.x - Edit E-mail Cross Site Request Forgery exploit
10078| [14854] MOAUB #1 - Cpanel PHP Restriction Bypass Vulnerability 0day
10079| [14188] Cpanel 11.25 - CSRF Add FTP Account Exploit
10080| [11527] cPanel Multiple CSRF Vulnerabilities
10081| [11211] cPanel HTTP Response Splitting Vulnerability
10082| [9039] Cpanel - (lastvisit.html domain) Arbitrary File Disclosure Vulnerability (auth)
10083| [6897] cpanel 11.x XSS / Local File Inclusion Vulnerability
10084| [6461] Cpanel <= 11.x (Fantastico) LFI Vulnerability (sec bypass)
10085| [3459] cPanel <= 10.9.x (fantastico) Local File Inclusion Vulnerabilities
10086| [2554] cPanel <= 10.8.x (cpwrap via mysqladmin) Local Root Exploit (php)
10087| [2466] cPanel <= 10.8.x (cpwrap via mysqladmin) Local Root Exploit
10088|
10089| OpenVAS (Nessus) - http://www.openvas.org:
10090| No findings
10091|
10092| SecurityTracker - https://www.securitytracker.com:
10093| [1028743] cPanel Flaws in Archive Function Let Local Users Gain Elevated Privileges
10094| [1027928] cPanel Input Validation Flaws in 'clientconf.html' and 'detailbw.html' Permit Cross-Site Scripting Attacks
10095| [1027923] cPanel Input Validation Flaw in 'account' Parameter Permits Cross-Site Scripting Attacks
10096| [1027839] cPanel Unspecified Flaws Have Unspecified Impact
10097| [1027111] cPanel Unspecified Flaws Have Unspecified Impact
10098| [1024382] cPanel Error in 'autoinstallhome.php' Lets Local Users Bypass PHP Restrictions
10099| [1022490] cPanel Input Validation Flaw in 'lastvisit.html' Lets Remote Users View Files
10100| [1020042] cPanel Input Validation Flaw in 'Email' Parameter Lets Local Users Gain Elevated Privileges
10101| [1016913] cPanel Bug Lets Remote Authenticated Users Gain Root Access
10102| [1016383] cPanel Input Validation Flaw in 'select.html' Permits Cross-Site Scripting Attacks
10103| [1015589] cPanel 'mime/handle.html' Input Validation Bug Permits Cross-Site Scripting Attacks
10104| [1015157] cPanel Input Validation Hole in Entropy Chat Permits Cross-Site Scripting Attacks
10105| [1014633] cPanel Domain Access Control Flaw May Let Remote Users Access Other Domains in Certain Cases
10106| [1011877] cPanel Webmail Only Requires First Eight Characters of Password
10107| [1011762] cPanel Backup and FrontPage Management Bugs Let Remote Authenticated Users View, Edit, and Own Arbitrary Files
10108| [1010449] cPanel Access Control Flaw Lets Remote Authenticated Users Make Unauthorized Database Password Changes
10109| [1010411] cPanel suEXEC Flaw May Let Remote Authenticated Users Execute Abitrary Code
10110| [1010398] cPanel 'killacct' May Let Remote Authenticated Administrators Delete Accounts Belonging to Other Administrators
10111| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
10112| [1009541] cPanel 'dodelautores.html' and 'addhandle.html' Input Validation Flaws Permit Cross-Site Scripting Attacks
10113| [1009402] cPanel 'dohtaccess' Input Validation Flaw Permits Cross-Site Scripting Attacks
10114| [1009400] cPanel Password Reset and Login Features Let Remote Users Execute Arbitrary Commands With Root Privileges
10115| [1007113] cPanel Log File Filtering Flaw Permits Remote Cross-Site Scripting Attacks Against Administrators
10116| [1006127] cPanel Web Hosting Control Panel Bugs Let Remote Users Execute Arbitrary Commands and Local Users Gain Root Privileges
10117|
10118| OSVDB - http://www.osvdb.org:
10119| [96167] SecPanel Unspecified User Plaintext Local Password Disclosure
10120| [96166] cPanel WHM Suspend Function Arbitrary Account Lockout Local DoS
10121| [96165] cPanel WHM Purchase and Install an SSL Certificate Feature Arbitrary File Overwrite
10122| [96164] cPanel WHM Unspecified Arbitrary Domain Manipulation
10123| [96163] cPanel WHM Unspecified Arbitrary DNS Zone Modification
10124| [94918] cPanel cpanellogd Cpanel::Logs::prep_logs_path Archive Creation Local Privilege Escalation
10125| [94904] RVSiteBuilder Plugin for cPanel Unspecified Symlink Local Privilege Escalation
10126| [94903] RVSkin rvwrapper Arbitrary cPanel Account Manipulation
10127| [94902] RVSiteBuilder Plugin for cPanel Unspecified Hardlink Arbitrary File Access
10128| [94884] cPanel Web Host Manager (WHM) locale Function Privilege Escalation
10129| [94868] cPanel Restore a Full Backup/cpmove File Feature Crafted Archive Restoration Symlink Arbitrary File Access
10130| [94865] cPremote Plugin for cPanel Unauthorized User Backup Service Access
10131| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
10132| [94859] cPanel /scripts2/ssh_doaddkey Arbitrary SSH Key Overwrite DoS
10133| [94427] WHMXtra Ultimate Pro Cpanel Xtra Plugin Arbitrary File Manipulation
10134| [94333] Varnish Plugin for cPanel Advanced Configuration Page Remote Privilege Escalation
10135| [88872] cPanel WebHost Manager (WHM) /webmail/x3/mail/filters/editfilter.html filtername Parameter XSS
10136| [88820] cPanel dir.html dir Parameter XSS
10137| [88773] cPanel WebHost Manager (WHM) /webmail/x3/mail/clientconf.html acct Parameter XSS
10138| [88749] cPanel frontend/x3/mail/manage.html account Parameter XSS
10139| [88125] cPanel Multiple Unspecified Issues
10140| [82646] cPanel cPDAVd Filename Parsing Remote Code Execution
10141| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
10142| [80801] Almnzm /admincpanel/index.php Arbitrary Admin Creation CSRF
10143| [68373] cPanel Local safe_mode Bypass
10144| [67159] cPanel Unspecified XSS
10145| [61954] cPanel login/index.php failurl Parameter HTTP Response Splitting
10146| [61231] cPanel frontend/x3/files/fileop.html fileop Parameter XSS
10147| [56919] Fantastico De Luxe Module for cPanel autoinstall4imagesgalleryupgrade.php scriptpath_show Parameter Traversal Local File Inclusion
10148| [55545] Fantastico for cPanel index.php sup3r Parameter Traversal Arbitrary File Access
10149| [55515] cPanel frontend/x3/stats/lastvisit.html domain Parameter Traversal Arbitrary File Access
10150| [55301] 7ammel (7ml) cpanel/login.php Multiple Parameter SQL Injection
10151| [55286] 7ammel (7ml) cpanel/login.php Multiple Parameter SQL Injection
10152| [54356] Fantastico De Luxe Module for cPanel language.php Manipulation Privilege Escalation
10153| [53264] cPanel Legacy File Manager Filename XSS
10154| [53263] cPanel Standard File Manager Filename XSS
10155| [52253] cPanel Module Installation Function CSRF
10156| [52252] cPanel Password Change Function CSRF
10157| [52251] cPanel scripts2/confdkillproc Query String XSS
10158| [52250] cPanel .contactemail Local File XSS
10159| [51582] cPanel Disk Usage Module frontend/x/diskusage/index.html showtree Parameter Traversal Arbitrary Directory Listing
10160| [49518] Fantastico De Luxe Module for cPanel autoinstall4imagesgalleryupgrade.php Multiple Parameter XSS
10161| [48126] Fantastico De Luxe Module for cPanel includes/xml.php fantasticopath Parameter Local File Inclusion
10162| [45816] cPanel scripts/wwwacct Email Address Field Arbitrary Shell Command Execution
10163| [45068] WHM Interface for cPanel cpanel/whm/webmail CSRF
10164| [45067] WHM Interface for cPanel scripts2/listaccts search Parameter XSS
10165| [45066] WHM Interface for cPanel scripts2/changeip user Parameter XSS
10166| [45065] WHM Interface for cPanel scripts2/knowlegebase issue Parameter XSS
10167| [44848] cPanel frontend/x2/ftp/doaddftp.html command1 Parameter CSRF
10168| [44847] cPanel frontend/x2/sql/adduser.html command1 Parameter CSRF
10169| [44846] cPanel frontend/x2/sql/adddb.html command1 Parameter CSRF
10170| [44845] cPanel frontend/x2/cron/editcronsimple.html command1 Parameter CSRF
10171| [43854] cPanel frontend/x/manpage.html Query String XSS
10172| [40512] cPanel dohtaccess.html rurl Parameter XSS
10173| [39286] Dada Mail cpanel Mass Add/DL Subscriber XSS
10174| [36468] cPanel frontend/x/htaccess/changepro.html resname Parameter XSS
10175| [35861] cPanel Simple CGI Wrapper Direct Request Path Disclosure
10176| [35860] cPanel Simple CGI Wrapper URI XSS
10177| [35750] cPanel scripts2/objcache objcache Parameter Remote File Inclusion
10178| [35037] Fantastico for cPanel includes/mysqlconfig.php fantasticopath Parameter Traversal Local File Inclusion
10179| [35036] Fantastico for cPanel includes/load_language.php userlanguage Parameter Traversal Local File Inclusion
10180| [33240] cPanel WebHost Manager (WHM) scripts2/objcache obj Variable Arbitrary Limited File Overwrite
10181| [33239] cPanel WebHost Manager (WHM) scripts/rearrangeacct domain Parameter XSS
10182| [33238] cPanel WebHost Manager (WHM) scripts2/dofeaturemanager feature Parameter XSS
10183| [33237] cPanel WebHost Manager (WHM) scripts2/limitbw domain Parameter XSS
10184| [33236] cPanel WebHost Manager (WHM) scripts2/changeemail domain Parameter XSS
10185| [33235] cPanel err/erredit.html dir Parameter XSS
10186| [33234] cPanel cpanelpro/dohtaccess.html dir Parameter XSS
10187| [33233] cPanel mail/pops.html domain Parameter XSS
10188| [32044] cPanel WebHost Manager (WHM) scripts/passwdmysql password Parameter XSS
10189| [32043] cPanel scripts2/objcache objcache Parameter XSS
10190| [32042] cPanel BoxTrapper /mail/manage.html account Parameter XSS
10191| [31835] cPanel PHP OpenBaseDir Configuration Local Access Restriction Bypass
10192| [31757] cPanel WebHost Manager (WHM) park ndomain Parameter XSS
10193| [31756] cPanel WebHost Manager (WHM) dofeaturemanager feature Parameter XSS
10194| [31755] cPanel WebHost Manager (WHM) editzone domain Parameter XSS
10195| [31754] cPanel WebHost Manager (WHM) domts2 domain Parameter XSS
10196| [31753] cPanel WebHost Manager (WHM) editpkg pkg Parameter XSS
10197| [31752] cPanel WebHost Manager (WHM) addon_configsupport.cgi supporturl Parameter XSS
10198| [31751] cPanel WebHost Manager (WHM) dochangeemail email Parameter XSS
10199| [30586] cPanel dnslook.html dns Parameter XSS
10200| [30387] cPanel newuser.html Multiple Parameter XSS
10201| [30386] cPanel seldir.html dir Parameter XSS
10202| [30048] cPanel editzonetemplate template Parameter XSS
10203| [30047] cPanel dosetmytheme theme Parameter XSS
10204| [29122] cPanel mysqladmin/hooksadmin Unspecified Privilege Escalation
10205| [29072] cPanel Multiple Password User Authentication Weakness
10206| [28043] cPanel showfile.html file Parameter XSS
10207| [28042] cPanel editit.html file Parameter XSS
10208| [28041] cPanel dohtaccess.html dir Parameter XSS
10209| [26866] cPanel select.html file Parameter XSS
10210| [24056] Fantastico cPanel Add-on Script Installation Failure Path Disclosure
10211| [22972] cPanel Null Login Administrator Username Disclosure
10212| [22971] cPanel dowebmailforward.cgi fwd Parameter XSS
10213| [22940] cPanel handle.html Multiple Field XSS
10214| [22939] cPanel detailbw.html target Parameter XSS
10215| [22938] cPanel diskusage.html showtree Parameter XSS
10216| [22937] cPanel dodelpop.html email Parameter XSS
10217| [22936] cPanel editquota.html email Parameter XSS
10218| [22906] cPanel webmailaging.cgi numdays Parameter XSS
10219| [20459] cPanel Entropy Chat Message Field XSS
10220| [18661] cPanel Common Password Cross Domain Privilege Escalation
10221| [17399] cPanel cpsrvd.pl user Parameter XSS
10222| [15298] cPanel/WHM SSH Port Forwarding Anonymous Proxy
10223| [11043] cPanel Webmail Truncated Password Weakness
10224| [10962] cPanel Frontpage _private Symlink Arbitrary File Permission Modification
10225| [10961] cPanel Frontpage .htaccess Hardlink Arbitrary File Owernship Modification
10226| [10960] cPanel Backup Feature Hardlink Arbitrary File Access
10227| [7665] cPanel whm Password File Locking Issue
10228| [7006] cPanel passwd Script Unauthorized Database Password Change
10229| [6946] cPanel detailbw.html Multiple Parameter XSS
10230| [6945] cPanel detailsubbw.html Multiple Parameter XSS
10231| [6944] cPanel bwday.html Multiple Parameter XSS
10232| [6943] cPanel detailsubbw.html View Unauthorized Domain Statistics
10233| [6942] cPanel bwday.html View Unauthorized Domain Statistics
10234| [6941] cPanel detailbw.html View Unauthorized Domain Statistics
10235| [6940] cPanel suEXEC Privilege Escalation
10236| [6712] cPanel killacct Script Arbitrary DNS Deletion
10237| [6418] cPanel mod_phpsuexec Arbitrary Code Execution
10238| [4530] cPanel addhandle.html handle Parameter XSS
10239| [4529] cPanel dodelautores.html email Parameter XSS
10240| [4244] cPanel htaccess/index.html dir Parameter XSS
10241| [4243] cPanel del.html account Parameter XSS
10242| [4222] cPanel Formail-clone E-Mail Relay
10243| [4220] cPanel guestbook.cgi template Variable Arbitrary Command Execution
10244| [4219] cPanel dohtaccess.html dir Parameter XSS
10245| [4218] cPanel Login Page user Parameter Arbitrary Command Execution
10246| [4217] cPanel editmsg.html Arbitrary File Access
10247| [4216] cPanel erredit.html Arbitrary File Access
10248| [4215] cPanel editmsg.html account Parameter XSS
10249| [4214] cPanel doaddftp.html login Parameter XSS
10250| [4213] cPanel repairdb.html db Parameter XSS
10251| [4212] cPanel showlog.html account Parameter XSS
10252| [4211] cPanel ignorelist.html account Parameter XSS
10253| [4210] cPanel dnslook.html dns Parameter XSS
10254| [4209] cPanel erredit.html file Parameter XSS
10255| [4208] cPanel testfile.html email Parameter XSS
10256| [4205] cPanel resetpass Arbitrary Command Execution
10257| [2277] cPanel Error Log Malicious HTML Tags Injection
10258|_
102592082/tcp open infowave?
10260| fingerprint-strings:
10261| SIPOptions:
10262| HTTP/1.1 301 Moved
10263| Content-length: 129
10264| Location: https://server.akinmedya.com.tr:2083/sip%3anm
10265| Content-type: text/html; charset="utf-8"
10266| Cache-Control: no-cache, no-store, must-revalidate, private
10267|_ <html><head><META HTTP-EQUIV="refresh" CONTENT="2;URL=https://server.akinmedya.com.tr:2083/sip%3anm"></head><body></body></html>
102682083/tcp open ssl/radsec?
10269| fingerprint-strings:
10270| GetRequest:
10271| HTTP/1.0 200 OK
10272| Connection: close
10273| Content-Type: text/html; charset="utf-8"
10274| Date: Mon, 25 Nov 2019 00:42:54 GMT
10275| Cache-Control: no-cache, no-store, must-revalidate, private
10276| Pragma: no-cache
10277| Set-Cookie: cprelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
10278| Set-Cookie: cpsession=%3akOsqRxTYIcQp4aES%2c9f428c5ff217307809a1afc70eea0d59; HttpOnly; path=/; port=2083; secure
10279| Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
10280| Set-Cookie: roundcube_sessauth=expired; HttpOnly; domain=server.akinmedya.com.tr; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
10281| Set-Cookie: Horde=expired; HttpOnly; domain=.server.akinmedya.com.tr; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
10282| Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.server.akinmedya.com.tr; expires=Th
10283| HTTPOptions:
10284| HTTP/1.0 200 OK
10285| Connection: close
10286| Content-Type: text/html; charset="utf-8"
10287| Date: Mon, 25 Nov 2019 00:42:55 GMT
10288| Cache-Control: no-cache, no-store, must-revalidate, private
10289| Pragma: no-cache
10290| Set-Cookie: cprelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
10291| Set-Cookie: cpsession=%3a9UFn5Ij7jrpjCmyG%2c40e2f419e319186a35c3955c3a9462cf; HttpOnly; path=/; port=2083; secure
10292| Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
10293| Set-Cookie: roundcube_sessauth=expired; HttpOnly; domain=server.akinmedya.com.tr; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
10294| Set-Cookie: Horde=expired; HttpOnly; domain=.server.akinmedya.com.tr; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2083; secure
10295|_ Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.server.akinmedya.com.tr; expires=Th
102962086/tcp open gnunet?
10297| fingerprint-strings:
10298| SIPOptions:
10299| HTTP/1.1 301 Moved
10300| Content-length: 129
10301| Location: https://server.akinmedya.com.tr:2087/sip%3anm
10302| Content-type: text/html; charset="utf-8"
10303| Cache-Control: no-cache, no-store, must-revalidate, private
10304|_ <html><head><META HTTP-EQUIV="refresh" CONTENT="2;URL=https://server.akinmedya.com.tr:2087/sip%3anm"></head><body></body></html>
103052087/tcp open ssl/eli?
10306| fingerprint-strings:
10307| GetRequest:
10308| HTTP/1.0 200 OK
10309| Connection: close
10310| Content-Type: text/html; charset="utf-8"
10311| Date: Mon, 25 Nov 2019 00:42:54 GMT
10312| Cache-Control: no-cache, no-store, must-revalidate, private
10313| Pragma: no-cache
10314| Set-Cookie: whostmgrrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
10315| Set-Cookie: whostmgrsession=%3aoAVELYVdZMWuvMd6%2c603ece446142da2cbe1aa5bf8e20a897; HttpOnly; path=/; port=2087; secure
10316| Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
10317| Set-Cookie: roundcube_sessauth=expired; HttpOnly; domain=server.akinmedya.com.tr; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
10318| Set-Cookie: Horde=expired; HttpOnly; domain=.server.akinmedya.com.tr; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
10319| Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.server.akinmedya.com.tr
10320| HTTPOptions:
10321| HTTP/1.0 200 OK
10322| Connection: close
10323| Content-Type: text/html; charset="utf-8"
10324| Date: Mon, 25 Nov 2019 00:42:55 GMT
10325| Cache-Control: no-cache, no-store, must-revalidate, private
10326| Pragma: no-cache
10327| Set-Cookie: whostmgrrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
10328| Set-Cookie: whostmgrsession=%3a4xlkwm6Psqp7YBQn%2c8a1e6839a2c6fc66ae72c0637f9febaa; HttpOnly; path=/; port=2087; secure
10329| Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
10330| Set-Cookie: roundcube_sessauth=expired; HttpOnly; domain=server.akinmedya.com.tr; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
10331| Set-Cookie: Horde=expired; HttpOnly; domain=.server.akinmedya.com.tr; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2087; secure
10332|_ Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.server.akinmedya.com.tr
103332095/tcp open nbx-ser?
10334| fingerprint-strings:
10335| SIPOptions:
10336| HTTP/1.1 301 Moved
10337| Content-length: 129
10338| Location: https://server.akinmedya.com.tr:2096/sip%3anm
10339| Content-type: text/html; charset="utf-8"
10340| Cache-Control: no-cache, no-store, must-revalidate, private
10341|_ <html><head><META HTTP-EQUIV="refresh" CONTENT="2;URL=https://server.akinmedya.com.tr:2096/sip%3anm"></head><body></body></html>
103422096/tcp open ssl/nbx-dir?
10343| fingerprint-strings:
10344| GetRequest:
10345| HTTP/1.0 200 OK
10346| Connection: close
10347| Content-Type: text/html; charset="utf-8"
10348| Date: Mon, 25 Nov 2019 00:42:54 GMT
10349| Cache-Control: no-cache, no-store, must-revalidate, private
10350| Pragma: no-cache
10351| Set-Cookie: webmailrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure
10352| Set-Cookie: webmailsession=%3aMTuivmcdA3iE4ppO%2ca4f968f73c2bd082965350c40cd88ae3; HttpOnly; path=/; port=2096; secure
10353| Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure
10354| Set-Cookie: roundcube_sessauth=expired; HttpOnly; domain=server.akinmedya.com.tr; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure
10355| Set-Cookie: Horde=expired; HttpOnly; domain=.server.akinmedya.com.tr; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure
10356| Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.server.akinmedya.com.tr;
10357| HTTPOptions:
10358| HTTP/1.0 200 OK
10359| Connection: close
10360| Content-Type: text/html; charset="utf-8"
10361| Date: Mon, 25 Nov 2019 00:42:55 GMT
10362| Cache-Control: no-cache, no-store, must-revalidate, private
10363| Pragma: no-cache
10364| Set-Cookie: webmailrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure
10365| Set-Cookie: webmailsession=%3agyj4LvtTFaJLL92Z%2c3ec28313541f3d4a8f13496ae01a8d0c; HttpOnly; path=/; port=2096; secure
10366| Set-Cookie: roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure
10367| Set-Cookie: roundcube_sessauth=expired; HttpOnly; domain=server.akinmedya.com.tr; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure
10368| Set-Cookie: Horde=expired; HttpOnly; domain=.server.akinmedya.com.tr; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=2096; secure
10369|_ Set-Cookie: horde_secret_key=expired; HttpOnly; domain=.server.akinmedya.com.tr;
103703306/tcp open mysql MySQL 5.7.28
10371| vulscan: VulDB - https://vuldb.com:
10372| [138098] Oracle MySQL Server up to 5.7.26/8.0.16 Audit Plug-in unknown vulnerability
10373| [138097] Oracle MySQL Server up to 5.7.26/8.0.16 Client programs denial of service
10374| [138094] Oracle MySQL Server up to 5.7.25/8.0.15 Replication denial of service
10375| [138085] Oracle MySQL Server up to 5.7.26/8.0.16 Optimizer denial of service
10376| [138084] Oracle MySQL Server up to 5.7.26/8.0.16 Optimizer denial of service
10377| [138073] Oracle MySQL Server up to 5.7.26/8.0.16 Audit Log denial of service
10378| [138072] Oracle MySQL Server up to 5.7.26/8.0.16 Privileges unknown vulnerability
10379| [138071] Oracle MySQL Server up to 5.7.23 Replication unknown vulnerability
10380| [138069] Oracle MySQL Server up to 5.7.26/8.0.16 InnoDB unknown vulnerability
10381| [138058] Oracle MySQL Server up to 5.7.26/8.0.15 cURL unknown vulnerability
10382| [129647] Oracle MySQL Server up to 5.7.24/8.0.13 Privileges denial of service
10383| [129646] Oracle MySQL Server up to 5.7.24/8.0.13 Privileges denial of service
10384| [129644] Oracle MySQL Server up to 5.7.24/8.0.13 Partition denial of service
10385| [129640] Oracle MySQL Server up to 5.7.24/8.0.13 Optimizer denial of service
10386| [129635] Oracle MySQL Server up to 5.7.24/8.0.13 InnoDB denial of service
10387| [129628] Oracle MySQL Server up to 5.7.24/8.0.13 Parser denial of service
10388| [125567] Oracle MySQL Server up to 5.7.23/8.0.12 Logging denial of service
10389| [125566] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
10390| [125561] Oracle MySQL Server up to 5.7.23/8.0.12 Partition denial of service
10391| [125555] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
10392| [125554] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
10393| [125553] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
10394| [125552] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
10395| [125551] Oracle MySQL Server up to 5.7.23/8.0.12 Partition denial of service
10396| [125549] Oracle MySQL Server up to 5.7.23/8.0.12 Optimizer denial of service
10397| [125546] Oracle MySQL Server up to 5.7.23/8.0.12 InnoDB denial of service
10398| [125545] Oracle MySQL Server up to 5.7.23/8.0.12 Audit denial of service
10399| [125536] Oracle MySQL Server up to 5.7.23/8.0.12 Parser denial of service
10400| [121797] Oracle MySQL Server up to 5.7.22/8.0.11 Privileges unknown vulnerability
10401| [121792] Oracle MySQL Server up to 5.7.22 DML denial of service
10402| [121789] Oracle MySQL Server up to 5.7.22/8.0.11 DDL denial of service
10403| [121788] Oracle MySQL Server up to 5.7.22/8.0.11 DDL denial of service
10404| [121786] Oracle MySQL Server up to 5.7.22 Audit Log denial of service
10405| [121779] Oracle MySQL Server up to 5.7.22/8.0.11 DML denial of service
10406| [121778] Oracle MySQL Server up to 5.7.22/8.0.11 InnoDB denial of service
10407| [116759] Oracle MySQL Server up to 5.7.21 Group Replication GCS denial of service
10408| [116758] Oracle MySQL Server up to 5.7.21 Pluggable Auth denial of service
10409| [116757] Oracle MySQL Server up to 5.7.21 Performance Schema denial of service
10410| [116756] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
10411| [116754] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
10412| [116753] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
10413| [116752] Oracle MySQL Server up to 5.7.21 DML denial of service
10414| [116750] Oracle MySQL Server up to 5.7.21 InnoDB denial of service
10415| [116749] Oracle MySQL Server up to 5.7.21 InnoDB denial of service
10416| [116747] Oracle MySQL Server up to 5.7.21 InnoDB denial of service
10417| [116745] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
10418| [116743] Oracle MySQL Server up to 5.7.21 InnoDB denial of service
10419| [116740] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
10420| [116739] Oracle MySQL Server up to 5.7.21 Optimizer denial of service
10421| [112110] Oracle MySQL Server up to 5.7.20 Optimizer denial of service
10422| [112109] Oracle MySQL Server up to 5.7.20 Optimizer denial of service
10423| [112108] Oracle MySQL Server up to 5.7.20 InnoDB denial of service
10424| [112107] Oracle MySQL Server up to 5.7.20 DML denial of service
10425| [112106] Oracle MySQL Server up to 5.7.20 DML denial of service
10426| [112105] Oracle MySQL Server up to 5.7.20 DML denial of service
10427| [75159] Oracle MySQL up to 5.7.2 SSL Client weak encryption
10428| [108192] Oracle MySQL Server up to 5.7.18 InnoDB denial of service
10429| [108189] Oracle MySQL Server up to 5.7.18 Stored Procedure denial of service
10430| [108188] Oracle MySQL Server up to 5.7.19 Replication denial of service
10431| [108183] Oracle MySQL Server up to 5.7.19 InnoDB denial of service
10432| [108182] Oracle MySQL Server up to 5.7.19 FTS denial of service
10433| [108181] Oracle MySQL Server up to 5.7.18 DML denial of service
10434| [108180] Oracle MySQL Server up to 5.7.19 Group Replication GCS denial of service
10435| [108175] Oracle MySQL Server up to 5.7.19 Optimizer denial of service
10436| [104088] Oracle MySQL Server up to 5.7.18 C API information disclosure
10437| [104081] Oracle MySQL Server up to 5.7.16 X Plugin denial of service
10438| [104080] Oracle MySQL Server up to 5.7.18 Optimizer denial of service
10439| [104079] Oracle MySQL Server up to 5.7.18 Optimizer denial of service
10440| [104078] Oracle MySQL Server up to 5.7.18 Optimizer denial of service
10441| [104077] Oracle MySQL Server up to 5.7.18 DML denial of service
10442| [104076] Oracle MySQL Server up to 5.7.18 DML denial of service
10443| [104074] Oracle MySQL Server up to 5.7.18 DML denial of service
10444| [104073] Oracle MySQL Server up to 5.7.18 DML denial of service
10445| [104072] Oracle MySQL Server up to 5.7.18 X Plugin denial of service
10446| [104071] Oracle MySQL Server up to 5.7.18 UDF denial of service
10447| [100232] Oracle MySQL Server up to 5.7.17 Encryption weak encryption
10448| [100227] Oracle MySQL Server up to 5.7.17 C API information disclosure
10449| [100226] Oracle MySQL Server up to 5.7.17 Privileges unknown vulnerability
10450| [100221] Oracle MySQL Server up to 5.7.17 Optimizer denial of service
10451| [100220] Oracle MySQL Server up to 5.7.17 DML denial of service
10452| [100219] Oracle MySQL Server up to 5.7.17 DML denial of service
10453| [100217] Oracle MySQL Server up to 5.7.17 Audit Plug-in denial of service
10454| [100214] Oracle MySQL Server up to 5.7.17 Privileges unknown vulnerability
10455| [100212] Oracle MySQL Server up to 5.7.17 InnoDB denial of service
10456| [100206] Oracle MySQL Server up to 5.7.17 DML denial of service
10457| [95730] Oracle MySQL Server up to 5.7.16 Encryption weak encryption
10458| [95729] Oracle MySQL Server up to 5.7.16 X Plugin unknown vulnerability
10459| [95719] Oracle MySQL Server up to 5.7.16 Optimizer denial of service
10460| [95716] Oracle MySQL Server up to 5.7.16 Replication denial of service
10461| [95714] Oracle MySQL Server 5.6.34 5.7.16 InnoDB denial of service
10462| [92895] Oracle MySQL Server up to 5.6.31 5.7.13 DML denial of service
10463| [92835] Oracle MySQL Server up to 5.7.13 Audit denial of service
10464| [92834] Oracle MySQL Server up to 5.7.13 RBR denial of service
10465| [92833] Oracle MySQL Server up to 5.7.13 Performance Schema denial of service
10466| [92832] Oracle MySQL Server up to 5.7.14 Optimizer denial of service
10467| [92831] Oracle MySQL Server up to 5.7.13 Memcached denial of service
10468| [92829] Oracle MySQL Server up to 5.6.31 5.7.13 InnoDB denial of service
10469| [92828] Oracle MySQL Server up to 5.7.13 InnoDB denial of service
10470| [92826] Oracle MySQL Server up to 5.7.13 DML denial of service
10471| [92821] Oracle MySQL Server up to 5.7.13 Replication denial of service
10472| [92820] Oracle MySQL Server up to 5.7.13 Performance Schema denial of service
10473| [92790] Oracle MySQL Server up to 5.7.14 Privileges information disclosure
10474| [90134] Oracle MySQL Server up to 5.7.12 Encryption denial of service
10475| [90133] Oracle MySQL Server up to 5.7.12 Replication denial of service
10476| [90130] Oracle MySQL Server up to 5.7.12 Optimizer denial of service
10477| [90129] Oracle MySQL Server up to 5.7.12 Log denial of service
10478| [90127] Oracle MySQL Server up to 5.7.12 InnoDB denial of service
10479| [90124] Oracle MySQL Server up to 5.7.12 InnoDB memory corruption
10480| [90122] Oracle MySQL Server up to 5.7.12 Optimizer denial of service
10481| [90117] Oracle MySQL Server up to 5.7.11 Optimizer denial of service
10482| [80599] Oracle MySQL Server 5.7.9 Partition denial of service
10483| [80598] Oracle MySQL Server 5.7.9 Optimizer denial of service
10484|
10485| MITRE CVE - https://cve.mitre.org:
10486| [CVE-2013-3812] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
10487| [CVE-2013-3811] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.
10488| [CVE-2013-3810] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.
10489| [CVE-2013-3809] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.
10490| [CVE-2013-3808] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
10491| [CVE-2013-3807] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.
10492| [CVE-2013-3806] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.
10493| [CVE-2013-3805] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.
10494| [CVE-2013-3804] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10495| [CVE-2013-3802] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.
10496| [CVE-2013-3801] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
10497| [CVE-2013-3798] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.
10498| [CVE-2013-3796] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10499| [CVE-2013-3795] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
10500| [CVE-2013-3794] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
10501| [CVE-2013-3793] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
10502| [CVE-2013-3783] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.
10503| [CVE-2013-2395] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567.
10504| [CVE-2013-2392] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10505| [CVE-2013-2391] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.
10506| [CVE-2013-2389] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
10507| [CVE-2013-2381] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.
10508| [CVE-2013-2378] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
10509| [CVE-2013-2376] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
10510| [CVE-2013-2375] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
10511| [CVE-2013-1861] MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
10512| [CVE-2013-1570] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached.
10513| [CVE-2013-1567] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-2395.
10514| [CVE-2013-1566] Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
10515| [CVE-2013-1555] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
10516| [CVE-2013-1552] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
10517| [CVE-2013-1548] Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.
10518| [CVE-2013-1544] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
10519| [CVE-2013-1532] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
10520| [CVE-2013-1531] Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.
10521| [CVE-2013-1526] Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
10522| [CVE-2013-1523] Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer.
10523| [CVE-2013-1521] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.
10524| [CVE-2013-1512] Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
10525| [CVE-2013-1511] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
10526| [CVE-2013-1506] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.
10527| [CVE-2013-1502] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.
10528| [CVE-2013-1492] Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.
10529| [CVE-2013-0389] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10530| [CVE-2013-0386] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
10531| [CVE-2013-0385] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.
10532| [CVE-2013-0384] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
10533| [CVE-2013-0383] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.
10534| [CVE-2013-0375] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
10535| [CVE-2013-0371] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.
10536| [CVE-2013-0368] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
10537| [CVE-2013-0367] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
10538| [CVE-2012-5615] MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
10539| [CVE-2012-5614] Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.
10540| [CVE-2012-5613] ** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
10541| [CVE-2012-5612] Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
10542| [CVE-2012-5611] Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
10543| [CVE-2012-5383] ** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the MySQL installation.
10544| [CVE-2012-5096] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.
10545| [CVE-2012-5060] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
10546| [CVE-2012-4452] MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6.
10547| [CVE-2012-4414] Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
10548| [CVE-2012-3197] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
10549| [CVE-2012-3180] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10550| [CVE-2012-3177] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.
10551| [CVE-2012-3173] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.
10552| [CVE-2012-3167] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.
10553| [CVE-2012-3166] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
10554| [CVE-2012-3163] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
10555| [CVE-2012-3160] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.
10556| [CVE-2012-3158] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.
10557| [CVE-2012-3156] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.
10558| [CVE-2012-3150] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10559| [CVE-2012-3149] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client.
10560| [CVE-2012-3147] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client.
10561| [CVE-2012-3144] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.
10562| [CVE-2012-2750] Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibility.
10563| [CVE-2012-2749] MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.
10564| [CVE-2012-2122] sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
10565| [CVE-2012-2102] MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.
10566| [CVE-2012-1757] Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
10567| [CVE-2012-1756] Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.
10568| [CVE-2012-1735] Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10569| [CVE-2012-1734] Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10570| [CVE-2012-1705] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10571| [CVE-2012-1703] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10572| [CVE-2012-1702] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.
10573| [CVE-2012-1697] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
10574| [CVE-2012-1696] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10575| [CVE-2012-1690] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10576| [CVE-2012-1689] Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10577| [CVE-2012-1688] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.
10578| [CVE-2012-0882] Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
10579| [CVE-2012-0583] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.
10580| [CVE-2012-0578] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10581| [CVE-2012-0574] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
10582| [CVE-2012-0572] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
10583| [CVE-2012-0553] Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.
10584| [CVE-2012-0540] Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
10585| [CVE-2012-0496] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
10586| [CVE-2012-0495] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0493.
10587| [CVE-2012-0494] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows local users to affect availability via unknown vectors.
10588| [CVE-2012-0493] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0495.
10589| [CVE-2012-0492] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.
10590| [CVE-2012-0491] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0493, and CVE-2012-0495.
10591| [CVE-2012-0490] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.
10592| [CVE-2012-0489] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
10593| [CVE-2012-0488] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
10594| [CVE-2012-0487] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
10595| [CVE-2012-0486] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
10596| [CVE-2012-0485] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.
10597| [CVE-2012-0484] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.
10598| [CVE-2012-0120] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.
10599| [CVE-2012-0119] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
10600| [CVE-2012-0118] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.
10601| [CVE-2012-0117] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
10602| [CVE-2012-0116] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
10603| [CVE-2012-0115] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
10604| [CVE-2012-0114] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.
10605| [CVE-2012-0113] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.
10606| [CVE-2012-0112] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
10607| [CVE-2012-0102] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101.
10608| [CVE-2012-0101] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.
10609| [CVE-2012-0087] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.
10610| [CVE-2012-0075] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.
10611| [CVE-2011-5049] MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306.
10612| [CVE-2011-2262] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.
10613| [CVE-2011-1906] Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756.
10614| [CVE-2010-4700] The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.
10615| [CVE-2010-3840] The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.
10616| [CVE-2010-3839] MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.
10617| [CVE-2010-3838] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."
10618| [CVE-2010-3837] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.
10619| [CVE-2010-3836] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.
10620| [CVE-2010-3835] MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.
10621| [CVE-2010-3834] Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."
10622| [CVE-2010-3833] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."
10623| [CVE-2010-3683] Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.
10624| [CVE-2010-3682] Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.
10625| [CVE-2010-3681] Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.
10626| [CVE-2010-3680] Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.
10627| [CVE-2010-3679] Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.
10628| [CVE-2010-3678] Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.
10629| [CVE-2010-3677] Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.
10630| [CVE-2010-3676] storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.
10631| [CVE-2010-3064] Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function.
10632| [CVE-2010-3063] The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used.
10633| [CVE-2010-3062] mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function
10634| [CVE-2010-2008] MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
10635| [CVE-2010-1850] Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.
10636| [CVE-2010-1849] The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.
10637| [CVE-2010-1848] Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.
10638| [CVE-2010-1626] MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
10639| [CVE-2010-1621] The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.
10640| [CVE-2009-5026] The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.
10641| [CVE-2009-4484] Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.
10642| [CVE-2009-4030] MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
10643| [CVE-2009-4028] The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.
10644| [CVE-2009-4019] mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
10645| [CVE-2009-2446] Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
10646| [CVE-2009-0819] sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
10647| [CVE-2008-7247] sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.
10648| [CVE-2008-4456] Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
10649| [CVE-2008-4098] MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.
10650| [CVE-2008-4097] MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.
10651| [CVE-2008-3963] MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.
10652| [CVE-2008-2079] MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
10653| [CVE-2008-1486] SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.
10654| [CVE-2007-6313] MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements.
10655| [CVE-2007-6304] The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.
10656| [CVE-2007-6303] MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
10657| [CVE-2007-5970] MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.
10658| [CVE-2007-5969] MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
10659| [CVE-2007-5925] The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
10660| [CVE-2007-5646] SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php.
10661| [CVE-2007-4889] The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
10662| [CVE-2007-3997] The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
10663| [CVE-2007-3782] MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.
10664| [CVE-2007-3781] MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
10665| [CVE-2007-3780] MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.
10666| [CVE-2007-2693] MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.
10667| [CVE-2007-2692] The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
10668| [CVE-2007-2691] MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
10669| [CVE-2007-2583] The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.
10670| [CVE-2007-1420] MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
10671| [CVE-2006-7232] sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.
10672| [CVE-2006-4835] Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.php, (5) sendmail.php, or (6) style.php, which reveals the path in various error messages.
10673| [CVE-2006-4227] MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.
10674| [CVE-2006-4226] MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
10675| [CVE-2006-4031] MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.
10676| [CVE-2006-3486] ** DISPUTED ** Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability.
10677| [CVE-2006-3469] Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.
10678| [CVE-2006-3081] mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function.
10679| [CVE-2006-2753] SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.
10680| [CVE-2006-1518] Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values.
10681| [CVE-2006-1517] sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message.
10682| [CVE-2006-1516] The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.
10683| [CVE-2006-0903] MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
10684| [CVE-2006-0369] ** DISPUTED ** MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views
10685| [CVE-2006-0200] Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.
10686| [CVE-2005-2573] The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.
10687| [CVE-2005-2558] Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field.
10688| [CVE-2005-1636] mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.
10689| [CVE-2005-0004] The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
10690| [CVE-2004-0835] MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
10691| [CVE-2004-0628] Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string.
10692| [CVE-2004-0627] The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.
10693|
10694| SecurityFocus - https://www.securityfocus.com/bid/:
10695| [52154] RETIRED: MySQL 5.5.20 Unspecified Remote Code Execution Vulnerability
10696| [47871] Oracle MySQL Prior to 5.1.52 Multiple Denial Of Service Vulnerabilities
10697| [43677] Oracle MySQL Prior to 5.1.50 Privilege Escalation Vulnerability
10698| [43676] Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities
10699| [42646] Oracle MySQL Prior to 5.1.49 'JOIN' Statement Denial Of Service Vulnerability
10700| [42643] Oracle MySQL Prior to 5.1.49 'DDL' Statements Denial Of Service Vulnerability
10701| [42638] Oracle MySQL Prior to 5.1.49 Malformed 'BINLOG' Arguments Denial Of Service Vulnerability
10702| [42596] Oracle MySQL Prior to 5.1.49 'WITH ROLLUP' Denial Of Service Vulnerability
10703| [42586] RETIRED: Oracle MySQL Prior to 5.1.49 Multiple Denial Of Service Vulnerabilities
10704| [37640] MySQL 5.0.51a Unspecified Remote Code Execution Vulnerability
10705| [36242] MySQL 5.x Unspecified Buffer Overflow Vulnerability
10706|
10707| IBM X-Force - https://exchange.xforce.ibmcloud.com:
10708| [85724] Oracle MySQL Server XA Transactions denial of service
10709| [85723] Oracle MySQL Server Server Replication denial of service
10710| [85722] Oracle MySQL Server InnoDB denial of service
10711| [85721] Oracle MySQL Server Server Privileges unspecified
10712| [85720] Oracle MySQL Server Server Partition denial of service
10713| [85719] Oracle MySQL Server Server Parser denial of service
10714| [85718] Oracle MySQL Server Server Options denial of service
10715| [85717] Oracle MySQL Server Server Options denial of service
10716| [85716] Oracle MySQL Server Server Optimizer denial of service
10717| [85715] Oracle MySQL Server Server Optimizer denial of service
10718| [85714] Oracle MySQL Server Prepared Statements denial of service
10719| [85713] Oracle MySQL Server InnoDB denial of service
10720| [85712] Oracle MySQL Server Full Text Search denial of service
10721| [85711] Oracle MySQL Server Data Manipulation Language denial of service
10722| [85710] Oracle MySQL Server Data Manipulation Language denial of service
10723| [85709] Oracle MySQL Server Audit Log unspecified
10724| [85708] Oracle MySQL Server MemCached unspecified
10725| [84846] Debian mysql-server package information disclosure
10726| [84375] Wireshark MySQL dissector denial of service
10727| [83554] Oracle MySQL Server Server Partition denial of service
10728| [83553] Oracle MySQL Server Server Locking denial of service
10729| [83552] Oracle MySQL Server Server Install unspecified
10730| [83551] Oracle MySQL Server Server Types denial of service
10731| [83550] Oracle MySQL Server Server Privileges unspecified
10732| [83549] Oracle MySQL Server InnoDB denial of service
10733| [83548] Oracle MySQL Server InnoDB denial of service
10734| [83547] Oracle MySQL Server Data Manipulation Language denial of service
10735| [83546] Oracle MySQL Server Stored Procedure denial of service
10736| [83545] Oracle MySQL Server Server Replication denial of service
10737| [83544] Oracle MySQL Server Server Partition denial of service
10738| [83543] Oracle MySQL Server Server Optimizer denial of service
10739| [83542] Oracle MySQL Server InnoDB denial of service
10740| [83541] Oracle MySQL Server Information Schema denial of service
10741| [83540] Oracle MySQL Server Data Manipulation Language denial of service
10742| [83539] Oracle MySQL Server Data Manipulation Language denial of service
10743| [83538] Oracle MySQL Server Server Optimizer unspecified
10744| [83537] Oracle MySQL Server MemCached denial of service
10745| [83536] Oracle MySQL Server Server Privileges unspecified
10746| [83535] Oracle MySQL Server Server Privileges unspecified
10747| [83534] Oracle MySQL Server Server unspecified
10748| [83533] Oracle MySQL Server Information Schema unspecified
10749| [83532] Oracle MySQL Server Server Locking unspecified
10750| [83531] Oracle MySQL Server Data Manipulation Language denial of service
10751| [83388] MySQL administrative login attempt detected
10752| [82963] Mambo MySQL database information disclosure
10753| [82946] Oracle MySQL buffer overflow
10754| [82945] Oracle MySQL buffer overflow
10755| [82895] Oracle MySQL and MariaDB geometry queries denial of service
10756| [81577] MySQL2JSON extension for TYPO3 unspecified SQL injection
10757| [81325] Oracle MySQL Server Server Privileges denial of service
10758| [81324] Oracle MySQL Server Server Partition denial of service
10759| [81323] Oracle MySQL Server Server Optimizer denial of service
10760| [81322] Oracle MySQL Server Server Optimizer denial of service
10761| [81321] Oracle MySQL Server Server denial of service
10762| [81320] Oracle MySQL Server MyISAM denial of service
10763| [81319] Oracle MySQL Server InnoDB denial of service
10764| [81318] Oracle MySQL Server InnoDB denial of service
10765| [81317] Oracle MySQL Server Server Locking denial of service
10766| [81316] Oracle MySQL Server Server denial of service
10767| [81315] Oracle MySQL Server Server Replication unspecified
10768| [81314] Oracle MySQL Server Server Replication unspecified
10769| [81313] Oracle MySQL Server Stored Procedure denial of service
10770| [81312] Oracle MySQL Server Server Optimizer denial of service
10771| [81311] Oracle MySQL Server Information Schema denial of service
10772| [81310] Oracle MySQL Server GIS Extension denial of service
10773| [80790] Oracle MySQL yaSSL buffer overflow
10774| [80553] Oracle MySQL and MariaDB salt security bypass
10775| [80443] Oracle MySQL Server unspecified code execution
10776| [80442] Oracle MySQL Server acl_get() buffer overflow
10777| [80440] Oracle MySQL Server table buffer overflow
10778| [80435] Oracle MySQL Server database privilege escalation
10779| [80434] Oracle MySQL Server COM_BINLOG_DUMP denial of service
10780| [80433] Oracle MySQL Server Stuxnet privilege escalation
10781| [80432] Oracle MySQL Server authentication information disclosure
10782| [79394] Oracle MySQL Server Server Installation information disclosure
10783| [79393] Oracle MySQL Server Server Replication denial of service
10784| [79392] Oracle MySQL Server Server Full Text Search denial of service
10785| [79391] Oracle MySQL Server Server denial of service
10786| [79390] Oracle MySQL Server Client information disclosure
10787| [79389] Oracle MySQL Server Server Optimizer denial of service
10788| [79388] Oracle MySQL Server Server Optimizer denial of service
10789| [79387] Oracle MySQL Server Server denial of service
10790| [79386] Oracle MySQL Server InnoDB Plugin denial of service
10791| [79385] Oracle MySQL Server InnoDB denial of service
10792| [79384] Oracle MySQL Server Client unspecified
10793| [79383] Oracle MySQL Server Server denial of service
10794| [79382] Oracle MySQL Server Protocol unspecified
10795| [79381] Oracle MySQL Server Information Schema unspecified
10796| [78954] SilverStripe MySQLDatabase.php information disclosure
10797| [78948] MySQL MyISAM table symlink
10798| [77865] MySQL unknown vuln
10799| [77864] MySQL sort order denial of service
10800| [77768] MySQLDumper refresh_dblist.php information disclosure
10801| [77177] MySQL Squid Access Report unspecified cross-site scripting
10802| [77065] Oracle MySQL Server Optimizer denial of service
10803| [77064] Oracle MySQL Server Optimizer denial of service
10804| [77063] Oracle MySQL Server denial of service
10805| [77062] Oracle MySQL InnoDB denial of service
10806| [77061] Oracle MySQL GIS Extension denial of service
10807| [77060] Oracle MySQL Server Optimizer denial of service
10808| [76189] MySQL unspecified error
10809| [76188] MySQL attempts security bypass
10810| [75287] MySQLDumper restore.php information disclosure
10811| [75286] MySQLDumper filemanagement.php directory traversal
10812| [75285] MySQLDumper main.php cross-site request forgery
10813| [75284] MySQLDumper install.php cross-site scripting
10814| [75283] MySQLDumper install.php file include
10815| [75282] MySQLDumper menu.php code execution
10816| [75022] Oracle MySQL Server Server Optimizer denial of service
10817| [75021] Oracle MySQL Server Server Optimizer denial of service
10818| [75020] Oracle MySQL Server Server DML denial of service
10819| [75019] Oracle MySQL Server Partition denial of service
10820| [75018] Oracle MySQL Server MyISAM denial of service
10821| [75017] Oracle MySQL Server Server Optimizer denial of service
10822| [74672] Oracle MySQL Server multiple unspecified
10823| [73092] MySQL unspecified code execution
10824| [72540] Oracle MySQL Server denial of service
10825| [72539] Oracle MySQL Server unspecified
10826| [72538] Oracle MySQL Server denial of service
10827| [72537] Oracle MySQL Server denial of service
10828| [72536] Oracle MySQL Server unspecified
10829| [72535] Oracle MySQL Server denial of service
10830| [72534] Oracle MySQL Server denial of service
10831| [72533] Oracle MySQL Server denial of service
10832| [72532] Oracle MySQL Server denial of service
10833| [72531] Oracle MySQL Server denial of service
10834| [72530] Oracle MySQL Server denial of service
10835| [72529] Oracle MySQL Server denial of service
10836| [72528] Oracle MySQL Server denial of service
10837| [72527] Oracle MySQL Server denial of service
10838| [72526] Oracle MySQL Server denial of service
10839| [72525] Oracle MySQL Server information disclosure
10840| [72524] Oracle MySQL Server denial of service
10841| [72523] Oracle MySQL Server denial of service
10842| [72522] Oracle MySQL Server denial of service
10843| [72521] Oracle MySQL Server denial of service
10844| [72520] Oracle MySQL Server denial of service
10845| [72519] Oracle MySQL Server denial of service
10846| [72518] Oracle MySQL Server unspecified
10847| [72517] Oracle MySQL Server unspecified
10848| [72516] Oracle MySQL Server unspecified
10849| [72515] Oracle MySQL Server denial of service
10850| [72514] Oracle MySQL Server unspecified
10851| [71965] MySQL port denial of service
10852| [70680] DBD::mysqlPP unspecified SQL injection
10853| [70370] TaskFreak! multi-mysql unspecified path disclosure
10854| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
10855| [68294] MySQLDriverCS statement.cs sql injection
10856| [68175] Prosody MySQL denial of service
10857| [67539] Zend Framework MySQL PDO security bypass
10858| [67254] DirectAdmin MySQL information disclosure
10859| [66567] Xoops mysql.sql information disclosure
10860| [65871] PyWebDAV MySQLAuthHandler class SQL injection
10861| [65543] MySQL Select Arbitrary data into a File
10862| [65529] MySQL Eventum full_name field cross-site scripting
10863| [65380] Oracle MySQL Eventum forgot_password.php cross-site scripting
10864| [65379] Oracle MySQL Eventum list.php cross-site scripting
10865| [65266] Accellion File Transfer Appliance MySQL default password
10866| [64878] MySQL Geometry denial of service
10867| [64877] MySQL EXPLAIN EXTENDED denial of service
10868| [64876] MySQL prepared statement denial of service
10869| [64845] MySQL extreme-value denial of service
10870| [64844] MySQL Gis_line_string::init_from_wkb denial of service
10871| [64843] MySQL user-variable denial of service
10872| [64842] MySQL view preparation denial of service
10873| [64841] MySQL prepared statement denial of service
10874| [64840] MySQL LONGBLOB denial of service
10875| [64839] MySQL invocations denial of service
10876| [64838] MySQL Gis_line_string::init_from_wkb denial of service
10877| [64689] MySQL dict0crea.c denial of service
10878| [64688] MySQL SET column denial of service
10879| [64687] MySQL BINLOG command denial of service
10880| [64686] MySQL InnoDB denial of service
10881| [64685] MySQL HANDLER interface denial of service
10882| [64684] MySQL Item_singlerow_subselect::store denial of service
10883| [64683] MySQL OK packet denial of service
10884| [63518] MySQL Query Browser GUI Tools information disclosure
10885| [63517] MySQL Administrator GUI Tools information disclosure
10886| [62272] MySQL PolyFromWKB() denial of service
10887| [62269] MySQL LIKE predicates denial of service
10888| [62268] MySQL joins denial of service
10889| [62267] MySQL GREATEST() or LEAST() denial of service
10890| [62266] MySQL GROUP_CONCAT() denial of service
10891| [62265] MySQL expression values denial of service
10892| [62264] MySQL temporary table denial of service
10893| [62263] MySQL LEAST() or GREATEST() denial of service
10894| [62262] MySQL replication privilege escalation
10895| [61739] MySQL WITH ROLLUP denial of service
10896| [61343] MySQL LOAD DATA INFILE denial of service
10897| [61342] MySQL EXPLAIN denial of service
10898| [61341] MySQL HANDLER denial of service
10899| [61340] MySQL BINLOG denial of service
10900| [61339] MySQL IN() or CASE denial of service
10901| [61338] MySQL SET denial of service
10902| [61337] MySQL DDL denial of service
10903| [61318] PHP mysqlnd_wireprotocol.c buffer overflow
10904| [61317] PHP php_mysqlnd_read_error_from_line buffer overflow
10905| [61316] PHP php_mysqlnd_auth_write buffer overflow
10906| [61274] MySQL TEMPORARY InnoDB denial of service
10907| [59905] MySQL ALTER DATABASE denial of service
10908| [59841] CMySQLite updateUser.php cross-site request forgery
10909| [59112] MySQL Enterprise Monitor unspecified cross-site request forgery
10910| [59075] PHP php_mysqlnd_auth_write() buffer overflow
10911| [59074] PHP php_mysqlnd_read_error_from_line() buffer overflow
10912| [59073] PHP php_mysqlnd_rset_header_read() buffer overflow
10913| [59072] PHP php_mysqlnd_ok_read() information disclosure
10914| [58842] MySQL DROP TABLE file deletion
10915| [58676] Template Shares MySQL information disclosure
10916| [58531] MySQL COM_FIELD_LIST buffer overflow
10917| [58530] MySQL packet denial of service
10918| [58529] MySQL COM_FIELD_LIST security bypass
10919| [58311] ClanSphere the captcha generator and MySQL driver SQL injection
10920| [57925] MySQL UNINSTALL PLUGIN security bypass
10921| [57006] Quicksilver Forums mysqldump information disclosure
10922| [56800] Employee Timeclock Software mysqldump information disclosure
10923| [56200] Flex MySQL Connector ActionScript SQL injection
10924| [55877] MySQL yaSSL buffer overflow
10925| [55622] kiddog_mysqldumper extension for TYPO3 information disclosure
10926| [55416] MySQL unspecified buffer overflow
10927| [55382] Ublog UblogMySQL.sql information disclosure
10928| [55251] PHP-MySQL-Quiz editquiz.php SQL injection
10929| [54597] MySQL sql_table.cc security bypass
10930| [54596] MySQL mysqld denial of service
10931| [54365] MySQL OpenSSL security bypass
10932| [54364] MySQL MyISAM table symlink
10933| [53950] The mysql-ocaml mysql_real_escape_string weak security
10934| [52978] Zmanda Recovery Manager for MySQL mysqlhotcopy privilege escalation
10935| [52977] Zmanda Recovery Manager for MySQL socket-server.pl command execution
10936| [52660] iScouter PHP Web Portal MySQL Password Retrieval
10937| [52220] aa33code mysql.inc information disclosure
10938| [52122] MySQL Connector/J unicode SQL injection
10939| [51614] MySQL dispatch_command() denial of service
10940| [51406] MySQL Connector/NET SSL spoofing
10941| [49202] MySQL UDF command execution
10942| [49050] MySQL XPath denial of service
10943| [48919] Cisco Application Networking Manager MySQL default account password
10944| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
10945| [47544] MySQL Calendar index.php SQL injection
10946| [47476] MySQL Calendar index.php nodstrumCalendarV2 security bypass
10947| [45649] MySQL MyISAM symlink security bypass
10948| [45648] MySQL MyISAM symlinks security bypass
10949| [45607] MySQL Quick Admin actions.php file include
10950| [45606] MySQL Quick Admin index.php file include
10951| [45590] MySQL command-line client cross-site scripting
10952| [45436] PromoteWeb MySQL go.php SQL injection
10953| [45042] MySQL empty bit-string literal denial of service
10954| [44662] mysql-lists unspecified cross-site scripting
10955| [42267] MySQL MyISAM security bypass
10956| [42211] GEDCOM_to_MySQL2 index.php, info.php and prenom.php cross-site scripting
10957| [42014] miniBB setup_mysql.php and setup_options.php SQL injection
10958| [40920] MySQL sql_select.cc denial of service
10959| [40734] MySQL Server BINLOG privilege escalation
10960| [40350] MySQL password information disclosure
10961| [39415] Debian GNU/Linux libdspam7-drv-mysql cron job password disclosure
10962| [39402] PHP LOCAL INFILE and MySQL extension security bypass
10963| [38999] aurora framework db_mysql.lib SQL injection
10964| [38990] MySQL federated engine denial of service
10965| [38989] MySQL DEFINER value privilege escalation
10966| [38988] MySQL DATA DIRECTORY and INDEX DIRECTORY privilege escalation
10967| [38964] MySQL RENAME TABLE symlink
10968| [38733] ManageEngine EventLog Analyzer MySQL default password
10969| [38284] MySQL ha_innodb.cc convert_search_mode_to_innobase() denial of service
10970| [38189] MySQL default root password
10971| [37235] Asterisk-Addons cdr_addon_mysql module SQL injection
10972| [37099] RHSA update for MySQL case sensistive database name privilege escalation not installed
10973| [36555] PHP MySQL extension multiple functions security bypass
10974| [35960] MySQL view privilege escalation
10975| [35959] MySQL CREATE TABLE LIKE information disclosure
10976| [35958] MySQL connection protocol denial of service
10977| [35291] MySQLDumper main.php security bypass
10978| [34811] MySQL udf_init and mysql_create_function command execution
10979| [34809] MySQL mysql_update privilege escalation
10980| [34349] MySQL ALTER information disclosure
10981| [34348] MySQL mysql_change_db privilege escalation
10982| [34347] MySQL RENAME TABLE weak security
10983| [34232] MySQL IF clause denial of service
10984| [33388] Advanced Website Creator (AWC) mysql_escape_string SQL injection
10985| [33285] Eve-Nuke mysql.php file include
10986| [32957] MySQL Commander dbopen.php file include
10987| [32933] cPanel load_language.php and mysqlconfig.php file include
10988| [32911] MySQL filesort function denial of service
10989| [32462] cPanel passwdmysql cross-site scripting
10990| [32288] RHSA-2006:0544 updates for mysql not installed
10991| [32266] MySQLNewsEngine affichearticles.php3 file include
10992| [31244] The Address Book MySQL export.php password information disclosure
10993| [31037] Php/Mysql Site Builder (PHPBuilder) htm2php.php directory traversal
10994| [30760] BTSaveMySql URL file disclosure
10995| [30191] StoryStream mysql.php and mysqli.php file include
10996| [30085] MySQL MS-DOS device name denial of service
10997| [30031] Agora MysqlfinderAdmin.php file include
10998| [29438] MySQLDumper mysqldumper_path/sql.php cross-site scripting
10999| [29179] paBugs class.mysql.php file include
11000| [29120] ZoomStats MySQL file include
11001| [28448] MySQL case sensitive database name privilege escalation
11002| [28442] MySQL GRANT EXECUTE privilege escalation
11003| [28387] FunkBoard admin/mysql_install.php and admin/pg_install.php unauthorized access
11004| [28202] MySQL multiupdate subselect query denial of service
11005| [28180] MySQL MERGE table security bypass
11006| [28176] PHP MySQL Banner Exchange lib.inc information disclosure
11007| [27995] Opsware Network Automation System MySQL plaintext password
11008| [27904] MySQL date_format() format string
11009| [27635] MySQL Instance Manager denial of service
11010| [27212] MySQL SELECT str_to_date denial of service
11011| [26875] MySQL ASCII escaping SQL injection
11012| [26420] Apple Mac OS X MySQL Manager blank password
11013| [26236] MySQL login packet information disclosure
11014| [26232] MySQL COM_TABLE_DUMP buffer overflow
11015| [26228] MySQL sql_parce.cc information disclosure
11016| [26042] MySQL running
11017| [25313] WoltLab Burning Board class_db_mysql.php cross-site scripting
11018| [24966] MySQL mysql_real_query logging bypass
11019| [24653] PAM-MySQL logging function denial of service
11020| [24652] PAM-MySQL authentication double free code execution
11021| [24567] PHP/MYSQL Timesheet index.php and changehrs.php SQL injection
11022| [24095] PHP ext/mysqli exception handling format string
11023| [23990] PHP mysql_connect() buffer overflow
11024| [23596] MySQL Auction search module could allow cross-site scripting
11025| [22642] RHSA-2005:334 updates for mysql not installed
11026| [21757] MySQL UDF library functions command execution
11027| [21756] MySQL LoadLibraryEx function denial of service
11028| [21738] MySQL UDF mysql_create_function function directory traversal
11029| [21737] MySQL user defined function buffer overflow
11030| [21640] MySQL Eventum multiple class SQL injection
11031| [21638] MySQL Eventum multiple scripts cross-site scripting
11032| [20984] xmysqladmin temporary file symlink
11033| [20656] MySQL mysql_install_db script symlink
11034| [20333] Plans MySQL password information disclosure
11035| [19659] MySQL CREATE TEMPORARY TABLE command creates insecure files
11036| [19658] MySQL udf_init function gain access
11037| [19576] auraCMS mysql_fetch_row function path disclosure
11038| [18922] MySQL mysqlaccess script symlink attack
11039| [18824] MySQL UDF root privileges
11040| [18464] mysql_auth unspecified vulnerability
11041| [18449] Sugar Sales plaintext MySQL password
11042| [17783] MySQL underscore allows elevated privileges
11043| [17768] MySQL MATCH ... AGAINST SQL statement denial of service
11044| [17667] MySQL UNION change denial of service
11045| [17666] MySQL ALTER TABLE RENAME bypass restriction
11046| [17493] MySQL libmysqlclient bulk inserts buffer overflow
11047| [17462] MySQLGuest AWSguest.php script cross-site scripting
11048| [17047] MySQL mysql_real_connect buffer overflow
11049| [17030] MySQL mysqlhotcopy insecure temporary file
11050| [16612] MySQL my_rnd buffer overflow
11051| [16604] MySQL check_scramble_323 function allows unauthorized access
11052| [15883] MySQL mysqld_multi script symlink attack
11053| [15617] MySQL mysqlbug script symlink attack
11054| [15417] Confixx db_mysql_loeschen2.php SQL injection
11055| [15280] Proofpoint Protection Server MySQL allows unauthorized access
11056| [13404] HP Servicecontrol Manager multiple vulnerabilities in MySQL could allow execution of code
11057| [13153] MySQL long password buffer overflow
11058| [12689] MySQL AB ODBC Driver stores ODBC passwords and usernames in plain text
11059| [12540] Teapop PostSQL and MySQL modules SQL injection
11060| [12337] MySQL mysql_real_connect function buffer overflow
11061| [11510] MySQL datadir/my.cnf modification could allow root privileges
11062| [11493] mysqlcc configuration and connection files are world writable
11063| [11340] SuckBot mod_mysql_logger denial of service
11064| [11199] MySQL mysql_change_user() double-free memory pointer denial of service
11065| [10850] MySQL libmysql client read_one_row buffer overflow
11066| [10849] MySQL libmysql client read_rows buffer overflow
11067| [10848] MySQL COM_CHANGE_USER password buffer overflow
11068| [10847] MySQL COM_CHANGE_USER command password authentication bypass
11069| [10846] MySQL COM_TABLE_DUMP unsigned integer denial of service
11070| [10483] Bugzilla stores passwords in plain text in the MySQL database
11071| [10455] gBook MySQL could allow administrative access
11072| [10243] MySQL my.ini "
11073| [9996] MySQL SHOW GRANTS command discloses adminstrator`s encrypted password
11074| [9909] MySQL logging disabled by default on Windows
11075| [9908] MySQL binding to the loopback adapter is disabled
11076| [9902] MySQL default root password could allow unauthorized access
11077| [8748] Cyrus SASL LDAP+MySQL patch allows user unauthorized POP access
11078| [8105] PHP MySQL client library allows an attacker to bypass safe_mode restrictions
11079| [7923] Conectiva Linux MySQL /var/log/mysql file has insecure permissions
11080| [7206] WinMySQLadmin stores MySQL password in plain text
11081| [6617] MySQL "
11082| [6419] MySQL drop database command buffer overflow
11083| [6418] MySQL libmysqlclient.so buffer overflow
11084| [5969] MySQL select buffer overflow
11085| [5447] pam_mysql authentication input
11086| [5409] MySQL authentication algorithm obtain password hash
11087| [5057] PCCS MySQL Database Admin Tool could reveal username and password
11088| [4228] MySQL unauthenticated remote access
11089| [3849] MySQL default test account could allow any user to connect to the database
11090| [1568] MySQL creates readable log files
11091|
11092| Exploit-DB - https://www.exploit-db.com:
11093| [30744] MySQL <= 5.1.23 Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial Of Service Vulnerability
11094| [30020] MySQL 5.0.x - IF Query Handling Remote Denial of Service Vulnerability
11095| [29724] MySQL 5.0.x Single Row SubSelect Remote Denial of Service Vulnerability
11096| [27326] MySQL 5.0.18 Query Logging Bypass Vulnerability
11097| [23073] MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot)
11098| [20044] Symantec Web Gateway 5.0.3.18 Blind SQLi Backdoor via MySQL Triggers
11099| [18269] MySQL 5.5.8 - Remote Denial of Service (DOS)
11100| [15467] Oracle MySQL < 5.1.49 'WITH ROLLUP' Denial of Service Vulnerability
11101| [9085] MySQL <= 5.0.45 COM_CREATE_DB Format String PoC (auth)
11102| [4615] MySQL <= 5.0.45 (Alter) Denial of Service Vulnerability
11103| [4392] PHP <= 4.4.7 / 5.2.3 MySQL/MySQLi Safe Mode Bypass Vulnerability
11104| [1742] MySQL (<= 4.1.18, 5.0.20) Local/Remote Information Leakage Exploit
11105| [1741] MySQL <= 5.0.20 COM_TABLE_DUMP Memory Leak/Remote BoF Exploit
11106|
11107| OpenVAS (Nessus) - http://www.openvas.org:
11108| [53251] Debian Security Advisory DSA 562-1 (mysql)
11109| [53230] Debian Security Advisory DSA 540-1 (mysql)
11110|
11111| SecurityTracker - https://www.securitytracker.com:
11112| [1028790] MySQL Multiple Bugs Let Remote Users Deny Service and Partially Access and Modify Data
11113| [1028449] MySQL Multiple Bugs Let Remote Authenticated Users Deny Service and Partially Access and Modify Data
11114| [1028004] MySQL Multiple Bugs Let Remote Authenticated Users Take Full Control or Deny Service and Let Local Users Access and Modify Data
11115| [1027829] MySQL Bug in UpdateXML() Lets Remote Authenticated Users Deny Service
11116| [1027828] MySQL Heap Overflow May Let Remote Authenticated Users Execute Arbitrary Code
11117| [1027827] MySQL Stack Overflow May Let Remote Authenticated Users Execute Arbitrary Code
11118| [1027665] MySQL Multiple Bugs Let Remote Authenticated Users Access and Modify Data and Deny Service and Local Users Access Data
11119| [1027263] MySQL Multiple Bugs Let Remote Authenticated Users Deny Service
11120| [1027143] MySQL memcmp() Comparison Error Lets Remote Users Bypass Authentication
11121| [1026934] MySQL Multiple Bugs Let Remote Users Deny Service
11122| [1026896] MySQL Unspecified Flaws Have Unspecified Impact
11123| [1026659] MySQL Unspecified Flaw Lets Remote Users Execute Arbitrary Code
11124| [1026530] MySQL Multiple Bugs Let Local and Remote Users Partially Access and Modifiy Data and Partially Deny Service
11125| [1024508] MySQL Replication Flaw Lets Remote Authenticated Users Gain Elevated Privileges
11126| [1024507] MySQL Multiple Flaws Let Remote Authenticated Users Deny Service
11127| [1024360] MySQL Multiple Flaws Let Remote Authenticated Users Deny Service
11128| [1024160] MySQL ALTER DATABASE Processing Error Lets Remote Authenticated Users Deny Service
11129| [1024033] MySQL COM_FIELD_LIST Packet Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
11130| [1024032] MySQL Large Packet Processing Flaw in my_net_skip_rest() Lets Remote Users Deny Service
11131| [1024031] MySQL COM_FIELD_LIST Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
11132| [1024004] MySQL mi_delete_table() Symlink Flaw Lets Remote Authenticated Users Delete Data and Index Files
11133| [1023402] MySQL Unspecified Flaw Lets Remote Users Execute Arbitrary Code
11134| [1023220] MySQL Client Fails to Check Server Certificates in Certain Cases
11135| [1022812] MySQL Unspecified Buffer Overflow Lets Remote Users Execute Arbitrary Code
11136| [1022533] MySQL Format String Bug in dispatch_command() Lets Remote Users Deny Service
11137| [1022482] MySQL Connector/Net is Missing SSL Certificate Validation
11138| [1021786] MySQL Bug in ExtractValue()/UpdateXML() in Processing XPath Expressions Lets Remote Authenticated Users Deny Service
11139| [1021714] (Red Hat Issues Fix) mod_auth_mysql Input Validation Flaw Lets Remote Users Inject SQL Commands
11140| [1020858] MySQL Item_bin_string::Item_bin_string() Binary Value Processing Bug Lets Remote Authenticated Users Deny Service
11141| [1019995] MySQL MyISAM Options Let Local Users Overwrite Table Files
11142| [1019085] MySQL Bugs Let Remote Authenticated Users Gain Elevated Privileges and Deny Service
11143| [1019084] MySQL DATA DIRECTORY and INDEX DIRECTORY Options May Let Remote Authenticated Users Gain Elevated Privileges
11144| [1019083] MySQL BINLOG Filename Path Bug May Let Remote Authenticated Users Gain Elevated Privileges
11145| [1019060] MySQL Rename Table Bug Lets Remote Authenticated Users Modify System Table Information
11146| [1018978] MySQL convert_search_mode_to_innobase() Bug Lets Remote Authenticated Users Deny Service
11147| [1018824] Asterisk-Addons Input Validation Flaw in cdr_addon_mysql Lets Remote Users Inject SQL Commands
11148| [1018663] MySQL Table View Access Bug Lets Remote Authenticated Users Gain Elevated Privileges
11149| [1018629] MySQL Authentication Protocol Bug Lets Remote Users Deny Service
11150| [1018071] MySQL ALTER TABLE Function Lets Remote Authenticated Users Obtain Potentially Sensitive Information
11151| [1018070] MySQL SQL SECURITY INVOKER Routines Let Remote Authenticated Users Gain Elevated Privileges
11152| [1018069] MySQL Lets Remote Authenticated Users Issue the RENAME TABLE Command
11153| [1017746] MySQL Single Row Subselect Statements Let Remote Users Deny Service
11154| [1016790] MySQL Replication Error Lets Local Users Deny Service
11155| [1016710] MySQL Case-Sensitive Database Names May Let Users Access Restricted Databases
11156| [1016709] MySQL Error in Checking suid Routine Arguments May Let Users Gain Elevated Privileges
11157| [1016617] MySQL MERGE Access Control Error May Let Users Access a Restricted Table
11158| [1016566] Opsware Network Automation System Discloses MySQL Password to Local Users
11159| [1016216] MySQL Error in Parsing Multibyte Encoded Data in mysql_real_escape() Lets Remote Users Inject SQL Commands
11160| [1016077] Apple MySQL Manager Database Initialization Bug May Let Local Users Access the Database
11161| [1016017] MySQL Anonymous Login Processing May Disclose Some Memory Contents to Remote Users
11162| [1016016] MySQL COM_TABLE_DUMP Processing Lets Remote Authenticated Users Execute Arbitrary Code or Obtain Information
11163| [1015789] Woltlab Burning Board Input Validation Hole in 'class_db_mysql.php' Permits Cross-Site Scripting Attacks
11164| [1015693] MySQL Query Bug Lets Remote Users Bypass Query Logging
11165| [1015603] PAM-MySQL pam_get_item() Double Free May Let Remote Users Execute Arbitrary Code
11166| [1015485] PHP mysqli Extension Error Mode Format String Flaw May Let Users Execute Arbitrary Code
11167| [1014603] MySQL Eventum Input Validation Hole in 'class.auth.php' Permits SQL Injection and Other Input Validation Bugs Permit Cross-Site Scripting Attacks
11168| [1014172] xMySQLadmin Lets Local Users Delete Files
11169| [1013995] MySQL 'mysql_install_db' Uses Unsafe Temporary Files and May Let Local Users Gain Elevated Privilege
11170| [1013994] MySQL Non-existent '--user' Error May Allow the Database to Run With Incorrect Privileges
11171| [1013415] MySQL CREATE FUNCTION Lets Authenticated Users Invoke libc Functions to Execute Arbitrary Code
11172| [1013414] MySQL udf_init() Path Validation Flaw Lets Authenticated Users Execute Arbitrary Libraries
11173| [1013413] MySQL CREATE TEMPORARY TABLE Uses Predictable Temporary Files That May Let Users Gain Elevated Privileges
11174| [1012914] MySQL 'mysqlaccess.sh' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
11175| [1012893] MySQL MaxDB Buffer Overflow in websql Password Parameter Lets Remote Users Execute Arbitrary Code
11176| [1012500] mysql_auth Memory Leak Has Unspecified Impact
11177| [1011741] MySQL Access Control Error in Databases With Underscore Wildcard Character May Grant Unauthorized Access
11178| [1011606] MySQL May Let Remote Authenticated Users Access Restricted Tables or Crash the System
11179| [1011408] MySQL libmysqlclient Buffer Overflow in Executing Prepared Statements Has Unspecified Impact
11180| [1011376] MySQLGuest Lack of Input Validation Lets Remote Users Conduct Cross-Site Scripting Attacks
11181| [1011008] MySQL Buffer Overflow in mysql_real_connect() May Let Remote Users Execute Arbitrary Code
11182| [1010979] MySQL 'mysqlhotcopy' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
11183| [1010645] MySQL check_scramble_323() Zero-Length Comparison Lets Remote Users Bypass Authentication
11184| [1009784] MySQL 'mysqld_multi' Temporary File Flaw Lets Local Users Overwrite Files
11185| [1009554] MySQL 'mysqlbug' Temporary File Flaw Lets Local Users Overwrite Files
11186| [1007979] MySQL mysql_change_user() Double Free Error Lets Remote Authenticated Users Crash mysqld
11187| [1007673] MySQL acl_init() Buffer Overflow Permits Remote Authenticated Administrators to Execute Arbitrary Code
11188| [1007518] DWebPro Discloses MySQL Database Password to Local Users
11189| [1007312] MySQL World-Writable Configuration File May Let Local Users Gain Root Privileges
11190| [1006976] MySQL Buffer Overflow in 'mysql_real_connect()' Client Function May Let Remote or Local Users Execute Arbitrary Code
11191| [1005800] MySQL Overflow and Authentication Bugs May Let Remote Users Execute Code or Access Database Accounts
11192| [1005345] MySQL Buffer Overflow Lets Local Users Gain System Privileges on Windows NT
11193| [1004506] vBulletin PHP-based Forum Software Has Unspecified Security Flaw in the 'db_mysql.php' Module
11194| [1004172] PHP-Survey Script Discloses Underlying MySQL Database Username and Password to Remote Users
11195| [1003955] 3rd Party Patch for Cyrus SASL ('auxprop for mysql and ldap') Lets Remote Users Access Protected POP Mail Accounts Without Authentication
11196| [1003290] Conectiva Linux MySQL Distribution May Allow Local Users to Obtain Sensitive Information
11197| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
11198| [1002485] WinMySQLadmin Database Administration Tool Discloses MySQL Password to Local Users
11199| [1002324] Vpopmail Mail Server Discloses Database Password to Local Users When Installed with MySQL
11200| [1001411] phpMyAdmin Administration Tool for MySQL Allows Remote Users to Execute Commands on the Server
11201| [1001118] MySQL Database Allows Authorized Users to Modify Server Files to Deny Service or Obtain Additional Access
11202|
11203| OSVDB - http://www.osvdb.org:
11204| [95337] Oracle MySQL Server XA Transactions Subcomponent Unspecified Remote DoS
11205| [95336] Oracle MySQL Server Replication Subcomponent Unspecified Remote DoS
11206| [95335] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
11207| [95334] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue
11208| [95333] Oracle MySQL Server Partition Subcomponent Unspecified Remote DoS
11209| [95332] Oracle MySQL Server Parser Subcomponent Unspecified Remote DoS
11210| [95331] Oracle MySQL Server Options Subcomponent Unspecified Remote DoS (2013-3801)
11211| [95330] Oracle MySQL Server Options Subcomponent Unspecified Remote DoS (2013-3808)
11212| [95329] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2013-3796)
11213| [95328] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2013-3804)
11214| [95327] Oracle MySQL Server Prepared Statements Subcomponent Unspecified Remote DoS
11215| [95326] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
11216| [95325] Oracle MySQL Server Full Text Search Subcomponent Unspecified Remote DoS
11217| [95324] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-3795)
11218| [95323] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-3793)
11219| [95322] Oracle MySQL Server Audit Log Subcomponent Unspecified Remote Issue
11220| [95321] Oracle MySQL Server MemCached Subcomponent Unspecified Remote Issue
11221| [95131] AutoMySQLBackup /usr/sbin/automysqlbackup Database Name Arbitrary Code Injection
11222| [94076] Debian Linux MySQL Server mysql-server-5.5.postinst Race Condition debian.cnf Plaintext Credential Local Disclosure
11223| [93505] Wireshark MySQL Dissector (packet-mysql.c) Malformed Packet Handling Infinite Loop Remote DoS
11224| [93174] MySQL Crafted Derived Table Handling DoS
11225| [92967] MySQL2JSON (mn_mysql2json) Extension for TYPO3 Unspecified SQL Injection
11226| [92950] MySQL Running START SLAVE Statement Process Listing Plaintext Local Password Disclosure
11227| [92485] Oracle MySQL Server Partition Subcomponent Unspecified Local DoS
11228| [92484] Oracle MySQL Server Locking Subcomponent Unspecified Remote DoS (2013-1506)
11229| [92483] Oracle MySQL Server Install Subcomponent Unspecified Local Issue
11230| [92482] Oracle MySQL Server Types Subcomponent Unspecified Remote DoS
11231| [92481] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-2381)
11232| [92480] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-1566)
11233| [92479] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-1511)
11234| [92478] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1567)
11235| [92477] Oracle MySQL Server Stored Procedure Subcomponent Unspecified Remote DoS
11236| [92476] Oracle MySQL Server Replication Subcomponent Unspecified Remote DoS
11237| [92475] Oracle MySQL Server Partition Subcomponent Unspecified Remote DoS
11238| [92474] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS
11239| [92473] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-2389)
11240| [92472] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote DoS
11241| [92471] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1512)
11242| [92470] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1544)
11243| [92469] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote Issue
11244| [92468] Oracle MySQL Server MemCached Subcomponent Unspecified Remote DoS
11245| [92467] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-2375)
11246| [92466] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-1531)
11247| [92465] Oracle MySQL Server Server Subcomponent Unspecified Remote Issue
11248| [92464] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote Issue
11249| [92463] Oracle MySQL Server Locking Subcomponent Unspecified Remote Issue (2013-1521)
11250| [92462] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-2395)
11251| [91536] Oracle MySQL yaSSL Unspecified Overflow (2012-0553)
11252| [91534] Oracle MySQL yaSSL Unspecified Overflow (2013-1492)
11253| [91415] MySQL Raw Geometry Object String Conversion Remote DoS
11254| [91108] Juju mysql Charm Install Script mysql.passwd MySQL Password Plaintext Local Disclosure
11255| [89970] Site Go /site-go/admin/extra/mysql/index.php idm Parameter Traversal Arbitrary File Access
11256| [89265] Oracle MySQL Server Server Privileges Subcomponent Unspecified Remote DoS
11257| [89264] Oracle MySQL Server Server Partition Subcomponent Unspecified Remote DoS
11258| [89263] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-0578)
11259| [89262] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-1705)
11260| [89261] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-0574)
11261| [89260] Oracle MySQL Server MyISAM Subcomponent Unspecified Remote DoS
11262| [89259] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2012-0572)
11263| [89258] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-0368)
11264| [89257] Oracle MySQL Server Server Locking Subcomponent Unspecified Remote DoS
11265| [89256] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-1702)
11266| [89255] Oracle MySQL Server Server Replication Subcomponent Unspecified Remote Issue
11267| [89254] Oracle MySQL Server Server Replication Subcomponent Unspecified Local Issue
11268| [89253] Oracle MySQL Server Stored Procedure Subcomponent Unspecified Remote DoS
11269| [89252] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS
11270| [89251] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote DoS
11271| [89250] Oracle MySQL Server GIS Extension Subcomponent Unspecified Remote DoS
11272| [89042] ViciBox Server MySQL cron Service Default Credentials
11273| [88415] Oracle MySQL Server COM_CHANGE_USER Account Password Brute-Force Weakness
11274| [88118] Oracle MySQL Server FILE Privilege Database Privilege Escalation
11275| [88067] Oracle MySQL Server Authentication Error Message User Enumeration
11276| [88066] Oracle MySQL Server for Linux Access Rights Checking Routine Database Name Handling Stack Buffer Overflow
11277| [88065] Oracle MySQL Server COM_BINLOG_DUMP Invalid Data Handling DoS
11278| [88064] Oracle MySQL Server Multiple-Table DELETE Heap Buffer Overflow
11279| [87704] CodeIgniter MySQL / MySQLi Driver Database Client Multi-byte Character Set Unspecified SQL Injection
11280| [87507] Oracle MySQL Statement Logging Multiple Log Plaintext Local Password Disclosure
11281| [87501] Oracle MySQL optimizer_switch Malformed Value Processing Local DoS
11282| [87494] Oracle MySQL on Windows Field_new_decimal::store_value dbug_buff Variable Overflow DoS
11283| [87480] MySQL Malformed XML Comment Handling DoS
11284| [87466] MySQL SSL Certificate Revocation Weakness
11285| [87356] Oracle MySQL do_div_mod DIV Expression Handling Remote DoS
11286| [87355] Oracle MySQL handler::pushed_cond Table Cache Handling mysqld DoS
11287| [87354] Oracle MySQL Polygon Union / Intersection Spatial Operations DoS
11288| [86273] Oracle MySQL Server Server Installation Subcomponent Unspecified Local Information Disclosure
11289| [86272] Oracle MySQL Server Server Replication Subcomponent Unspecified Remote DoS
11290| [86271] Oracle MySQL Server Server Full Text Search Subcomponent Unspecified Remote DoS
11291| [86270] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3156)
11292| [86269] Oracle MySQL Server MySQL Client Subcomponent Unspecified Remote Information Disclosure
11293| [86268] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-3180)
11294| [86267] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-3150)
11295| [86266] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3144)
11296| [86265] Oracle MySQL Server InnoDB Plugin Subcomponent Unspecified Remote DoS
11297| [86264] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
11298| [86263] Oracle MySQL Server MySQL Client Subcomponent Unspecified Remote Issue
11299| [86262] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3177)
11300| [86261] Oracle MySQL Server Protocol Subcomponent Unspecified Remote Issue
11301| [86260] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote Code Execution
11302| [86175] Oracle MySQL on Windows Path Subversion Arbitrary DLL Injection Code Execution
11303| [85155] Icinga module/idoutils/db/scripts/create_mysqldb.sh Icinga User Database Access Restriction Bypass
11304| [84755] Oracle MySQL Sort Order Index Calculation Remote DoS
11305| [84719] MySQLDumper index.php page Parameter XSS
11306| [84680] MySQL Squid Access Report access.log File Path XSS
11307| [83980] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1689)
11308| [83979] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1734)
11309| [83978] Oracle MySQL Server Subcomponent Unspecified Remote DoS
11310| [83977] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
11311| [83976] Oracle MySQL Server GIS Extension Subcomponent Unspecified Remote DoS
11312| [83975] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1735)
11313| [83661] Oracle MySQL Unspecified Issue (59533)
11314| [82804] Oracle MySQL Authentication Protocol Token Comparison Casting Failure Password Bypass
11315| [82803] Oracle MySQL Unspecified Issue (59387)
11316| [82120] Oracle MySQL Version Specific Comment Handling Arbitrary SQL Command Execution
11317| [81897] Viscacha classes/database/mysql.inc.php Multiple Parameter SQL Injection
11318| [81616] MySQLDumper Multiple Script Direct Request Information Disclosure
11319| [81615] MySQLDumper filemanagement.php f Parameter Traversal Arbitrary File Access
11320| [81614] MySQLDumper File Upload PHP Code Execution
11321| [81613] MySQLDumper main.php Multiple Function CSRF
11322| [81612] MySQLDumper restore.php filename Parameter XSS
11323| [81611] MySQLDumper sql.php Multiple Parameter XSS
11324| [81610] MySQLDumper install.php Multiple Parameter XSS
11325| [81609] MySQLDumper install.php language Parameter Traversal Arbitrary File Access
11326| [81378] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1690)
11327| [81377] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1696)
11328| [81376] Oracle MySQL Server Server DML Component Unspecified Remote DoS
11329| [81375] Oracle MySQL Server Partition Component Unspecified Remote DoS
11330| [81374] Oracle MySQL Server MyISAM Component Unspecified Remote DoS
11331| [81373] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1703)
11332| [81059] Oracle MySQL Server Multiple Unspecified Issues
11333| [79038] Webmin Process Listing MySQL Password Local Disclosure
11334| [78919] Oracle MySQL Unspecified Pre-authentication Remote Code Execution
11335| [78710] WordPress wp-admin/setup-config.php MySQL Query Saturation Brute-Force Proxy Weakness
11336| [78708] WordPress wp-admin/setup-config.php MySQL Database Verification Code Injection Weakness
11337| [78707] WordPress wp-admin/setup-config.php MySQL Credentials Error Message Brute-Force Weakness
11338| [78394] Oracle MySQL Server Unspecified Remote DoS (2012-0493)
11339| [78393] Oracle MySQL Server Unspecified Remote DoS (2012-0492)
11340| [78392] Oracle MySQL Server Unspecified Remote DoS (2012-0117)
11341| [78391] Oracle MySQL Server Unspecified Remote DoS (2012-0112)
11342| [78390] Oracle MySQL Server Unspecified Remote DoS (2012-0495)
11343| [78389] Oracle MySQL Server Unspecified Remote DoS (2012-0491)
11344| [78388] Oracle MySQL Server Unspecified Remote DoS (2012-0490)
11345| [78387] Oracle MySQL Server Unspecified Remote DoS (2012-0489)
11346| [78386] Oracle MySQL Server Unspecified Remote DoS (2012-0488)
11347| [78385] Oracle MySQL Server Unspecified Remote DoS (2012-0487)
11348| [78384] Oracle MySQL Server Unspecified Remote DoS (2012-0486)
11349| [78383] Oracle MySQL Server Unspecified Remote DoS (2012-0485)
11350| [78382] Oracle MySQL Server Unspecified Remote DoS (2012-0120)
11351| [78381] Oracle MySQL Server Unspecified Remote DoS (2012-0119)
11352| [78380] Oracle MySQL Server Unspecified Remote DoS (2012-0115)
11353| [78379] Oracle MySQL Server Unspecified Remote DoS (2012-0102)
11354| [78378] Oracle MySQL Server Unspecified Remote DoS (2012-0101)
11355| [78377] Oracle MySQL Server Unspecified Remote DoS (2012-0087)
11356| [78376] Oracle MySQL Server Unspecified Remote DoS (2011-2262)
11357| [78375] Oracle MySQL Server Unspecified Local DoS
11358| [78374] Oracle MySQL Server Unspecified Remote Issue (2012-0075)
11359| [78373] Oracle MySQL Server Unspecified Local Issue
11360| [78372] Oracle MySQL Server Unspecified Remote Information Disclosure
11361| [78371] Oracle MySQL Server Unspecified Remote Issue (2012-0496)
11362| [78370] Oracle MySQL Server Unspecified Remote Issue (2012-0118)
11363| [78369] Oracle MySQL Server Unspecified Remote Issue (2012-0116)
11364| [78368] Oracle MySQL Server Unspecified Remote Issue (2012-0113)
11365| [78283] Oracle MySQL NULL Pointer Dereference Packet Parsing Remote DoS
11366| [77042] e107 CMS install_.php MySQL Server Name Parsing Remote PHP Code Execution
11367| [77040] DBD::mysqlPP Unspecified SQL Injection
11368| [75888] TaskFreak! multi-mysql Multiple Script Direct Request Path Disclosure
11369| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
11370| [73555] Prosody MySQL Value Column Invalid Data Type Handling DoS
11371| [73387] Zend Framework PDO_MySql Character Set Security Bypass
11372| [72836] Arctic Fox CMS Multiple Script Direct Request MySQL Settings Disclosure
11373| [72660] MySQL GUI Tools Administrator / Query Browser Command Line Credentials Local Disclosure
11374| [72120] DirectAdmin mysql_backups Folder MySQL Database Backup Local Disclosure
11375| [71368] Accellion File Transfer Appliance Weak MySQL root Password
11376| [70967] MySQL Eventum Admin User Creation CSRF
11377| [70966] MySQL Eventum preferences.php full_name Parameter XSS
11378| [70961] MySQL Eventum list.php Multiple Parameter XSS
11379| [70960] MySQL Eventum forgot_password.php URI XSS
11380| [70947] PyWebDAV DAVServer/mysqlauth.py get_userinfo() Multiple Parameter SQL Injection
11381| [70610] PHP MySQLi Extension set_magic_quotes_runtime Function mysqli_fetch_assoc Function Interaction Weakness
11382| [69885] SilverStripe modules/sapphire/trunk/core/model/MySQLDatabase.php showqueries Parameter SQL Command Disclosure
11383| [69395] MySQL Derived Table Grouping DoS
11384| [69394] MySQL Temporary Table Expression Re-Evaluation DoS
11385| [69393] MySQL GROUP_CONCAT() WITH ROLLUP Modifier DoS
11386| [69392] MySQL Extreme-Value Functions Mixed Arguments DoS
11387| [69391] MySQL Stored Procedures / Prepared Statements Nested Joins DoS
11388| [69390] MySQL Extreme-Value Functions Argument Parsing Type Error DoS
11389| [69389] MySQL CONVERT_TZ() Function Empty SET Column DoS
11390| [69388] MySQL InnoDB Storage Engine Table Handling Overflow
11391| [69387] MySQL LIKE Predicates Pre-Evaluation DoS
11392| [69001] MySQL PolyFromWKB() Function WKB Data Remote DoS
11393| [69000] MySQL HANDLER Interface Unspecified READ Request DoS
11394| [68997] MySQL Prepared-Statement Mode EXPLAIN DoS
11395| [68996] MySQL EXPLAIN EXTENDED Statement DoS
11396| [68995] MySQL GeometryCollection non-Geometry Value Assignment DoS
11397| [67488] phpMyAdmin libraries/dbi/mysqli.dbi.lib.php Unspecified Parameter XSS
11398| [67487] phpMyAdmin libraries/dbi/mysql.dbi.lib.php Unspecified Parameter XSS
11399| [67421] PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_rset_header_read Function Overflow
11400| [67420] PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_ok_read Function Arbitrary Memory Content Disclosure
11401| [67419] PHP Mysqlnd Extension php_mysqlnd_read_error_from_line Function Negative Buffer Length Value Overflow
11402| [67418] PHP Mysqlnd Extension php_mysqlnd_auth_write Function Multiple Overflows
11403| [67384] MySQL LOAD DATA INFILE Statement Incorrect OK Packet DoS
11404| [67383] MySQL EXPLAIN Statement Item_singlerow_subselect::store Function NULL Dereference DoS
11405| [67381] MySQL InnoDB Temporary Table Handling DoS
11406| [67380] MySQL BINLOG Statement Unspecified Argument DoS
11407| [67379] MySQL Multiple Operation NULL Argument Handling DoS
11408| [67378] MySQL Unique SET Column Join Statement Remote DoS
11409| [67377] MySQL DDL Statement Multiple Configuration Parameter DoS
11410| [66800] PHP Multiple mysqlnd_* Function Unspecified Overflow
11411| [66799] PHP mysqlnd Error Packet Handling Multiple Overflows
11412| [66731] PHP Bundled MySQL Library Unspecified Issue
11413| [66665] PHP MySQL LOAD DATA LOCAL open_basedir Bypass
11414| [65851] MySQL ALTER DATABASE #mysql50# Prefix Handling DoS
11415| [65450] phpGraphy mysql_cleanup.php include_path Parameter Remote File Inclusion
11416| [65085] MySQL Enterprise Monitor Unspecified CSRF
11417| [64843] MySQL DROP TABLE Command Symlink MyISAM Table Local Data Deletion
11418| [64588] MySQL sql/net_serv.cc my_net_skip_rest Function Large Packet Handling Remote DoS
11419| [64587] MySQL COM_FIELD_LIST Command Packet Table Name Argument Overflow
11420| [64586] MySQL COM_FIELD_LIST Command Packet Authentication Bypass
11421| [64524] Advanced Poll misc/get_admin.php mysql_host Parameter XSS
11422| [64447] Tirzen Framework (TZN) tzn_mysql.php Username Parameter SQL Injection Authentication Bypass
11423| [64320] ClanSphere MySQL Driver s_email Parameter SQL Injection
11424| [63903] MySQL sql/sql_plugin.cc mysql_uninstall_plugin Function UNINSTALL PLUGIN Command Privilege Check Weakness
11425| [63115] Quicksilver Forums mysqldump Process List Database Password Disclosure
11426| [62830] Employee Timeclock Software mysqldump Command-line Database Password Disclosure
11427| [62640] PHP mysqli_real_escape_string() Function Error Message Path Disclosure
11428| [62216] Flex MySQL Connector ActionScript SQL Query Arbitrary Code Execution
11429| [61752] kiddog_mysqldumper Extension for TYPO3 Unspecified Information Disclosure
11430| [61497] microTopic admin/mysql.php rating Parameter SQL Injection
11431| [60665] MySQL CREATE TABLE MyISAM Table mysql_unpacked_real_data_home Local Restriction Bypass
11432| [60664] MySQL sql/sql_table.cc Data Home Directory Symlink CREATE TABLE Access Restriction Bypass
11433| [60516] RADIO istek scripti estafresgaftesantusyan.inc Direct Request MySQL Database Credentials Disclosure
11434| [60489] MySQL GeomFromWKB() Function First Argument Geometry Value Handling DoS
11435| [60488] MySQL SELECT Statement WHERE Clause Sub-query DoS
11436| [60487] MySQL vio_verify_callback() Function Crafted Certificate MiTM Weakness
11437| [60356] MySql Client Library (libmysqlclient) mysql_real_connect Function Local Overflow
11438| [59907] MySQL on Windows bind-address Remote Connection Weakness
11439| [59906] MySQL on Windows Default Configuration Logging Weakness
11440| [59616] MySQL Hashed Password Weakness
11441| [59609] Suckbot mod_mysql_logger Shared Object Unspecified Remote DoS
11442| [59495] Cyrus SASL LDAP / MySQL Authentication Patch password Field SQL Injection Authentication Bypass
11443| [59062] phpMyAdmin Extension for TYPO3 MySQL Table Name Unspecified XSS
11444| [59045] phpMyAdmin Crafted MYSQL Table Name XSS
11445| [59030] mysql-ocaml for MySQL mysql_real_escape_string() Function Character Escaping Weakness
11446| [57587] Zmanda Recovery Manager for MySQL socket-server.pl system() Function Local Privilege Escalation
11447| [57586] Zmanda Recovery Manager for MySQL socket-server.pl system() Function Remote Shell Command Execution
11448| [56741] MySQL Connector/J Unicode w/ SJIS/Windows-31J Charset SQL Injection
11449| [56134] Virtualmin MySQL Module Execute SQL Feature Arbitrary File Access
11450| [55734] MySQL sql_parse.cc dispatch_command() Function Format String DoS
11451| [55566] MySQL Connector/NET SSL Certificate Verification Weakness
11452| [53525] MyBlog /config/mysqlconnection.inc Direct Request Information Disclosure
11453| [53524] blog+ includes/window_top.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
11454| [53523] blog+ includes/block_center_down.php row_mysql_blocks_center_down[file] Parameter Traversal Local File Inclusion
11455| [53522] blog+ includes/block_center_top.php row_mysql_blocks_center_top[file] Parameter Traversal Local File Inclusion
11456| [53521] blog+ includes/block_left.php row_mysql_blocks_left[file] Parameter Traversal Local File Inclusion
11457| [53520] blog+ includes/block_right.php row_mysql_blocks_right[file] Parameter Traversal Local File Inclusion
11458| [53519] blog+ includes/window_down.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
11459| [53366] GEDCOM_TO_MYSQL php/info.php Multiple Parameter XSS
11460| [53365] GEDCOM_TO_MYSQL php/index.php nom_branche Parameter XSS
11461| [53364] GEDCOM_TO_MYSQL php/prenom.php Multiple Parameter XSS
11462| [53360] Blogplus includes/window_top.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
11463| [53359] Blogplus includes/window_down.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
11464| [53358] Blogplus includes/block_right.php row_mysql_blocks_right[file] Parameter Traversal Local File Inclusion
11465| [53357] Blogplus includes/block_left.php row_mysql_blocks_left[file] Parameter Traversal Local File Inclusion
11466| [53356] Blogplus block_center_top.php row_mysql_blocks_center_top[file] Parameter Traversal Local File Inclusion
11467| [53355] Blogplus includes/block_center_down.php row_mysql_blocks_center_down[file] Parameter Traversal Local File Inclusion
11468| [53110] XOOPS Cube Legacy ErrorHandler::show() Function MySQL Error Message XSS
11469| [52729] Asterisk-addon cdr_addon_mysql.c Call Detail Record SQL Injection
11470| [52728] Tribox cdr_addon_mysql.c Call Detail Record XSS
11471| [52727] FreePBX cdr_addon_mysql.c Call Detail Record XSS
11472| [52726] Areski cdr_addon_mysql.c Call Detail Record XSS
11473| [52464] MySQL charset Column Truncation Weakness
11474| [52453] MySQL sql/item_xmlfunc.cc ExtractValue() / UpdateXML() Functions Scalar XPath DoS
11475| [52378] Cisco ANM MySQL root Account Default Password
11476| [52264] Broadcast Machine MySQLController.php controllers/baseDir Parameter Remote File Inclusion
11477| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
11478| [51171] MySQL InnoDB convert_search_mode_to_innobase Function DoS
11479| [50892] MySQL Calendar index.php username Parameter SQL Injection
11480| [50827] Nodstrum MySQL Calendar nodstrumCalendarV2 Cookie Manipulation Admin Authentication Bypass
11481| [49875] PromoteWeb MySQL go.php id Parameter SQL Injection
11482| [48710] MySQL Command Line Client HTML Output XSS
11483| [48709] MySQL Quick Admin actions.php lang Parameter Traversal Local File Inclusion
11484| [48708] MySQL Quick Admin index.php language Cookie Traversal Local File Inclusion
11485| [48021] MySQL Empty Bit-String Literal Token SQL Statement DoS
11486| [47789] mysql-lists Unspecified XSS
11487| [47394] Keld PHP-MySQL News Script login.php username Parameter SQL Injection
11488| [45073] MySQLDumper Extension for TYPO3 Unspecified Authentication Bypass
11489| [44937] MySQL MyISAM Table CREATE TABLE Privilege Check Bypass
11490| [44138] Debian GNU/Linux libdspam7-drv-mysql Cron MySQL dspam Database Password Local Disclosure
11491| [44071] Phorum /include/db/mysql.php Unspecified Search SQL Injection
11492| [43180] MySQL sql_select.cc INFORMATION_SCHEMA Table Crafted Query Remote DoS
11493| [43179] MySQL Server BINLOG Statement Rights Checking Failure
11494| [42610] MySQL DEFINER View Value Crafted Statements Remote Privilege Escalation
11495| [42609] MySQL Federated Engine SHOW TABLE STATUS Query Remote DoS
11496| [42608] MySQL RENAME TABLE Symlink System Table Overwrite
11497| [42607] MySQL Multiple table-level DIRECTORY Remote Privilege Escalation
11498| [42460] MySQLDumper HTTP POST Request Remote Authentication Bypass
11499| [42423] AdventNet EventLog Analyzer MySQL Installation Default root Account
11500| [41861] Bacula make_catalog_backup Function MySQL Director Password Cleartext Disclosure
11501| [40232] PHP MySQL Banner Exchange inc/lib.inc Direct Request Database Disclosure
11502| [40188] Password Manager Pro (PMP) mysql Unspecified Remote Command Injection
11503| [39279] PHP mysql_error() Function XSS
11504| [39145] aurora framework db_mysql.lib pack_var() value Parameter SQL Injection
11505| [38567] NetClassifieds Mysql_db.php Halt_On_Error Setting Error Message Path Disclosure
11506| [38112] Excel Parser Pro sample/xls2mysql parser_path Parameter Remote File Inclusion
11507| [37880] Asterisk-Addons source/destination Numbers cdr_addon_mysql Module SQL Injection
11508| [37784] PHP MySQL Extension Multiple Function Security Restriction Bypass
11509| [37783] MySQL Community Server CREATE TABLE LIKE Table Structure Disclosure
11510| [37782] MySQL Community Server External Table View Privilege Escalation
11511| [37781] MySQL ALTER TABLE Information Disclosure
11512| [37539] GPL PHP Board db.mysql.inc.php root_path Parameter Remote File Inclusion
11513| [37195] Eve-Nuke Module for PHP-Nuke db/mysql.php phpbb_root_path
11514| [37015] paBugs class.mysql.php path_to_bt_dir Parameter Remote File Inclusion
11515| [36868] PHP MySQLi Extension LOCAL INFILE Operation Security Restriction Bypass
11516| [36867] PHP MySQL Extension LOCAL INFILE Operation Security Restriction Bypass
11517| [36771] InterWorx-CP SiteWorx mysql.php PATH_INFO Parameter XSS
11518| [36757] InterWorx-CP NodeWorx mysql.php PATH_INFO Parameter XSS
11519| [36732] MySQL Community Server Connection Protocol Malformed Password Packet Remote DoS
11520| [36251] Associated Press (AP) Newspower Default MySQL root Password
11521| [35168] Study Planner (Studiewijzer) db/mysql/db.inc.php SPL_CFG[dirroot] Parameter Remote File Inclusion
11522| [35037] Fantastico for cPanel includes/mysqlconfig.php fantasticopath Parameter Traversal Local File Inclusion
11523| [34780] Backup Manager Command Line Cleartext MySQL Password Disclosure
11524| [34766] MySQL RENAME TABLE Statement Arbitrary Table Name Modification
11525| [34765] MySQL mysql_change_db Function THD::db_access Privilege Escalation
11526| [34734] MySQL Crafted IF Clause Divide-by-zero NULL Dereference DoS
11527| [34038] MySQL Commander ressourcen/dbopen.php home Parameter Remote File Inclusion
11528| [33974] MySQL information_schema Table Subselect Single-Row DoS
11529| [33678] MySQLNewsEngine affichearticles.php3 newsenginedir Parameter Remote File Inclusion
11530| [33447] WGS-PPC (PPC Search Engine) config/mysql_config.php INC Parameter Remote File Inclusion
11531| [33372] deV!L'z Clanportal inc/filebrowser/browser.php MySQL Data Disclosure
11532| [33147] ActiveCalendar data/mysqlevents.php css Parameter XSS
11533| [32784] Storystream mysqli.php baseDir Parameter Remote File Inclusion
11534| [32783] Storystream mysql.php baseDir Parameter Remote File Inclusion
11535| [32421] Contenido CMS conlib/db_mysqli.inc Direct Request Path Disclosure
11536| [32272] JevonCMS /phplib/db_mysql.inc Direct Request Path Disclosure
11537| [32171] Blue Magic Board db_mysql_error.php Direct Request Path Disclosure
11538| [32056] BTSaveMySql Direct Request Config File Disclosure
11539| [32044] cPanel WebHost Manager (WHM) scripts/passwdmysql password Parameter XSS
11540| [32024] TikiWiki tiki-wiki_rss.php ver MySQL Credential Disclosure
11541| [31963] Agora MysqlfinderAdmin.php _SESSION[PATH_COMPOSANT] Parameter Remote File Inclusion
11542| [31431] ZoomStats libs/dbmax/mysql.php GLOBALS[lib][db][path] Parameter Remote File Inclusion
11543| [30172] TikiWiki Multiple Script Empty sort_mode Parameter MySQL Authentication Credential Disclosure
11544| [29696] MySQLDumper sql.php db Parameter XSS
11545| [29453] ConPresso CMS db_mysql.inc.php msg Parameter XSS
11546| [29122] cPanel mysqladmin/hooksadmin Unspecified Privilege Escalation
11547| [28296] MySQL Crafted multiupdate / subselects Query Local DoS
11548| [28288] MySQL Instance_options::complete_initialization Function Overflow
11549| [28030] Tutti Nova class.novaRead.mysql.php TNLIB_DIR Parameter Remote File Inclusion
11550| [28029] Tutti Nova class.novaAdmin.mysql.php TNLIB_DIR Parameter Remote File Inclusion
11551| [28028] Tutti Nova class.novaEdit.mysql.php TNLIB_DIR Parameter Remote File Inclusion
11552| [28013] MySQL SUID Routine Miscalculation Arbitrary DML Statement Execution
11553| [28012] MySQL Case Sensitivity Unauthorized Database Creation
11554| [27919] MySQL VIEW Access information_schema.views Information Disclosure
11555| [27703] MySQL MERGE Table Privilege Persistence
11556| [27593] Drupal database.mysqli.inc Multiple Parameter SQL Injection
11557| [27549] Opsware NAS /etc/init.d/mysqll MySQL root Cleartext Password Local Disclosure
11558| [27416] MySQL Server time.cc date_format Function Format String
11559| [27054] MySQL mysqld str_to_date Function NULL Argument DoS
11560| [26923] PHP/MySQL Classifieds (PHP Classifieds) search.php rate Parameter SQL Injection
11561| [26922] PHP/MySQL Classifieds (PHP Classifieds) AddAsset1.php Multiple Field XSS
11562| [26822] Bee-hive Lite include/listall.inc.php mysqlcall Parameter Remote File Inclusion
11563| [26821] Bee-hive Lite conad/include/mysqlCall.inc.php config Parameter Remote File Inclusion
11564| [26820] Bee-hive Lite conad/logout.inc.php mysqlCall Parameter Remote File Inclusion
11565| [26819] Bee-hive Lite conad/login.inc.php mysqlCall Parameter Remote File Inclusion
11566| [26818] Bee-hive Lite conad/checkPasswd.inc.php mysqlCall Parameter Remote File Inclusion
11567| [26817] Bee-hive Lite conad/changeUserDetails.inc.php mysqlCall Parameter Remote File Inclusion
11568| [26816] Bee-hive Lite conad/changeEmail.inc.php mysqlCall Parameter Remote File Inclusion
11569| [26125] Open Searchable Image Catalogue core.php do_mysql_query Function Error Message XSS
11570| [26123] Open Searchable Image Catalogue core.php do_mysql_query Function SQL Injection
11571| [25987] MySQL Multibyte Encoding SQL Injection Filter Bypass
11572| [25908] Drupal database.mysql.inc Multiple Parameter SQL Injection
11573| [25595] Apple Mac OS X MySQL Manager Blank root Password
11574| [25228] MySQL Crafted COM_TABLE_DUMP Request Arbitrary Memory Disclosure
11575| [25227] MySQL COM_TABLE_DUMP Packet Overflow
11576| [25226] MySQL Malformed Login Packet Remote Memory Disclosure
11577| [24245] Cholod Mysql Based Message Board Unspecified XSS
11578| [24244] Cholod Mysql Based Message Board mb.cgi showmessage Action SQL Injection
11579| [23963] WoltLab Burning Board class_db_mysql.php SQL Error Message XSS
11580| [23915] Netcool/NeuSecure MySQL Database Connection Restriction Bypass
11581| [23611] Aztek Forum index.php msg Variable Forced MySQL Error Information Disclosure
11582| [23526] MySQL Query NULL Charcter Logging Bypass
11583| [23157] PHP/MYSQL Timesheet changehrs.php Multiple Parameter SQL Injection
11584| [23156] PHP/MYSQL Timesheet index.php Multiple Parameter SQL Injection
11585| [22995] PAM-MySQL Authentication pam_get_item() Function Unspecified Privilege Escalation
11586| [22994] PAM-MySQL SQL Logging Facility Segfault DoS
11587| [22485] Recruitment Software admin/site.xml MySQL Authentication Credential Disclosure
11588| [22479] PHP mysqli Extension Error Message Format String
11589| [22232] PHP Pipe Variable mysql_connect() Function Overflow
11590| [21685] MySQL Auction Search Module keyword XSS
11591| [20698] Campsite notifyendsubs Cron MySQL Password Cleartext Remote Disclosure
11592| [20145] Proofpoint Protection Server Embedded MySQL Server Unpassworded root Account
11593| [19457] aMember Pro mysql.inc.php Remote File Inclusion
11594| [19377] MAXdev MD-Pro /MySQL_Tools/admin.php Path Disclosure
11595| [18899] MySQL UDF Library Arbitrary Function Load Privilege Escalation
11596| [18898] MySQL UDF LoadLibraryEx Function Nonexistent Library Load DoS
11597| [18897] MySQL on Windows UDF Create Function Traversal Privilege Escalation
11598| [18896] MySQL User-Defined Function init_syms() Function Overflow
11599| [18895] MySQL libmysqlclient.so host Parameter Remote Overflow
11600| [18894] MySQL drop database Request Remote Overflow
11601| [18622] FunkBoard mysql_install.php Email Field Arbitrary PHP Code Injection
11602| [18620] FunkBoard mysql_install.php Admin/Database Password Manipulation
11603| [18406] MySQL Eventum releases.php SQL Injection
11604| [18405] MySQL Eventum custom_fields_graph.php SQL Injection
11605| [18404] MySQL Eventum custom_fields.php SQL Injection
11606| [18403] MySQL Eventum login.php email Parameter SQL Injection Authentication Bypass
11607| [18402] MySQL Eventum get_jsrs_data.php F Parameter XSS
11608| [18401] MySQL Eventum list.php release Parameter XSS
11609| [18400] MySQL Eventum view.php id Parameter XSS
11610| [18173] MySQL on Windows USE Command MS-DOS Device Name DoS
11611| [17801] Bugzilla MySQL Replication Race Condition Information Disclosure
11612| [17223] xMySQLadmin Symlink Arbitrary File Deletion
11613| [16727] MySQL Nonexistent '--user' Error Incorrect Privilege Database Invocation
11614| [16689] MySQL mysql_install_db Symlink Arbitrary File Overwrite
11615| [16056] Plans Unspecified mySQL Remote Password Disclosure
11616| [15993] MySQL MaxDB Webtool Remote getIfHeader() WebDAV Function Remote Overflow
11617| [15817] MySQL MaxDB Web Tool getLockTokenHeader() Function Remote Overflow
11618| [15816] MySQL MaxDB Web Administration Service Malformed GET Request Overflow
11619| [15451] paNews auth.php mysql_prefix Parameter SQL Injection
11620| [14748] MySQL MS-DOS Device Names Request DoS
11621| [14678] MySQL CREATE FUNCTION Arbitrary libc Code Execution
11622| [14677] MySQL CREATE FUNCTION mysql.func Table Arbitrary Library Injection
11623| [14676] MySQL CREATE TEMPORARY TABLE Symlink Privilege Escalation
11624| [14386] phpMyAdmin mysqli.dbi.lib.php Path Disclosure
11625| [14052] Symantec Brightmail AntiSpam Multiple Default MySQL Accounts
11626| [13086] MySQL MaxDB Web Agent Malformed HTTP Header DoS
11627| [13085] MySQL MaxDB Web Agent WebDAV sapdbwa_GetUserData() Function Remote DoS
11628| [13013] MySQL mysqlaccess.sh Symlink Arbitrary File Manipulation
11629| [12919] MySQL MaxDB WebAgent websql Remote Overflow
11630| [12779] MySQL User Defined Function Privilege Escalation
11631| [12609] MySQL Eventum projects.php Multiple Parameter XSS
11632| [12608] MySQL Eventum preferences.php Multiple Parameter XSS
11633| [12607] MySQL Eventum forgot_password.php email Parameter XSS
11634| [12606] MySQL Eventum index.php email Parameter XSS
11635| [12605] MySQL Eventum Default Vendor Account
11636| [12275] MySQL MaxDB Web Tools wahttp Nonexistent File Request DoS
11637| [12274] MySQL MaxDB Web Tools WebDAV Handler Remote Overflow
11638| [11689] Roxen Web Server MySQL Socket Permission Weakness
11639| [10985] MySQL MATCH..AGAINST Query DoS
11640| [10959] MySQL GRANT ALL ON Privilege Escalation
11641| [10660] MySQL ALTER TABLE/RENAME Forces Old Permission Checks
11642| [10659] MySQL ALTER MERGE Tables to Change the UNION DoS
11643| [10658] MySQL mysql_real_connect() Function Remote Overflow
11644| [10532] MySQL MaxDB webdbm Server Field DoS
11645| [10491] AWS MySQLguest AWSguest.php Script Insertion
11646| [10244] MySQL libmysqlclient Prepared Statements API Overflow
11647| [10226] MySQLGuest AWSguest.php Multiple Field XSS
11648| [9912] PHP safe_mode MySQL Database Access Restriction Bypass
11649| [9911] Inter7 vpopmail MySQL Module Authentication Credential Disclosure
11650| [9910] MySQL mysql_change_user() Double-free Memory Pointer DoS
11651| [9909] MySQL datadir/my.cnf Modification Privilege Escalation
11652| [9908] MySQL my.ini Initialization File datadir Parameter Overflow
11653| [9907] MySQL SELECT Statement String Handling Overflow
11654| [9906] MySQL GRANT Privilege Arbitrary Password Modification
11655| [9509] teapop MySQL Authentication Module SQL Injection
11656| [9018] MySQL Backup Pro getbackup() Method Unspecified Issue
11657| [9015] MySQL mysqlhotcopy Insecure Temporary File Creation
11658| [8997] Cacti config.php MySQL Authentication Credential Cleartext Disclosure
11659| [8979] MySQL SHOW GRANTS Encrypted Password Disclosure
11660| [8889] MySQL COM_TABLE_DUMP Package Negative Integer DoS
11661| [8888] MySQL COM_CHANGE_USER Command Long Repsonse Overflow
11662| [8887] MySQL COM_CHANGE_USER Command One Character Password Brute Force
11663| [8886] MySQL libmysqlclient Library read_one_row Overflow
11664| [8885] MySQL libmysqlclient Library read_rows Overflow
11665| [7476] MySQL Protocol 4.1 Authentication Scramble String Overflow
11666| [7475] MySQL Zero-length Scrambled String Crafted Packet Authentication Bypass
11667| [7245] MySQL Pluggable Authentication Module (pam_mysql) Password Disclosure
11668| [7128] MySQL show database Database Name Exposure
11669| [6716] MySQL Database Engine Weak Authentication Information Disclosure
11670| [6605] MySQL mysqld Readable Log File Information Disclosure
11671| [6443] PowerPhlogger db_dump.php View Arbitrary mySQL Dump
11672| [6421] MySQL mysqld_multi Symlink Arbitrary File Overwrite
11673| [6420] MySQL mysqlbug Symlink Arbitrary File Overwrite
11674| [2537] MySQL sql_acl.cc get_salt_from_password Function Password Handling Remote Overflow
11675| [2144] WinMySQLadmin my.ini Cleartext Password Disclosure
11676| [653] PCCS-Linux MySQL Database Admin Tool Authentication Credential Disclosure
11677| [520] MySQL Database Name Traversal Arbitrary File Modification
11678| [380] MySQL Server on Windows Default Null Root Password
11679| [261] MySQL Short Check String Authentication Bypass
11680|_
116813389/tcp open ms-wbt-server xrdp
11682| vulscan: VulDB - https://vuldb.com:
11683| [98230] xrdp 0.9.1 PAM Session Module auth_start_session privilege escalation
11684| [45914] xrdp 0.3/0.3.1/0.3.2/0.4/0.4.1 rdp_rdp_process_color_pointer_pdu memory corruption
11685| [45913] xrdp 0.3/0.3.1/0.3.2/0.4/0.4.1 xrdp_bitmap_def_proc memory corruption
11686| [45912] xrdp 0.3/0.3.1/0.3.2/0.4/0.4.1 xrdp_bitmap_invalidate memory corruption
11687|
11688| MITRE CVE - https://cve.mitre.org:
11689| [CVE-2010-3376] The (1) proofserv, (2) xrdcp, (3) xrdpwdadmin, and (4) xrd scripts in ROOT 5.18/00 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
11690| [CVE-2008-5904] The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow.
11691| [CVE-2008-5903] Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via vectors that manipulate the value of the edit_pos structure member.
11692| [CVE-2008-5902] Buffer overflow in the xrdp_bitmap_invalidate function in xrdp/xrdp_bitmap.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via a crafted request.
11693|
11694| SecurityFocus - https://www.securityfocus.com/bid/:
11695| [94958] xrdp CVE-2013-1430 Information Disclosure Vulnerability
11696| [72667] xrdp 'sesman/verify_user.c' Remote Denial of Service Vulnerability
11697| [33371] xrdp 'xrdp_bitmap_def_proc()' Memory Corruption Vulnerability
11698| [32565] xrdp Multiple Buffer Overflow Vulnerabilities
11699|
11700| IBM X-Force - https://exchange.xforce.ibmcloud.com:
11701| [48094] xrdp rdp_rdp_process_color_pointer_pdu buffer overflow
11702| [48093] xrdp xrdp_bitmap_def_proc code execution
11703| [47004] xrdp xrdp_bitmap_invalidate() buffer overflow
11704|
11705| Exploit-DB - https://www.exploit-db.com:
11706| [8469] XRDP <= 0.4.1 - Remote Buffer Overflow PoC (pre-auth)
11707|
11708| OpenVAS (Nessus) - http://www.openvas.org:
11709| No findings
11710|
11711| SecurityTracker - https://www.securitytracker.com:
11712| No findings
11713|
11714| OSVDB - http://www.osvdb.org:
11715| [53313] xrdp rdp/rdp_rdp.c rdp_rdp_process_color_pointer_pdu Function Unspecified Remote Overflow
11716| [51558] xrdp xrdp/funcs.c xrdp_bitmap_def_proc Function Arbitrary Code Execution
11717| [51407] xrdp xrdp/xrdp_bitmap.c xrdp_bitmap_invalidate Function Remote Overflow
11718|_
117197080/tcp open ssl/http LiteSpeed httpd
11720|_http-server-header: LiteSpeed
11721| vulscan: VulDB - https://vuldb.com:
11722| [127415] LiteSpeed OpenLiteSpeed up to 1.5.0 RC5 Byte Sequence Request privilege escalation
11723| [106897] Open Litespeed up to 1.3.9 Use-After-Free memory corruption
11724| [62114] Litespeedtech LiteSpeed Web Server 4.1.11 cross site scripting
11725| [53729] Litespeedtech LiteSpeed Web Server information disclosure
11726| [39420] Litespeed Technologies LiteSpeed Web Server up to 3.2.2 php%00.txt information disclosure
11727|
11728| MITRE CVE - https://cve.mitre.org:
11729| [CVE-2012-4871] Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.
11730| [CVE-2010-2333] LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
11731| [CVE-2007-5654] LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection."
11732| [CVE-2005-3695] Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter.
11733|
11734| SecurityFocus - https://www.securityfocus.com/bid/:
11735| [82240] PHP LiteSpeed SAPI Out of Bounds Read Memory Corruption Vulnerability
11736| [82027] PHP 'sapi/litespeed/lsapilib.c' Information Disclosure Vulnerability
11737| [74806] OpenLiteSpeed Heap Based Buffer Overflow and Denial of Service Vulnerabilities
11738| [74207] LiteSpeed Web Server 'httpreq.cpp' Use After Free Denial of Service Vulnerability
11739| [63484] LiteSpeed Web Server Local Privilege Escalation Vulnerability
11740| [63481] LiteSpeed Web Server Race Condition Insecure Temporary File Creation Vulnerability
11741| [55946] LiteSpeed Web Server 'gtitle' parameter Cross Site Scripting Vulnerability
11742| [45382] PHP LiteSpeed SAPI Arbitrary Code Execution Vulnerability
11743| [40815] LiteSpeed Web Server Source Code Information Disclosure Vulnerability
11744| [38317] LiteSpeed Web Server Cross Site Scripting and Request Forgery Vulnerabilities
11745| [36268] LiteSpeed Web Server Multiple Unspecified Remote Security Vulnerabilities
11746| [26163] LiteSpeed Web Server Null-Byte Handling Information Disclosure Vulnerability
11747| [15485] LiteSpeed ConfMgr.php Cross-Site Scripting Vulnerability
11748|
11749| IBM X-Force - https://exchange.xforce.ibmcloud.com:
11750| [74144] LiteSpeed graph_html.php cross-site scripting
11751| [63979] LiteSpeed Web Server Null buffer overflow
11752| [59385] LiteSpeed Web Server information disclosure
11753| [56389] LiteSpeed Web Server Admin interface cross-site scripting
11754| [56388] LiteSpeed Web Server confMgr.php cross-site request forgery
11755| [54537] LiteSpeed Web Server post-authentication code execution
11756| [54536] LiteSpeed Web Server Lshttpd denial of service
11757| [37380] LiteSpeed Web Server mime-type information disclosure
11758| [23086] LiteSpeed Web Server /admin/config/confMgr.php cross-site scripting
11759|
11760| Exploit-DB - https://www.exploit-db.com:
11761| [26535] LiteSpeed 2.1.5 ConfMgr.php Cross-Site Scripting Vulnerability
11762| [15723] FreeBSD LiteSpeed Web Server 4.0.17 with PHP - Remote Exploit
11763| [13850] Litespeed Technologies Web Server Remote Poison null byte Exploit
11764| [11503] Litespeed Web Server 4.0.12 - (Add Admin) CSRF and XSS Vulnerabilities
11765| [4556] LiteSpeed Web Server <= 3.2.3 - Remote Source Code Disclosure Vuln
11766|
11767| OpenVAS (Nessus) - http://www.openvas.org:
11768| [100744] LiteSpeed Web Server Source Code Information Disclosure Vulnerability
11769|
11770| SecurityTracker - https://www.securitytracker.com:
11771| [1015234] LiteSpeed Web Server Input Validation Flaw in 'confMgr.php' Permits Cross-Site Scripting Attacks
11772|
11773| OSVDB - http://www.osvdb.org:
11774| [80213] LiteSpeed Web Server Admin Panel service/graph_html.php gtitle Parameter XSS
11775| [69916] LiteSpeed Web Server HTTP Header LSAPI PHP Extension Processing Overflow
11776| [65476] LiteSpeed Web Server Script Source Code Information Disclosure
11777| [62449] LiteSpeed Web Server Admin User Creation CSRF
11778| [57910] LiteSpeed Web Server Unspecified Post-authentication Issue
11779| [57909] LiteSpeed Web Server lshttpd Unspecified Infinite Loop DoS
11780| [41867] LiteSpeed Web Server MIME Type Injection Null Byte Script Source Code Disclosure
11781| [20908] LiteSpeed Web Server WebAdmin confMgr.php m Parameter XSS
11782|_
1178364918/tcp open ssh OpenSSH 7.4 (protocol 2.0)
11784| vulners:
11785| cpe:/a:openbsd:openssh:7.4:
11786| CVE-2018-15919 5.0 https://vulners.com/cve/CVE-2018-15919
11787|_ CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906
11788| vulscan: VulDB - https://vuldb.com:
11789| [130671] gsi-openssh-server 7.9p1 on Fedora /etc/gsissh/sshd_config weak authentication
11790| [130371] OpenSSH 7.9 scp Man-in-the-Middle directory traversal
11791| [130370] OpenSSH 7.9 Man-in-the-Middle spoofing
11792| [130369] OpenSSH 7.9 Encoding progressmeter.c refresh_progress_meter() spoofing
11793| [129007] OpenSSH 7.9 scp Client scp.c Filename privilege escalation
11794| [123343] OpenSSH up to 7.8 GSS2 auth-gss2.c information disclosure
11795| [123011] OpenSSH up to 7.7 auth2-gss.c Request information disclosure
11796| [112267] OpenSSH up to 7.3 sshd kex.c/packet.c NEWKEYS Message denial of service
11797| [108627] OpenSSH up to 7.5 Readonly Mode sftp-server.c process_open unknown vulnerability
11798| [94611] OpenSSH up to 7.3 Access Control privilege escalation
11799| [94610] OpenSSH up to 7.3 Shared Memory Manager privilege escalation
11800| [94608] OpenSSH up to 7.3 Unix-Domain Socket privilege escalation
11801| [94607] OpenSSH up to 7.3 Forwarded Agent Channel privilege escalation
11802| [90671] OpenSSH up to 7.2 auth-passwd.c auth_password denial of service
11803| [90405] OpenSSH up to 7.2p2 sshd information disclosure
11804| [90404] OpenSSH up to 7.2p2 sshd information disclosure
11805| [90403] OpenSSH up to 7.2p2 sshd CPU Exhaustion denial of service
11806| [89622] OpenSSH 7.2p2 Authentication Username information disclosure
11807| [81320] OpenSSH up to 7.2p1 X11 Authentication Credential xauth privilege escalation
11808| [80656] OpenBSD OpenSSH 7.1 X11 Forwarding privilege escalation
11809| [80330] OpenSSH up to 7.1p1 packet.c ssh_packet_read_poll2 memory corruption
11810|
11811| MITRE CVE - https://cve.mitre.org:
11812| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
11813| [CVE-1999-0661] A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.
11814|
11815| SecurityFocus - https://www.securityfocus.com/bid/:
11816| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
11817| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
11818| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
11819| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
11820| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
11821| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
11822| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
11823| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
11824| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
11825| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
11826| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
11827| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
11828| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
11829| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
11830| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
11831| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
11832| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
11833| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
11834| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
11835| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
11836| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
11837| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
11838| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
11839| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
11840| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
11841| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
11842| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
11843| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
11844| [75990] OpenSSH Login Handling Security Bypass Weakness
11845| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
11846| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
11847| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
11848| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
11849| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
11850| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
11851| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
11852| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
11853| [61286] OpenSSH Remote Denial of Service Vulnerability
11854| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
11855| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
11856| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
11857| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
11858| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
11859| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
11860| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
11861| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
11862| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
11863| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
11864| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
11865| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
11866| [30794] Red Hat OpenSSH Backdoor Vulnerability
11867| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
11868| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
11869| [28531] OpenSSH ForceCommand Command Execution Weakness
11870| [28444] OpenSSH X Connections Session Hijacking Vulnerability
11871| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
11872| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
11873| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
11874| [20956] OpenSSH Privilege Separation Key Signature Weakness
11875| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
11876| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
11877| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
11878| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
11879| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
11880| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
11881| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
11882| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
11883| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
11884| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
11885| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
11886| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
11887| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
11888| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
11889| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
11890| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
11891| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
11892| [6168] OpenSSH Visible Password Vulnerability
11893| [5374] OpenSSH Trojan Horse Vulnerability
11894| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
11895| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
11896| [4241] OpenSSH Channel Code Off-By-One Vulnerability
11897| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
11898| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
11899| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
11900| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
11901| [2917] OpenSSH PAM Session Evasion Vulnerability
11902| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
11903| [2356] OpenSSH Private Key Authentication Check Vulnerability
11904| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
11905| [1334] OpenSSH UseLogin Vulnerability
11906|
11907| IBM X-Force - https://exchange.xforce.ibmcloud.com:
11908| [83258] GSI-OpenSSH auth-pam.c security bypass
11909| [82781] OpenSSH time limit denial of service
11910| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
11911| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
11912| [72756] Debian openssh-server commands information disclosure
11913| [68339] OpenSSH pam_thread buffer overflow
11914| [67264] OpenSSH ssh-keysign unauthorized access
11915| [65910] OpenSSH remote_glob function denial of service
11916| [65163] OpenSSH certificate information disclosure
11917| [64387] OpenSSH J-PAKE security bypass
11918| [63337] Cisco Unified Videoconferencing OpenSSH weak security
11919| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
11920| [45202] OpenSSH signal handler denial of service
11921| [44747] RHEL OpenSSH backdoor
11922| [44280] OpenSSH PermitRootLogin information disclosure
11923| [44279] OpenSSH sshd weak security
11924| [44037] OpenSSH sshd SELinux role unauthorized access
11925| [43940] OpenSSH X11 forwarding information disclosure
11926| [41549] OpenSSH ForceCommand directive security bypass
11927| [41438] OpenSSH sshd session hijacking
11928| [40897] OpenSSH known_hosts weak security
11929| [40587] OpenSSH username weak security
11930| [37371] OpenSSH username data manipulation
11931| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
11932| [37112] RHSA update for OpenSSH signal handler race condition not installed
11933| [37107] RHSA update for OpenSSH identical block denial of service not installed
11934| [36637] OpenSSH X11 cookie privilege escalation
11935| [35167] OpenSSH packet.c newkeys[mode] denial of service
11936| [34490] OpenSSH OPIE information disclosure
11937| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
11938| [32975] Apple Mac OS X OpenSSH denial of service
11939| [32387] RHSA-2006:0738 updates for openssh not installed
11940| [32359] RHSA-2006:0697 updates for openssh not installed
11941| [32230] RHSA-2006:0298 updates for openssh not installed
11942| [32132] RHSA-2006:0044 updates for openssh not installed
11943| [30120] OpenSSH privilege separation monitor authentication verification weakness
11944| [29255] OpenSSH GSSAPI user enumeration
11945| [29254] OpenSSH signal handler race condition
11946| [29158] OpenSSH identical block denial of service
11947| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
11948| [25116] OpenSSH OpenPAM denial of service
11949| [24305] OpenSSH SCP shell expansion command execution
11950| [22665] RHSA-2005:106 updates for openssh not installed
11951| [22117] OpenSSH GSSAPI allows elevated privileges
11952| [22115] OpenSSH GatewayPorts security bypass
11953| [20930] OpenSSH sshd.c LoginGraceTime denial of service
11954| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
11955| [17213] OpenSSH allows port bouncing attacks
11956| [16323] OpenSSH scp file overwrite
11957| [13797] OpenSSH PAM information leak
11958| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
11959| [13264] OpenSSH PAM code could allow an attacker to gain access
11960| [13215] OpenSSH buffer management errors could allow an attacker to execute code
11961| [13214] OpenSSH memory vulnerabilities
11962| [13191] OpenSSH large packet buffer overflow
11963| [12196] OpenSSH could allow an attacker to bypass login restrictions
11964| [11970] OpenSSH could allow an attacker to obtain valid administrative account
11965| [11902] OpenSSH PAM support enabled information leak
11966| [9803] OpenSSH "
11967| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
11968| [9307] OpenSSH is running on the system
11969| [9169] OpenSSH "
11970| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
11971| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
11972| [8383] OpenSSH off-by-one error in channel code
11973| [7647] OpenSSH UseLogin option arbitrary code execution
11974| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
11975| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
11976| [7179] OpenSSH source IP access control bypass
11977| [6757] OpenSSH "
11978| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
11979| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
11980| [5517] OpenSSH allows unauthorized access to resources
11981| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
11982|
11983| Exploit-DB - https://www.exploit-db.com:
11984| [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
11985| [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
11986| [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
11987| [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability
11988| [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability
11989| [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
11990| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
11991| [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)
11992| [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
11993| [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit
11994| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
11995| [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x
11996| [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
11997| [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool
11998|
11999| OpenVAS (Nessus) - http://www.openvas.org:
12000| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
12001| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
12002| [881183] CentOS Update for openssh CESA-2012:0884 centos6
12003| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
12004| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
12005| [870763] RedHat Update for openssh RHSA-2012:0884-04
12006| [870129] RedHat Update for openssh RHSA-2008:0855-01
12007| [861813] Fedora Update for openssh FEDORA-2010-5429
12008| [861319] Fedora Update for openssh FEDORA-2007-395
12009| [861170] Fedora Update for openssh FEDORA-2007-394
12010| [861012] Fedora Update for openssh FEDORA-2007-715
12011| [840345] Ubuntu Update for openssh vulnerability USN-597-1
12012| [840300] Ubuntu Update for openssh update USN-612-5
12013| [840271] Ubuntu Update for openssh vulnerability USN-612-2
12014| [840268] Ubuntu Update for openssh update USN-612-7
12015| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
12016| [840214] Ubuntu Update for openssh vulnerability USN-566-1
12017| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
12018| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
12019| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
12020| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
12021| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
12022| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
12023| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
12024| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
12025| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
12026| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
12027| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
12028| [100584] OpenSSH X Connections Session Hijacking Vulnerability
12029| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
12030| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
12031| [65987] SLES10: Security update for OpenSSH
12032| [65819] SLES10: Security update for OpenSSH
12033| [65514] SLES9: Security update for OpenSSH
12034| [65513] SLES9: Security update for OpenSSH
12035| [65334] SLES9: Security update for OpenSSH
12036| [65248] SLES9: Security update for OpenSSH
12037| [65218] SLES9: Security update for OpenSSH
12038| [65169] SLES9: Security update for openssh,openssh-askpass
12039| [65126] SLES9: Security update for OpenSSH
12040| [65019] SLES9: Security update for OpenSSH
12041| [65015] SLES9: Security update for OpenSSH
12042| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
12043| [61639] Debian Security Advisory DSA 1638-1 (openssh)
12044| [61030] Debian Security Advisory DSA 1576-2 (openssh)
12045| [61029] Debian Security Advisory DSA 1576-1 (openssh)
12046| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
12047| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
12048| [60667] Slackware Advisory SSA:2008-095-01 openssh
12049| [59014] Slackware Advisory SSA:2007-255-01 openssh
12050| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
12051| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
12052| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
12053| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
12054| [57492] Slackware Advisory SSA:2006-272-02 openssh
12055| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
12056| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
12057| [57470] FreeBSD Ports: openssh
12058| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
12059| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
12060| [56294] Slackware Advisory SSA:2006-045-06 openssh
12061| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
12062| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
12063| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
12064| [53788] Debian Security Advisory DSA 025-1 (openssh)
12065| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
12066| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
12067| [11343] OpenSSH Client Unauthorized Remote Forwarding
12068| [10954] OpenSSH AFS/Kerberos ticket/token passing
12069| [10883] OpenSSH Channel Code Off by 1
12070| [10823] OpenSSH UseLogin Environment Variables
12071|
12072| SecurityTracker - https://www.securitytracker.com:
12073| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
12074| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
12075| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
12076| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
12077| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
12078| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
12079| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
12080| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
12081| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
12082| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
12083| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
12084| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
12085| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
12086| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
12087| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
12088| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
12089| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
12090| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
12091| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
12092| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
12093| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
12094| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
12095| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
12096| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
12097| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
12098| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
12099| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
12100| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
12101| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
12102| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
12103| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
12104| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
12105| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
12106| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
12107| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
12108| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
12109| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
12110| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
12111|
12112| OSVDB - http://www.osvdb.org:
12113| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
12114| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
12115| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
12116| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
12117| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
12118| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
12119| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
12120| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
12121| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
12122| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
12123| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
12124| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
12125| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
12126| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
12127| [56921] OpenSSH Unspecified Remote Compromise
12128| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
12129| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
12130| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
12131| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
12132| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
12133| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
12134| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
12135| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
12136| [43745] OpenSSH X11 Forwarding Local Session Hijacking
12137| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
12138| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
12139| [37315] pam_usb OpenSSH Authentication Unspecified Issue
12140| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
12141| [34601] OPIE w/ OpenSSH Account Enumeration
12142| [34600] OpenSSH S/KEY Authentication Account Enumeration
12143| [32721] OpenSSH Username Password Complexity Account Enumeration
12144| [30232] OpenSSH Privilege Separation Monitor Weakness
12145| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
12146| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
12147| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
12148| [29152] OpenSSH Identical Block Packet DoS
12149| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
12150| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
12151| [22692] OpenSSH scp Command Line Filename Processing Command Injection
12152| [20216] OpenSSH with KerberosV Remote Authentication Bypass
12153| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
12154| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
12155| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
12156| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
12157| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
12158| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
12159| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
12160| [6601] OpenSSH *realloc() Unspecified Memory Errors
12161| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
12162| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
12163| [6072] OpenSSH PAM Conversation Function Stack Modification
12164| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
12165| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
12166| [5408] OpenSSH echo simulation Information Disclosure
12167| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
12168| [4536] OpenSSH Portable AIX linker Privilege Escalation
12169| [3938] OpenSSL and OpenSSH /dev/random Check Failure
12170| [3456] OpenSSH buffer_append_space() Heap Corruption
12171| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
12172| [2140] OpenSSH w/ PAM Username Validity Timing Attack
12173| [2112] OpenSSH Reverse DNS Lookup Bypass
12174| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
12175| [1853] OpenSSH Symbolic Link 'cookies' File Removal
12176| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
12177| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
12178| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
12179| [688] OpenSSH UseLogin Environment Variable Local Command Execution
12180| [642] OpenSSH Multiple Key Type ACL Bypass
12181| [504] OpenSSH SSHv2 Public Key Authentication Bypass
12182| [341] OpenSSH UseLogin Local Privilege Escalation
12183|_
121848 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
12185==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
12186SF-Port2077-TCP:V=7.80%I=7%D=11/24%Time=5DDB23D7%P=x86_64-pc-linux-gnu%r(S
12187SF:IPOptions,16B,"HTTP/1\.1\x20302\x20Moved\r\nDate:\x20Mon,\x2025\x20Nov\
12188SF:x202019\x2000:44:06\x20GMT\r\nServer:\x20cPanel\r\nPersistent-Auth:\x20
12189SF:false\r\nHost:\x20server\.akinmedya\.com\.tr:2077\r\nCache-Control:\x20
12190SF:no-cache,\x20no-store,\x20must-revalidate,\x20private\r\nConnection:\x2
12191SF:0close\r\nLocation:\x20https://server\.akinmedya\.com\.tr:2078sip:nm\r\
12192SF:nVary:\x20Accept-Encoding\r\nExpires:\x20Fri,\x2001\x20Jan\x201990\x200
12193SF:0:00:00\x20GMT\r\nX-Redirect-Reason:\x20requiressl\r\n\r\n");
12194==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
12195SF-Port2079-TCP:V=7.80%I=7%D=11/24%Time=5DDB23D7%P=x86_64-pc-linux-gnu%r(S
12196SF:IPOptions,16B,"HTTP/1\.1\x20302\x20Moved\r\nDate:\x20Mon,\x2025\x20Nov\
12197SF:x202019\x2000:44:06\x20GMT\r\nServer:\x20cPanel\r\nPersistent-Auth:\x20
12198SF:false\r\nHost:\x20server\.akinmedya\.com\.tr:2079\r\nCache-Control:\x20
12199SF:no-cache,\x20no-store,\x20must-revalidate,\x20private\r\nConnection:\x2
12200SF:0close\r\nLocation:\x20https://server\.akinmedya\.com\.tr:2080sip:nm\r\
12201SF:nVary:\x20Accept-Encoding\r\nExpires:\x20Fri,\x2001\x20Jan\x201990\x200
12202SF:0:00:00\x20GMT\r\nX-Redirect-Reason:\x20requiressl\r\n\r\n");
12203==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
12204SF-Port2082-TCP:V=7.80%I=7%D=11/24%Time=5DDB23D7%P=x86_64-pc-linux-gnu%r(S
12205SF:IPOptions,14C,"HTTP/1\.1\x20301\x20Moved\r\nContent-length:\x20129\r\nL
12206SF:ocation:\x20https://server\.akinmedya\.com\.tr:2083/sip%3anm\r\nContent
12207SF:-type:\x20text/html;\x20charset=\"utf-8\"\r\nCache-Control:\x20no-cache
12208SF:,\x20no-store,\x20must-revalidate,\x20private\r\n\r\n<html><head><META\
12209SF:x20HTTP-EQUIV=\"refresh\"\x20CONTENT=\"2;URL=https://server\.akinmedya\
12210SF:.com\.tr:2083/sip%3anm\"></head><body></body></html>\n");
12211==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
12212SF-Port2083-TCP:V=7.80%T=SSL%I=7%D=11/24%Time=5DDB238E%P=x86_64-pc-linux-g
12213SF:nu%r(GetRequest,4000,"HTTP/1\.0\x20200\x20OK\r\nConnection:\x20close\r\
12214SF:nContent-Type:\x20text/html;\x20charset=\"utf-8\"\r\nDate:\x20Mon,\x202
12215SF:5\x20Nov\x202019\x2000:42:54\x20GMT\r\nCache-Control:\x20no-cache,\x20n
12216SF:o-store,\x20must-revalidate,\x20private\r\nPragma:\x20no-cache\r\nSet-C
12217SF:ookie:\x20cprelogin=no;\x20HttpOnly;\x20expires=Thu,\x2001-Jan-1970\x20
12218SF:00:00:01\x20GMT;\x20path=/;\x20port=2083;\x20secure\r\nSet-Cookie:\x20c
12219SF:psession=%3akOsqRxTYIcQp4aES%2c9f428c5ff217307809a1afc70eea0d59;\x20Htt
12220SF:pOnly;\x20path=/;\x20port=2083;\x20secure\r\nSet-Cookie:\x20roundcube_s
12221SF:essid=expired;\x20HttpOnly;\x20expires=Thu,\x2001-Jan-1970\x2000:00:01\
12222SF:x20GMT;\x20path=/;\x20port=2083;\x20secure\r\nSet-Cookie:\x20roundcube_
12223SF:sessauth=expired;\x20HttpOnly;\x20domain=server\.akinmedya\.com\.tr;\x2
12224SF:0expires=Thu,\x2001-Jan-1970\x2000:00:01\x20GMT;\x20path=/;\x20port=208
12225SF:3;\x20secure\r\nSet-Cookie:\x20Horde=expired;\x20HttpOnly;\x20domain=\.
12226SF:server\.akinmedya\.com\.tr;\x20expires=Thu,\x2001-Jan-1970\x2000:00:01\
12227SF:x20GMT;\x20path=/;\x20port=2083;\x20secure\r\nSet-Cookie:\x20horde_secr
12228SF:et_key=expired;\x20HttpOnly;\x20domain=\.server\.akinmedya\.com\.tr;\x2
12229SF:0expires=Th")%r(HTTPOptions,4000,"HTTP/1\.0\x20200\x20OK\r\nConnection:
12230SF:\x20close\r\nContent-Type:\x20text/html;\x20charset=\"utf-8\"\r\nDate:\
12231SF:x20Mon,\x2025\x20Nov\x202019\x2000:42:55\x20GMT\r\nCache-Control:\x20no
12232SF:-cache,\x20no-store,\x20must-revalidate,\x20private\r\nPragma:\x20no-ca
12233SF:che\r\nSet-Cookie:\x20cprelogin=no;\x20HttpOnly;\x20expires=Thu,\x2001-
12234SF:Jan-1970\x2000:00:01\x20GMT;\x20path=/;\x20port=2083;\x20secure\r\nSet-
12235SF:Cookie:\x20cpsession=%3a9UFn5Ij7jrpjCmyG%2c40e2f419e319186a35c3955c3a94
12236SF:62cf;\x20HttpOnly;\x20path=/;\x20port=2083;\x20secure\r\nSet-Cookie:\x2
12237SF:0roundcube_sessid=expired;\x20HttpOnly;\x20expires=Thu,\x2001-Jan-1970\
12238SF:x2000:00:01\x20GMT;\x20path=/;\x20port=2083;\x20secure\r\nSet-Cookie:\x
12239SF:20roundcube_sessauth=expired;\x20HttpOnly;\x20domain=server\.akinmedya\
12240SF:.com\.tr;\x20expires=Thu,\x2001-Jan-1970\x2000:00:01\x20GMT;\x20path=/;
12241SF:\x20port=2083;\x20secure\r\nSet-Cookie:\x20Horde=expired;\x20HttpOnly;\
12242SF:x20domain=\.server\.akinmedya\.com\.tr;\x20expires=Thu,\x2001-Jan-1970\
12243SF:x2000:00:01\x20GMT;\x20path=/;\x20port=2083;\x20secure\r\nSet-Cookie:\x
12244SF:20horde_secret_key=expired;\x20HttpOnly;\x20domain=\.server\.akinmedya\
12245SF:.com\.tr;\x20expires=Th");
12246==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
12247SF-Port2086-TCP:V=7.80%I=7%D=11/24%Time=5DDB23D6%P=x86_64-pc-linux-gnu%r(S
12248SF:IPOptions,14C,"HTTP/1\.1\x20301\x20Moved\r\nContent-length:\x20129\r\nL
12249SF:ocation:\x20https://server\.akinmedya\.com\.tr:2087/sip%3anm\r\nContent
12250SF:-type:\x20text/html;\x20charset=\"utf-8\"\r\nCache-Control:\x20no-cache
12251SF:,\x20no-store,\x20must-revalidate,\x20private\r\n\r\n<html><head><META\
12252SF:x20HTTP-EQUIV=\"refresh\"\x20CONTENT=\"2;URL=https://server\.akinmedya\
12253SF:.com\.tr:2087/sip%3anm\"></head><body></body></html>\n");
12254==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
12255SF-Port2087-TCP:V=7.80%T=SSL%I=7%D=11/24%Time=5DDB238E%P=x86_64-pc-linux-g
12256SF:nu%r(GetRequest,4000,"HTTP/1\.0\x20200\x20OK\r\nConnection:\x20close\r\
12257SF:nContent-Type:\x20text/html;\x20charset=\"utf-8\"\r\nDate:\x20Mon,\x202
12258SF:5\x20Nov\x202019\x2000:42:54\x20GMT\r\nCache-Control:\x20no-cache,\x20n
12259SF:o-store,\x20must-revalidate,\x20private\r\nPragma:\x20no-cache\r\nSet-C
12260SF:ookie:\x20whostmgrrelogin=no;\x20HttpOnly;\x20expires=Thu,\x2001-Jan-19
12261SF:70\x2000:00:01\x20GMT;\x20path=/;\x20port=2087;\x20secure\r\nSet-Cookie
12262SF::\x20whostmgrsession=%3aoAVELYVdZMWuvMd6%2c603ece446142da2cbe1aa5bf8e20
12263SF:a897;\x20HttpOnly;\x20path=/;\x20port=2087;\x20secure\r\nSet-Cookie:\x2
12264SF:0roundcube_sessid=expired;\x20HttpOnly;\x20expires=Thu,\x2001-Jan-1970\
12265SF:x2000:00:01\x20GMT;\x20path=/;\x20port=2087;\x20secure\r\nSet-Cookie:\x
12266SF:20roundcube_sessauth=expired;\x20HttpOnly;\x20domain=server\.akinmedya\
12267SF:.com\.tr;\x20expires=Thu,\x2001-Jan-1970\x2000:00:01\x20GMT;\x20path=/;
12268SF:\x20port=2087;\x20secure\r\nSet-Cookie:\x20Horde=expired;\x20HttpOnly;\
12269SF:x20domain=\.server\.akinmedya\.com\.tr;\x20expires=Thu,\x2001-Jan-1970\
12270SF:x2000:00:01\x20GMT;\x20path=/;\x20port=2087;\x20secure\r\nSet-Cookie:\x
12271SF:20horde_secret_key=expired;\x20HttpOnly;\x20domain=\.server\.akinmedya\
12272SF:.com\.tr")%r(HTTPOptions,9541,"HTTP/1\.0\x20200\x20OK\r\nConnection:\x2
12273SF:0close\r\nContent-Type:\x20text/html;\x20charset=\"utf-8\"\r\nDate:\x20
12274SF:Mon,\x2025\x20Nov\x202019\x2000:42:55\x20GMT\r\nCache-Control:\x20no-ca
12275SF:che,\x20no-store,\x20must-revalidate,\x20private\r\nPragma:\x20no-cache
12276SF:\r\nSet-Cookie:\x20whostmgrrelogin=no;\x20HttpOnly;\x20expires=Thu,\x20
12277SF:01-Jan-1970\x2000:00:01\x20GMT;\x20path=/;\x20port=2087;\x20secure\r\nS
12278SF:et-Cookie:\x20whostmgrsession=%3a4xlkwm6Psqp7YBQn%2c8a1e6839a2c6fc66ae7
12279SF:2c0637f9febaa;\x20HttpOnly;\x20path=/;\x20port=2087;\x20secure\r\nSet-C
12280SF:ookie:\x20roundcube_sessid=expired;\x20HttpOnly;\x20expires=Thu,\x2001-
12281SF:Jan-1970\x2000:00:01\x20GMT;\x20path=/;\x20port=2087;\x20secure\r\nSet-
12282SF:Cookie:\x20roundcube_sessauth=expired;\x20HttpOnly;\x20domain=server\.a
12283SF:kinmedya\.com\.tr;\x20expires=Thu,\x2001-Jan-1970\x2000:00:01\x20GMT;\x
12284SF:20path=/;\x20port=2087;\x20secure\r\nSet-Cookie:\x20Horde=expired;\x20H
12285SF:ttpOnly;\x20domain=\.server\.akinmedya\.com\.tr;\x20expires=Thu,\x2001-
12286SF:Jan-1970\x2000:00:01\x20GMT;\x20path=/;\x20port=2087;\x20secure\r\nSet-
12287SF:Cookie:\x20horde_secret_key=expired;\x20HttpOnly;\x20domain=\.server\.a
12288SF:kinmedya\.com\.tr");
12289==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
12290SF-Port2095-TCP:V=7.80%I=7%D=11/24%Time=5DDB23D7%P=x86_64-pc-linux-gnu%r(S
12291SF:IPOptions,14C,"HTTP/1\.1\x20301\x20Moved\r\nContent-length:\x20129\r\nL
12292SF:ocation:\x20https://server\.akinmedya\.com\.tr:2096/sip%3anm\r\nContent
12293SF:-type:\x20text/html;\x20charset=\"utf-8\"\r\nCache-Control:\x20no-cache
12294SF:,\x20no-store,\x20must-revalidate,\x20private\r\n\r\n<html><head><META\
12295SF:x20HTTP-EQUIV=\"refresh\"\x20CONTENT=\"2;URL=https://server\.akinmedya\
12296SF:.com\.tr:2096/sip%3anm\"></head><body></body></html>\n");
12297==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
12298SF-Port2096-TCP:V=7.80%T=SSL%I=7%D=11/24%Time=5DDB238E%P=x86_64-pc-linux-g
12299SF:nu%r(GetRequest,96FE,"HTTP/1\.0\x20200\x20OK\r\nConnection:\x20close\r\
12300SF:nContent-Type:\x20text/html;\x20charset=\"utf-8\"\r\nDate:\x20Mon,\x202
12301SF:5\x20Nov\x202019\x2000:42:54\x20GMT\r\nCache-Control:\x20no-cache,\x20n
12302SF:o-store,\x20must-revalidate,\x20private\r\nPragma:\x20no-cache\r\nSet-C
12303SF:ookie:\x20webmailrelogin=no;\x20HttpOnly;\x20expires=Thu,\x2001-Jan-197
12304SF:0\x2000:00:01\x20GMT;\x20path=/;\x20port=2096;\x20secure\r\nSet-Cookie:
12305SF:\x20webmailsession=%3aMTuivmcdA3iE4ppO%2ca4f968f73c2bd082965350c40cd88a
12306SF:e3;\x20HttpOnly;\x20path=/;\x20port=2096;\x20secure\r\nSet-Cookie:\x20r
12307SF:oundcube_sessid=expired;\x20HttpOnly;\x20expires=Thu,\x2001-Jan-1970\x2
12308SF:000:00:01\x20GMT;\x20path=/;\x20port=2096;\x20secure\r\nSet-Cookie:\x20
12309SF:roundcube_sessauth=expired;\x20HttpOnly;\x20domain=server\.akinmedya\.c
12310SF:om\.tr;\x20expires=Thu,\x2001-Jan-1970\x2000:00:01\x20GMT;\x20path=/;\x
12311SF:20port=2096;\x20secure\r\nSet-Cookie:\x20Horde=expired;\x20HttpOnly;\x2
12312SF:0domain=\.server\.akinmedya\.com\.tr;\x20expires=Thu,\x2001-Jan-1970\x2
12313SF:000:00:01\x20GMT;\x20path=/;\x20port=2096;\x20secure\r\nSet-Cookie:\x20
12314SF:horde_secret_key=expired;\x20HttpOnly;\x20domain=\.server\.akinmedya\.c
12315SF:om\.tr;\x20")%r(HTTPOptions,4000,"HTTP/1\.0\x20200\x20OK\r\nConnection:
12316SF:\x20close\r\nContent-Type:\x20text/html;\x20charset=\"utf-8\"\r\nDate:\
12317SF:x20Mon,\x2025\x20Nov\x202019\x2000:42:55\x20GMT\r\nCache-Control:\x20no
12318SF:-cache,\x20no-store,\x20must-revalidate,\x20private\r\nPragma:\x20no-ca
12319SF:che\r\nSet-Cookie:\x20webmailrelogin=no;\x20HttpOnly;\x20expires=Thu,\x
12320SF:2001-Jan-1970\x2000:00:01\x20GMT;\x20path=/;\x20port=2096;\x20secure\r\
12321SF:nSet-Cookie:\x20webmailsession=%3agyj4LvtTFaJLL92Z%2c3ec28313541f3d4a8f
12322SF:13496ae01a8d0c;\x20HttpOnly;\x20path=/;\x20port=2096;\x20secure\r\nSet-
12323SF:Cookie:\x20roundcube_sessid=expired;\x20HttpOnly;\x20expires=Thu,\x2001
12324SF:-Jan-1970\x2000:00:01\x20GMT;\x20path=/;\x20port=2096;\x20secure\r\nSet
12325SF:-Cookie:\x20roundcube_sessauth=expired;\x20HttpOnly;\x20domain=server\.
12326SF:akinmedya\.com\.tr;\x20expires=Thu,\x2001-Jan-1970\x2000:00:01\x20GMT;\
12327SF:x20path=/;\x20port=2096;\x20secure\r\nSet-Cookie:\x20Horde=expired;\x20
12328SF:HttpOnly;\x20domain=\.server\.akinmedya\.com\.tr;\x20expires=Thu,\x2001
12329SF:-Jan-1970\x2000:00:01\x20GMT;\x20path=/;\x20port=2096;\x20secure\r\nSet
12330SF:-Cookie:\x20horde_secret_key=expired;\x20HttpOnly;\x20domain=\.server\.
12331SF:akinmedya\.com\.tr;\x20");
12332Aggressive OS guesses: Linux 3.10 - 4.11 (95%), Linux 3.18 (93%), Linux 3.2 - 4.9 (93%), Linux 3.13 (92%), Linux 3.13 or 4.2 (92%), Linux 4.10 (92%), Linux 4.2 (92%), Linux 4.4 (92%), Asus RT-AC66U WAP (92%), Linux 3.10 (92%)
12333No exact OS matches for host (test conditions non-ideal).
12334Uptime guess: 16.667 days (since Fri Nov 8 03:44:51 2019)
12335Network Distance: 13 hops
12336TCP Sequence Prediction: Difficulty=261 (Good luck!)
12337IP ID Sequence Generation: All zeros
12338Service Info: Host: server.akinmedya.com.tr; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
12339
12340TRACEROUTE (using port 1025/tcp)
12341HOP RTT ADDRESS
123421 37.38 ms 10.242.204.1
123432 88.34 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
123443 84.48 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
123454 199.76 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
123465 217.05 ms motl-b1-link.telia.net (62.115.183.72)
123476 311.19 ms nyk-bb3-link.telia.net (62.115.137.142)
123487 330.85 ms ldn-bb4-link.telia.net (62.115.112.245)
123498 393.98 ms hbg-bb4-link.telia.net (62.115.122.160)
123509 311.20 ms nug-b1-link.telia.net (62.115.113.175)
1235110 311.24 ms hetzner-ic-340780-nug-b1.c.telia.net (213.248.70.1)
1235211 394.05 ms core23.fsn1.hetzner.com (213.239.252.230)
1235312 394.06 ms ex9k2.dc10.fsn1.hetzner.com (213.239.229.58)
1235413 311.34 ms ns1.akinmedya.com (144.76.114.219)
12355
12356NSE: Script Post-scanning.
12357Initiating NSE at 19:45
12358Completed NSE at 19:45, 0.00s elapsed
12359Initiating NSE at 19:45
12360Completed NSE at 19:45, 0.00s elapsed
12361######################################################################################################################################
12362Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-24 19:45 EST
12363NSE: Loaded 47 scripts for scanning.
12364NSE: Script Pre-scanning.
12365Initiating NSE at 19:45
12366Completed NSE at 19:45, 0.00s elapsed
12367Initiating NSE at 19:45
12368Completed NSE at 19:45, 0.00s elapsed
12369Initiating Parallel DNS resolution of 1 host. at 19:45
12370Completed Parallel DNS resolution of 1 host. at 19:45, 0.02s elapsed
12371Initiating UDP Scan at 19:45
12372Scanning ns1.akinmedya.com (144.76.114.219) [15 ports]
12373Discovered open port 53/udp on 144.76.114.219
12374Completed UDP Scan at 19:46, 7.43s elapsed (15 total ports)
12375Initiating Service scan at 19:46
12376Scanning 2 services on ns1.akinmedya.com (144.76.114.219)
12377Completed Service scan at 19:47, 97.60s elapsed (2 services on 1 host)
12378Initiating OS detection (try #1) against ns1.akinmedya.com (144.76.114.219)
12379Retrying OS detection (try #2) against ns1.akinmedya.com (144.76.114.219)
12380Initiating Traceroute at 19:47
12381Completed Traceroute at 19:47, 7.09s elapsed
12382Initiating Parallel DNS resolution of 1 host. at 19:47
12383Completed Parallel DNS resolution of 1 host. at 19:47, 0.00s elapsed
12384NSE: Script scanning 144.76.114.219.
12385Initiating NSE at 19:47
12386Completed NSE at 19:48, 8.40s elapsed
12387Initiating NSE at 19:48
12388Completed NSE at 19:48, 1.01s elapsed
12389Nmap scan report for ns1.akinmedya.com (144.76.114.219)
12390Host is up (0.19s latency).
12391
12392PORT STATE SERVICE VERSION
1239353/udp open domain ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
12394| vulscan: VulDB - https://vuldb.com:
12395| [129818] ISC BIND up to 9.11.4/9.12.2 DDNS privilege escalation
12396| [129803] ISC BIND up to 9.11.1 Response Policy Zone Query Loop denial of service
12397| [129802] ISC BIND up to 9.11.0-P1 nxdomain-redirect Query Assertion denial of service
12398| [102965] ISC BIND up to 9.11.1-P1 TSIG weak authentication
12399| [102964] ISC BIND up to 9.11.1-P1 TSIG weak authentication
12400| [99868] ISC BIND up to 9.11.1rc2 Control Channel Crash denial of service
12401| [99867] ISC BIND up to 9.11.1rc1 DNS64 State Crash denial of service
12402| [99866] ISC BIND up to 9.11.1rc1 CNAME/DNAME Crash denial of service
12403| [96827] ISC BIND up to 9.11.1b1 RPZ/DNS64 State Error NULL Pointer Dereference denial of service
12404|
12405| MITRE CVE - https://cve.mitre.org:
12406| [CVE-2007-0494] ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.
12407| [CVE-2013-4869] Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0."
12408| [CVE-2013-4854] The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
12409| [CVE-2013-3919] resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone.
12410| [CVE-2013-3434] Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242.
12411| [CVE-2013-3433] Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276.
12412| [CVE-2013-3412] SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.
12413| [CVE-2013-3404] SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.
12414| [CVE-2013-3403] Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454.
12415| [CVE-2013-3402] An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.
12416| [CVE-2013-3382] The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device reload or traffic-processing outage) via fragmented (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCue88387.
12417| [CVE-2013-2266] libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
12418| [CVE-2013-1150] The authentication-proxy implementation on Cisco Adaptive Security Appliances (ASA) devices with software 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1 and 8.2 before 8.2(5.38), 8.3 before 8.3(2.37), 8.4 before 8.4(5.3), 8.5 and 8.6 before 8.6(1.10), 8.7 before 8.7(1.4), 9.0 before 9.0(1.1), and 9.1 before 9.1(1.2) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCud16590.
12419| [CVE-2013-1139] The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134.
12420| [CVE-2013-1137] Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause a denial of service (CPU consumption) via crafted packets to the SIP TCP port, aka Bug ID CSCua89930.
12421| [CVE-2013-1134] The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against transaction records, and cause a denial of service (bandwidth-pool consumption and call outage), via unspecified vectors, aka Bug ID CSCub28920.
12422| [CVE-2013-0149] The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795.
12423| [CVE-2012-5689] ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.
12424| [CVE-2012-5688] ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
12425| [CVE-2012-5166] ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
12426| [CVE-2012-4244] ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.
12427| [CVE-2012-3868] Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.
12428| [CVE-2012-3817] ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2
12429| [CVE-2012-1667] ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.
12430| [CVE-2012-1328] Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237.
12431| [CVE-2012-1033] The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
12432| [CVE-2012-0882] Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
12433| [CVE-2011-5184] Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i 9.10 allow remote attackers to inject arbitrary web script or HTML via the (1) node parameter to nnm/mibdiscover
12434| [CVE-2011-4313] query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
12435| [CVE-2011-2465] Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.
12436| [CVE-2011-2464] Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
12437| [CVE-2011-1910] Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.
12438| [CVE-2011-1907] ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query.
12439| [CVE-2011-0414] ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update.
12440| [CVE-2010-3762] ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query.
12441| [CVE-2010-3615] named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism.
12442| [CVE-2010-3614] named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover.
12443| [CVE-2010-3613] named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.
12444| [CVE-2010-0382] ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.
12445| [CVE-2010-0290] Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.
12446| [CVE-2010-0218] ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query.
12447| [CVE-2010-0097] ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
12448| [CVE-2009-4022] Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
12449| [CVE-2009-2028] Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 have unknown impact and attack vectors, related to "Adobe internally discovered issues."
12450| [CVE-2009-1905] The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.
12451| [CVE-2009-0696] The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.
12452| [CVE-2009-0265] Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025.
12453| [CVE-2008-4163] Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors.
12454| [CVE-2008-0122] Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
12455| [CVE-2007-2926] ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.
12456| [CVE-2007-2925] The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.
12457| [CVE-2007-2241] Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.
12458| [CVE-2007-0493] Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."
12459| [CVE-2002-2037] The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and earlier, (2) VSC3000 9.1 and earlier, (3) PGW 2200 9.1 and earlier, (4) Billing and Management Server (BAMS) and (5) Voice Services Provisioning Tool (VSPT) runs on default installations of Solaris 2.6 with unnecessary services and without the latest security patches, which allows attackers to exploit known vulnerabilities.
12460| [CVE-2002-0400] ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.
12461| [CVE-2001-0497] dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
12462| [CVE-2000-0855] SunFTP build 9(1) allows remote attackers to cause a denial of service by connecting to the server and disconnecting before sending a newline.
12463| [CVE-2000-0368] Classic Cisco IOS 9.1 and later allows attackers with access to the loging prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.
12464| [CVE-1999-1466] Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote attackers to bypass access control lists when extended IP access lists are used on certain interfaces, the IP route cache is enabled, and the access list uses the "established" keyword.
12465| [CVE-1999-1306] Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters.
12466| [CVE-1999-1216] Cisco routers 9.17 and earlier allow remote attackers to bypass security restrictions via certain IP source routed packets that should normally be denied using the "no ip source-route" command.
12467|
12468| SecurityFocus - https://www.securityfocus.com/bid/:
12469| [70744] Cisco ASR 901 Series Routers CVE-2014-3293 Denial of Service Vulnerability
12470| [70658] ZTE ZXDSL 931VII 'manager_dev_config_t.gch' Information Disclosure Vulnerability
12471| [61774] ISC BIND 9 SRTT Algorithm Authoritative Server Selection Security Vulnerability
12472| [61479] ISC BIND 9 DNS RDATA Handling CVE-2013-4854 Remote Denial of Service Vulnerability
12473| [58736] ISC BIND 9 'libdns' Remote Denial of Service Vulnerability
12474| [57556] ISC BIND 9 DNS64 CVE-2012-5689 Remote Denial of Service Vulnerability
12475| [56817] ISC BIND 9 DNS64 Remote Denial of Service Vulnerability
12476| [55852] ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
12477| [55522] ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
12478| [54659] ISC BIND 9 TCP Query Remote Denial of Service Vulnerability
12479| [54658] ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability
12480| [53772] ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
12481| [50690] ISC BIND 9 Recursive Queries Remote Denial of Service Vulnerability
12482| [48566] ISC BIND 9 Unspecified Packet Processing Remote Denial of Service Vulnerability
12483| [48565] ISC BIND 9 RPZ Configurations Remote Denial of Service Vulnerabilities
12484| [48007] ISC BIND 9 Large RRSIG RRsets Remote Denial of Service Vulnerability
12485| [47734] ISC BIND 9 RRSIG Query Type Remote Denial of Service Vulnerability
12486| [46491] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
12487| [45385] ISC BIND 9 DNSSEC Validation Remote Denial of Service Vulnerability
12488| [45133] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
12489| [41730] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
12490| [37865] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
12491| [37118] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
12492| [35848] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
12493| [25076] ISC BIND 9 Default ACL Settings Recursive Queries And Cached Content Security Bypass Vulnerability
12494| [25037] ISC BIND 9 Remote Cache Poisoning Vulnerability
12495| [4936] ISC BIND 9 Remote Denial Of Service Vulnerability
12496| [100656] Cisco ASR 920 Series Routers CVE-2017-6795 Local Arbitrary File Overwrite Vulnerability
12497| [97450] Cisco ASR 903 and ASR 920 Series CVE-2017-6603 Denial of Service Vulnerability
12498| [93415] Cisco Nexus 9000 Series Switches CVE-2016-1455 Remote Information Disclosure Vulnerability
12499| [82579] Cisco Nexus 9000 Series ACI Mode Switches CVE-2015-6398 Denial of Service Vulnerability
12500| [77686] Cisco Firepower 9000 Series CVE-2015-6380 Unspecified OS Command Injection Vulnerability
12501| [77635] Cisco Firepower 9000 Series CVE-2015-6371 Multiple Arbitrary File Read Vulnerabilities
12502| [77634] Cisco Firepower 9000 Series CVE-2015-6370 Local Command Injection Vulnerability
12503| [77633] Cisco Firepower 9000 Series Switches CVE-2015-6372 HTML Injection Vulnerability
12504| [77631] Cisco Firepower 9000 Series Switches CVE-2015-6374 Clickjacking Vulnerability
12505| [77629] Cisco Firepower 9000 Series CVE-2015-6369 Local Denial of Service Vulnerability
12506| [77628] Cisco Firepower 9000 CVE-2015-6373 Cross Site Request Forgery Vulnerability
12507| [77614] Cisco Firepower 9000 Series Switches CVE-2015-6368 Information Disclosure Vulnerability
12508| [76913] Cisco NX-OS Software for Nexus 9000 Series Switches CVE-2015-6308 Denial of Service Vulnerability
12509| [76791] Cisco ASR 9000 Series Aggregation Services Routers CVE-2015-6301 Denial of Service Vulnerability
12510| [76762] Cisco NX-OS Software for Nexus 9000 Series CVE-2015-6295 Denial of Service Vulnerability
12511| [76329] Cisco Nexus 9000 Series Software CVE-2015-4301 Remote Denial of Service Vulnerability
12512| [76057] Cisco Firepower 9000 Series Devices CVE-2015-4287 Information Disclosure Vulnerability
12513| [75471] Cisco Unified IP Phones 9900 Series CVE-2015-4226 Denial of Service Vulnerability
12514| [75378] Cisco NX-OS Software for Nexus 9000 Series CVE-2015-4213 Information Disclosure Vulnerability
12515| [74029] Cisco ASR 9000 Series Routers CVE-2015-0694 Remote Security Bypass Vulnerability
12516| [73895] Cisco NX-OS Software for Nexus 9000 Series CVE-2015-0686 Denial of Service Vulnerability
12517| [73470] Cisco ASR 9000 Series Routers CVE-2015-0685 Denial of Service Vulnerability
12518| [73318] Cisco ASR 9000 Series Aggregation Services Routers CVE-2015-0672 Denial of Service Vulnerability
12519| [72485] Cisco Unified IP Phones 9900 Series CVE-2015-0604 Arbitrary File Upload Vulnerability
12520| [72484] Cisco Unified IP Phones 9900 Series CVE-2015-0603 Local Denial of Service Vulnerability
12521| [72483] Cisco Unified IP Phones 9900 Series CVE-2015-0601 Local Denial of Service Vulnerability
12522| [72482] Cisco Unified IP Phones 9900 Series CVE-2015-0602 Information Disclosure Vulnerability
12523| [72481] Cisco Unified IP Phones 9900 Series CVE-2015-0600 Denial of Service Vulnerability
12524| [71979] Cisco MDS 9000 NX-OS Software CVE-2015-0582 Denial of Service Vulnerability
12525| [69057] Cisco Nexus 9000 Series Switches CVE-2014-3330 Access List Security Bypass Vulnerability
12526| [64770] Cisco Unified IP Phones 9900 Series Crafted Header Unregister Denial of Service Vulnerability
12527| [63564] Cisco MDS 9000 NX-OS Software VRRP Frames Denial of Service Vulnerability
12528| [62944] Cisco Unified IP Phones 9900 Series CVE-2013-5532 Buffer Overflow Vulnerability
12529| [62943] Cisco Unified IP Phones 9900 Series CVE-2013-5533 Local Command Injection Vulnerability
12530| [62905] Cisco Unified IP Phones 9900 Series CVE-2013-5526 Denial of Service Vulnerability
12531| [61330] Cisco Unified IP Phones 9900 Series CVE-2013-3426 Arbitrary File Download Vulnerability
12532| [49633] Oracle Application Server 9i 'httpd.conf' Information Disclosure Vulnerability
12533| [48811] Cisco ASR 9000 Series Routers IP Version 4 Denial of Service Vulnerability
12534| [48264] Aastra 9480i CT Multiple Information Disclosure Vulnerabilities
12535| [15542] NetObjects Fusion 9 Information Disclosure Vulnerability
12536| [6556] Oracle 9i Application Server Sample Scripts Information Disclosure Vulnerability
12537| [6459] Oracle 9i Application Server Java Server Page Source Code Disclosure Vulnerability
12538| [5335] Multiple Lucent Router UDP Port 9 Information Disclosure Vulnerability
12539| [4290] Oracle 9i Default Configuration File Information Disclosure Vulnerability
12540| [4034] Oracle 9IAS OracleJSP Information Disclosure Vulnerability
12541| [3848] Mandrake Bind 9 Package Insecure File Permissions Vulnerability
12542| [2516] Microsoft Plus! 98 Windows ME Password Disclosure Vulnerability
12543|
12544| IBM X-Force - https://exchange.xforce.ibmcloud.com:
12545| [85799] Cisco Unified IP Phones 9900 Series directory traversal
12546| [75412] Cisco Unified IP Phones 9900 series RT privilege escalation
12547| [68733] Cisco 9000 Series Aggregation Service Router IPv4 packet denial of service
12548| [9704] Multiple Lucent router UDP port 9 could disclose sensitive information
12549| [9250] BIND 9 dns_message_findtype() denial of service
12550| [1852] BIND prior to 4.9.7 buffer overflow affects Digital Firewall 97 users
12551| [539] Microsoft Windows 95 and Internet Explorer password disclosure
12552| [86004] ISC BIND RDATA denial of service
12553| [84767] ISC BIND denial of service
12554| [83066] ISC BIND denial of service
12555| [81504] ISC BIND AAAA denial of service
12556| [80510] ISC BIND DNS64 denial of service
12557| [79121] ISC BIND queries denial of service
12558| [78479] ISC BIND RDATA denial of service
12559| [77185] ISC BIND TCP queries denial of service
12560| [77184] ISC BIND bad cache denial of service
12561| [76034] ISC BIND rdata denial of service
12562| [73053] ISC BIND cache update policy security bypass
12563| [71332] ISC BIND recursive queries denial of service
12564| [68375] ISC BIND UPDATE denial of service
12565| [68374] ISC BIND Response Policy Zones denial of service
12566| [67665] ISC BIND RRSIG Rrsets denial of service
12567| [67297] ISC BIND RRSIG denial of service
12568| [65554] ISC BIND IXFR transfer denial of service
12569| [63602] ISC BIND allow-query security bypass
12570| [63596] ISC BIND zone data security bypass
12571| [63595] ISC BIND RRSIG denial of service
12572| [62072] ISC BIND DNSSEC query denial of service
12573| [62071] ISC BIND ACL security bypass
12574| [61871] ISC BIND anchors denial of service
12575| [60421] ISC BIND RRSIG denial of service
12576| [56049] ISC BIND out-of-bailiwick weak security
12577| [55937] ISC Bind unspecified cache poisoning
12578| [55753] ISC BIND DNSSEC NSEC/NSEC3 cache poisoning
12579| [54416] ISC BIND DNSSEC cache poisoning
12580| [52073] ISC BIND dns_db_findrdataset() denial of service
12581| [47409] Multiple Mozilla products XBL loadBindingDocument information disclosure
12582| [45234] ISC BIND UDP denial of service
12583| [39670] ISC BIND inet_network buffer overflow
12584| [37233] libgssapi ISC BIND Novell SUSE Linux Enterprise Server GSS-TSIG request denial of service
12585| [37128] RHSA update for ISC BIND RRset denial of service not installed
12586| [37127] RHSA update for ISC BIND named service denial of service not installed
12587| [36275] ISC BIND DNS query spoofing
12588| [35575] ISC BIND query ID cache poisoning
12589| [35571] ISC BIND ACL security bypass
12590| [31838] ISC BIND RRset denial of service
12591| [31799] ISC BIND named service denial of service
12592| [29876] HP Tru64 ypbind core dump information disclosure
12593| [28745] ISC BIND DNSSEC RRset denial of service
12594| [28744] ISC BIND recursive INSIST denial of service
12595| [22041] BEA WebLogic Server and Express LDAP anonymous bind information disclosure
12596| [18836] BIND hostname disclosure
12597| [10624] ISC BIND DNS stub resolver library (libresolv.a) stack buffer overflows
12598| [10333] ISC BIND SIG null pointer dereference denial of service
12599| [10332] ISC BIND OPT resource record (RR) denial of service
12600| [10304] ISC BIND SIG cached resource records (RR) heap buffer overflow
12601| [7027] Cisco CBOS Web-based configuration utility binds to port 80 by default
12602| [5814] ISC BIND "
12603| [5540] ISC BIND can be remotely crashed by issuing ZXFR requests
12604| [5462] ISC BIND AXFR host command remote buffer overflow
12605|
12606| Exploit-DB - https://www.exploit-db.com:
12607| [25305] ColdFusion 9-10 - Credential Disclosure Exploit
12608| [9300] ISC BIND 9 Remote Dynamic Update Message Denial of Service PoC
12609| [24689] cPanel 9.9.1 -R3 Front Page Extension Installation Information Disclosure
12610| [23059] Netbula Anyboard 9.9.5 6 Information Disclosure Vulnerability
12611| [21812] MS Word 95/97/98/2000/2002 INCLUDEPICTURE Document Sharing File Disclosure
12612| [21764] MS Word 95/97/98/2000/2002 Excel 2002 INCLUDETEXT Document Sharing File Disclosure
12613| [19877] FrontPage 98/Personal WebServer 1.0,Personal Web Server 2.0 htimage.exe File Existence Disclosure
12614| [17376] Aastra IP Phone 9480i Web Interface Data disclosure Vulnerability
12615| [13448] linux/x86 portbind port 5074 92 bytes
12616| [13388] linux/x86 Bind /bin/sh to 31337/tcp + fork() 98 bytes
12617| [13360] linux/x86 setuid/portbind shellcode 96 bytes
12618| [13245] bsd/x86 setuid/portbind shellcode 94 bytes
12619| [10638] Web Wiz Forums 9.64 - Database Disclosure Vulnerability
12620| [6775] Solaris 9 PortBind XDR-DECODE taddr2uaddr() Remote DoS Exploit
12621| [6236] BIND 9.5.0-P2 (randomized ports) Remote DNS Cache Poisoning Exploit
12622| [6130] BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c)
12623| [6123] BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py)
12624| [6122] BIND 9.4.1-9.4.2 - Remote DNS Cache Poisoning Flaw Exploit (meta)
12625| [4292] Diskeeper 9 Remote Memory Disclosure Exploit
12626| [4266] BIND 9 0.3beta - DNS Cache Poisoning Exploit
12627|
12628| OpenVAS (Nessus) - http://www.openvas.org:
12629| [103090] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
12630| [103031] ISC BIND 9 < 9.7.2-P2 Multiple Vulnerabilities
12631| [103030] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
12632| [100717] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
12633| [100458] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
12634| [100362] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
12635| [100251] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
12636| [63208] Fedora Core 9 FEDORA-2009-0350 (bind)
12637| [11226] Oracle 9iAS default error information disclosure
12638|
12639| SecurityTracker - https://www.securitytracker.com:
12640| [1025811] Cisco ASR 9000 Series Router IPv4 Packet Processing Flaw Lets Remote Users Deny Service
12641| [1012995] BIND 9 Validator Assumption Error May Let Remote Users Deny Service
12642| [1005048] Oracle Enterprise Manager Web Service Component of Oracle 9i Application Server Discloses the Web Cache Administrator Password to Local Users
12643| [1003675] Oracle 9iAS Application Server Discloses CGI-BIN Script Source Code to Remote Users
12644| [1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords
12645| [1028901] (McAfee Issues Advisory for McAfee Email Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
12646| [1028900] (McAfee Issues Advisory for McAfee Email and Web Security Appliance) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
12647| [1028899] (McAfee Issues Fix for McAfee Web Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
12648| [1028866] (McAfee Issues Fix for McAfee Firewall Enterprise) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
12649| [1028854] (NetBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
12650| [1028849] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
12651| [1028848] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
12652| [1028839] (FreeBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
12653| [1028838] ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
12654| [1028632] ISC BIND RUNTIME_CHECK Error Lets Remote Users Deny Service Against Recursive Resolvers
12655| [1028046] ISC BIND DNS64 and Response Policy Zones (RPZ) Bug Lets Remote Users Deny Service
12656| [1027835] ISC BIND DNS64 Bug Lets Remote Users Deny Service
12657| [1027642] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
12658| [1027529] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
12659| [1026647] ISC BIND Cache Update Policy Can Be Bypassed to Allow Revoked Domain Names to Remain Resolvable
12660| [1026335] ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service
12661| [1025743] ISC BIND Response Policy Zones DNAME/CNAME Processing Flaw Lets Remote Users Deny Service
12662| [1025742] ISC BIND Packet Processing Flaw Lets Remote Users Deny Service
12663| [1015850] Samba winbindd Daemon Discloses Server Password to Local Users
12664| [1003359] BindView NETinventory Discloses Password to Local Users During Auditing
12665| [1001721] BIND Domain Name System Software May Disclose DNS Transactional Signature (TSIG) Keys to Local Users
12666|
12667| OSVDB - http://www.osvdb.org:
12668| [95373] Cisco Unified IP Phones 9900 Series Serviceability Servlet Path Value Handling Arbitrary File Access
12669| [86219] Cardiac Science G3 Plus 9390A-501 AED AEDUpdate Cleartext Password Local Disclosure
12670| [76009] Cisco IOS DLSw FST IP Protocol 91 Packet Memory Leak Remote DoS
12671| [73985] Cisco ASR 9000 Series Line Card IPv4 Packet Parsing Remote DoS
12672| [72941] Aastra 9480i IP Phone Multiple Configuration File Direct Request Information Disclosure
12673| [34520] Cisco Linksys Multiple Router UDP 916 Remote Information Disclosure
12674| [22517] MPN HP-180W Wireless IP Phone UDP Port 9090 Information Disclosure
12675| [22516] ZyXEL P-2000W_v2 VoIP Wi-Fi Phone UDP Port 9090 Information Disclosure
12676| [21292] ZyXEL P2000W UDP 9090 Remote Information Disclosure
12677| [18220] Oracle 9iAS httpd.confg /perl Location Alias Arbitrary CGI File Script Disclosure
12678| [18218] Oracle 9iAS echo2 Sample Application Information Disclosure
12679| [18217] Oracle 9iAS echo Sample Application Information Disclosure
12680| [18216] Oracle 9iAS printenv Sample Application Information Disclosure
12681| [18215] Oracle 9iAS info.jsp Sample Application Information Disclosure
12682| [6674] Microsoft Office 98 for Macintosh Disk Space Information Disclosure
12683| [3108] Microsoft Office 98 Macintosh Information Disclosure
12684| [1146] Microsoft Windows 9x Credential Cache Cleartext Password Disclosure
12685| [665] Microsoft Windows 95 Online Registration Information Disclosure
12686| [95707] ISC BIND rdata.c RFC 5011 Implementation Malformed RDATA Section Handling Remote DoS
12687| [93913] ISC BIND Recursive Resolver resolver.c Malformed Zone Query Handling Remote DoS
12688| [91712] ISC BIND Crafted Regular Expression Handling Memory Exhaustion Remote DoS
12689| [89584] ISC BIND DNS64 Nameserver Response Policy Zone (RPZ) AAAA Record Query Remapping Remote DoS
12690| [89401] Foswiki LocalSite.cfg LDAP BindPassword Plaintext Local Disclosure
12691| [88126] ISC BIND DNS64 IPv6 Transition Mechanism DNS Query Parsing Remote DoS
12692| [86118] ISC BIND Nameserver RDATA Record Query Parsing Remote DoS
12693| [85417] ISC BIND Assertion Error Resource Record RDATA Query Parsing Remote DoS
12694| [84229] ISC BIND Memory Leak TCP Query Parsing ns_client Object Out-of-memory Remote DoS
12695| [84228] ISC BIND Query Handling Bad Cache Data Structure Assertion Remote DoS
12696| [82609] ISC BIND named DNS Resource Record Zero Length Rdata Handling Remote Information Disclosure
12697| [78916] ISC BIND Cache Update Policy Deleted Domain Name Resolving Weakness
12698| [77159] ISC BIND Recursive Query Parsing Remote DoS
12699| [73605] ISC BIND UPDATE Request Parsing Remote DoS
12700| [73604] ISC BIND Response Policy Zones (RPZ) DNAME / CNAME Parsing Remote DoS
12701| [72540] ISC BIND Caching Resolver Large RRSIG RRsets Negative Caching Remote DoS
12702| [72539] ISC BIND Authoritative Server Crafted IXFR / DDNS Query Update Deadlock DoS
12703| [72172] ISC BIND Response Policy Zones RRSIG Query Assertion Failure DoS
12704| [69568] ISC BIND named allow-query ACL Restriction Bypass
12705| [69559] ISC BIND named Key Algorithm Rollover Weakness
12706| [69558] ISC BIND named RRSIG Negative Caching DoS
12707| [68271] ISC BIND DNSSEC Query Validation Response Signature Handling Remote DoS
12708| [68270] ISC BIND ACL Application Weakness Cache Recursion Access Restriction Bypass
12709| [66395] ISC BIND RRSIG Requests Infinite Loop DoS
12710| [63373] Apple Mac OS X Server Admin Authenticated Directory Binding Handling Unspecified Open Directory Information Disclosure
12711| [62008] ISC BIND Secure Response Refetch Weakness Unspecified Issue
12712| [62007] ISC BIND Recursive Client Query CNAME / DNAME Response DNS Cache Poisoning
12713| [61853] ISC BIND DNSSEC Validation Crafted NXDOMAIN Request Cache Poisoning
12714| [60493] ISC BIND DNSSEC Recursive Query Additional Section Cache Poisoning
12715| [59272] ISC BIND named Multiple Symlink Arbitrary File Overwrite
12716| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
12717| [57060] ISC BIND DNS Message Malformed TSIG Remote DoS
12718| [56584] ISC BIND Dynamic Update Message Handling Remote DoS
12719| [56411] GNU wget DNS Rebinding Information Disclosure Weakness
12720| [53115] ISC BIND EVP_VerifyFinal() / DSA_do_verify() SSL/TLS Signature Validation Weakness
12721| [48243] ISC BIND for Windows UDP Client Handler Remote DoS
12722| [46776] ISC BIND DNS Query ID Field Prediction Cache Poisoning
12723| [42655] ISC BIND on Red Hat Linux /etc/rndc.key Insecure File Permission Local named Manipulation
12724| [41211] ISC BIND libbind inet_network() Function Off-By-One Memory Corruption
12725| [40935] ISC BIND on SUSE Linux Enterprise Server libgssapi named GSS-TSIG Request Remote DoS
12726| [37301] ISC BIND Signed Zone Signature Verification Remote DoS
12727| [36796] ISC BIND Outgoing Query Predictable DNS Query ID
12728| [36236] ISC BIND allow-query-cache/allow-recursion ACL Bypass
12729| [36235] ISC BIND Predictable DNS Query IDs Cache Poisoning
12730| [34753] ISC BIND stub Resolver libbind Crafted Query Remote DoS
12731| [34752] ISC BIND so_linger Remote DoS
12732| [34751] ISC BIND Malformed SIG Record Remote DoS
12733| [34750] ISC BIND Malformed NAPTR Record Local DoS
12734| [34749] ISC BIND named maxdname DoS
12735| [34748] ISC BIND query.c query_addsoa Function Unspecified Recursive Query DoS
12736| [31923] ISC BIND Crafted ANY Request Response Multiple RRsets DoS
12737| [31922] ISC BIND Unspecified Freed Fetch Context Dereference DoS
12738| [28558] ISC BIND Recursive Query Saturation DoS
12739| [28557] ISC BIND SIG Query Multiple RRsets Response DoS
12740| [25895] ISC BIND Cached Recursive Query DoS
12741| [24263] Samba winbindd Debug Log Server Credentials Local Disclosure
12742| [21353] BindView NetInventory HOSTCFG._NI Deletion Cleartext Password Disclosure
12743| [14878] ISC BIND rdataset Parameter Malformed DNS Packet DoS
12744| [14877] ISC BIND stub Resolver Libraries Malformed DNS Response DoS
12745| [14795] ISC BIND TSIG Handling Code Remote Overflow
12746| [14432] ISC BIND Multiple DNS Resolver Functions Remote Overflow
12747| [13752] ISC BIND host Command AXFR Response Remote Overflow
12748| [13176] ISC BIND q_usedns Array Remote Overflow DoS
12749| [13175] ISC BIND dnssec authvalidated Crafted Packet Remote DoS
12750| [9736] ISC BIND fdmax File Descriptor Consumption DoS
12751| [9735] ISC BIND -DALLOW_UPDATES Option Remote Record Modification
12752| [9734] ISC BIND CNAME Record Zone Transfer DoS
12753| [9733] ISC BIND Malformed DNS Message DoS
12754| [9725] ISC BIND SIG RR Elements Invalid Expirty Times DoS
12755| [9724] ISC BIND OPT Resource Record Large UDP Payload DoS
12756| [9723] Multiple Vendor LDAP Server NULL Bind Connection Information Disclosure
12757| [8330] ISC BIND DNS stub resolver (libresolv.a) DNS Response Overflow
12758| [7990] ISC BIND gethostbyname() DNS Handling Remote Overflow
12759| [5828] ISC BIND named SRV Remote DoS
12760| [5609] ISC BIND dnskeygen HMAC-MD5 Shared Secret Key File Disclosure
12761| [2866] ISC BIND Negative Record Cache Poisoning
12762| [1751] ISC BIND Environment Variable Information Disclosure
12763| [1747] ISC BIND 4 nslookupComplain() Remote Format String
12764| [1746] ISC BIND 4 nslookupComplain() Remote Overflow
12765| [913] ISC BIND Inverse-Query Remote Overflow
12766| [869] ISC BIND named SIG Resource Server Response RR Overflow
12767| [448] ISC BIND Compressed ZXFR Name Service Query Remote DoS
12768| [438] ISC BIND Predictable Query ID DNS Cache Poisoning
12769| [24] ISC BIND NXT Record Overflow
12770|_
1277167/udp open|filtered dhcps
1277268/udp closed dhcpc
1277369/udp closed tftp
1277488/udp closed kerberos-sec
12775123/udp closed ntp
12776137/udp filtered netbios-ns
12777138/udp filtered netbios-dgm
12778139/udp closed netbios-ssn
12779161/udp closed snmp
12780162/udp closed snmptrap
12781389/udp closed ldap
12782500/udp closed isakmp
12783520/udp closed route
127842049/udp closed nfs
12785Too many fingerprints match this host to give specific OS details
12786Network Distance: 13 hops
12787Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
12788
12789TRACEROUTE (using port 137/udp)
12790HOP RTT ADDRESS
127911 ... 3
127924 18.53 ms 10.242.204.1
127935 ... 6
127947 38.88 ms 10.242.204.1
127958 50.14 ms 10.242.204.1
127969 50.14 ms 10.242.204.1
1279710 50.13 ms 10.242.204.1
1279811 50.10 ms 10.242.204.1
1279912 35.90 ms 10.242.204.1
1280013 17.73 ms 10.242.204.1
1280114 ... 18
1280219 17.69 ms 10.242.204.1
1280320 17.57 ms 10.242.204.1
1280421 ... 27
1280528 19.31 ms 10.242.204.1
1280629 20.45 ms 10.242.204.1
1280730 22.73 ms 10.242.204.1
12808
12809NSE: Script Post-scanning.
12810Initiating NSE at 19:48
12811Completed NSE at 19:48, 0.00s elapsed
12812Initiating NSE at 19:48
12813Completed NSE at 19:48, 0.00s elapsed
12814#######################################################################################################################################
12815[+] URL: http://www.turkmenajans.net/
12816[+] Started: Sun Nov 24 17:52:59 2019
12817
12818Interesting Finding(s):
12819
12820[+] http://www.turkmenajans.net/
12821 | Interesting Entries:
12822 | - X-LiteSpeed-Cache: hit
12823 | - Server: LiteSpeed
12824 | Found By: Headers (Passive Detection)
12825 | Confidence: 100%
12826
12827[+] http://www.turkmenajans.net/robots.txt
12828 | Interesting Entries:
12829 | - /wp-admin/
12830 | - /wp-admin/admin-ajax.php
12831 | Found By: Robots Txt (Aggressive Detection)
12832 | Confidence: 100%
12833
12834[+] http://www.turkmenajans.net/xmlrpc.php
12835 | Found By: Link Tag (Passive Detection)
12836 | Confidence: 100%
12837 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
12838 | References:
12839 | - http://codex.wordpress.org/XML-RPC_Pingback_API
12840 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
12841 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
12842 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
12843 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
12844
12845[+] http://www.turkmenajans.net/readme.html
12846 | Found By: Direct Access (Aggressive Detection)
12847 | Confidence: 100%
12848
12849[+] http://www.turkmenajans.net/wp-cron.php
12850 | Found By: Direct Access (Aggressive Detection)
12851 | Confidence: 60%
12852 | References:
12853 | - https://www.iplocation.net/defend-wordpress-from-ddos
12854 | - https://github.com/wpscanteam/wpscan/issues/1299
12855
12856[+] WordPress version 5.1.1 identified (Insecure, released on 2019-03-13).
12857 | Found By: Rss Generator (Passive Detection)
12858 | - https://www.turkmenajans.net/feed/, <generator>https://wordpress.org/?v=5.1.1</generator>
12859 | Confirmed By: Atom Generator (Passive Detection)
12860 | - https://www.turkmenajans.net/feed/atom/, <generator uri="https://wordpress.org/" version="5.1.1">WordPress</generator>
12861
12862[+] WordPress theme in use: HaberMatikV2
12863 | Location: http://www.turkmenajans.net/wp-content/themes/HaberMatikV2/
12864 | Style URL: http://www.turkmenajans.net/wp-content/themes/HaberMatikV2/style.css
12865 | Style Name: HaberMatik
12866 | Style URI: http://www.habermatik.net
12867 | Description: WordPress Haber Teması...
12868 | Author: AKIN MEDYA
12869 | Author URI: http://www.akinmedya.com.tr
12870 |
12871 | Found By: Css Style In Homepage (Passive Detection)
12872 | Confirmed By: Css Style In 404 Page (Passive Detection)
12873 |
12874 | Version: 2.3 (80% confidence)
12875 | Found By: Style (Passive Detection)
12876 | - http://www.turkmenajans.net/wp-content/themes/HaberMatikV2/style.css, Match: 'Version: 2.3'
12877
12878[+] Enumerating All Plugins (via Passive Methods)
12879[+] Checking Plugin Versions (via Passive and Aggressive Methods)
12880
12881[i] Plugin(s) Identified:
12882
12883[+] all-in-one-seo-pack
12884 | Location: http://www.turkmenajans.net/wp-content/plugins/all-in-one-seo-pack/
12885 | Last Updated: 2019-11-18T17:28:00.000Z
12886 | [!] The version is out of date, the latest version is 3.3.3
12887 |
12888 | Found By: Comment (Passive Detection)
12889 |
12890 | Version: 2.12 (100% confidence)
12891 | Found By: Comment (Passive Detection)
12892 | - http://www.turkmenajans.net/, Match: 'All in One SEO Pack 2.12 by'
12893 | Confirmed By: Readme - Stable Tag (Aggressive Detection)
12894 | - http://www.turkmenajans.net/wp-content/plugins/all-in-one-seo-pack/readme.txt
12895
12896[+] Enumerating Config Backups (via Passive and Aggressive Methods)
12897 Checking Config Backups - Time: 00:00:01 <=============> (21 / 21) 100.00% Time: 00:00:01
12898
12899[i] No Config Backups Found.
12900
12901[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
12902[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
12903
12904[+] Finished: Sun Nov 24 17:53:12 2019
12905[+] Requests Done: 56
12906[+] Cached Requests: 7
12907[+] Data Sent: 11.581 KB
12908[+] Data Received: 349.172 KB
12909[+] Memory used: 176.368 MB
12910[+] Elapsed time: 00:00:13
12911#######################################################################################################################################
12912[+] URL: http://www.turkmenajans.net/
12913[+] Started: Sun Nov 24 17:53:04 2019
12914
12915Interesting Finding(s):
12916
12917[+] http://www.turkmenajans.net/
12918 | Interesting Entries:
12919 | - X-LiteSpeed-Cache: hit
12920 | - Server: LiteSpeed
12921 | Found By: Headers (Passive Detection)
12922 | Confidence: 100%
12923
12924[+] http://www.turkmenajans.net/robots.txt
12925 | Interesting Entries:
12926 | - /wp-admin/
12927 | - /wp-admin/admin-ajax.php
12928 | Found By: Robots Txt (Aggressive Detection)
12929 | Confidence: 100%
12930
12931[+] http://www.turkmenajans.net/xmlrpc.php
12932 | Found By: Link Tag (Passive Detection)
12933 | Confidence: 100%
12934 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
12935 | References:
12936 | - http://codex.wordpress.org/XML-RPC_Pingback_API
12937 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
12938 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
12939 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
12940 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
12941
12942[+] http://www.turkmenajans.net/readme.html
12943 | Found By: Direct Access (Aggressive Detection)
12944 | Confidence: 100%
12945
12946[+] http://www.turkmenajans.net/wp-cron.php
12947 | Found By: Direct Access (Aggressive Detection)
12948 | Confidence: 60%
12949 | References:
12950 | - https://www.iplocation.net/defend-wordpress-from-ddos
12951 | - https://github.com/wpscanteam/wpscan/issues/1299
12952
12953[+] WordPress version 5.1.1 identified (Insecure, released on 2019-03-13).
12954 | Found By: Rss Generator (Passive Detection)
12955 | - https://www.turkmenajans.net/feed/, <generator>https://wordpress.org/?v=5.1.1</generator>
12956 | Confirmed By: Atom Generator (Passive Detection)
12957 | - https://www.turkmenajans.net/feed/atom/, <generator uri="https://wordpress.org/" version="5.1.1">WordPress</generator>
12958
12959[+] WordPress theme in use: HaberMatikV2
12960 | Location: http://www.turkmenajans.net/wp-content/themes/HaberMatikV2/
12961 | Style URL: http://www.turkmenajans.net/wp-content/themes/HaberMatikV2/style.css
12962 | Style Name: HaberMatik
12963 | Style URI: http://www.habermatik.net
12964 | Description: WordPress Haber Teması...
12965 | Author: AKIN MEDYA
12966 | Author URI: http://www.akinmedya.com.tr
12967 |
12968 | Found By: Css Style In Homepage (Passive Detection)
12969 | Confirmed By: Css Style In 404 Page (Passive Detection)
12970 |
12971 | Version: 2.3 (80% confidence)
12972 | Found By: Style (Passive Detection)
12973 | - http://www.turkmenajans.net/wp-content/themes/HaberMatikV2/style.css, Match: 'Version: 2.3'
12974
12975[+] Enumerating Users (via Passive and Aggressive Methods)
12976 Brute Forcing Author IDs - Time: 00:00:02 <==> (10 / 10) 100.00% Time: 00:00:02
12977
12978[i] User(s) Identified:
12979
12980[+] admin
12981 | Found By: Rss Generator (Passive Detection)
12982 | Confirmed By:
12983 | Wp Json Api (Aggressive Detection)
12984 | - https://www.turkmenajans.net/wp-json/wp/v2/users/?per_page=100&page=1
12985 | Rss Generator (Aggressive Detection)
12986 | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
12987
12988[+] demo
12989 | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
12990
12991[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
12992[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
12993
12994[+] Finished: Sun Nov 24 17:53:15 2019
12995[+] Requests Done: 30
12996[+] Cached Requests: 31
12997[+] Data Sent: 6.595 KB
12998[+] Data Received: 348.724 KB
12999[+] Memory used: 165.4 MB
13000[+] Elapsed time: 00:00:10
13001######################################################################################################################################
13002[+] URL: http://www.turkmenajans.net/
13003[+] Started: Sun Nov 24 17:58:30 2019
13004
13005Interesting Finding(s):
13006
13007[+] http://www.turkmenajans.net/
13008 | Interesting Entries:
13009 | - X-LiteSpeed-Cache: hit
13010 | - Server: LiteSpeed
13011 | Found By: Headers (Passive Detection)
13012 | Confidence: 100%
13013
13014[+] http://www.turkmenajans.net/robots.txt
13015 | Interesting Entries:
13016 | - /wp-admin/
13017 | - /wp-admin/admin-ajax.php
13018 | Found By: Robots Txt (Aggressive Detection)
13019 | Confidence: 100%
13020
13021[+] http://www.turkmenajans.net/xmlrpc.php
13022 | Found By: Link Tag (Passive Detection)
13023 | Confidence: 100%
13024 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
13025 | References:
13026 | - http://codex.wordpress.org/XML-RPC_Pingback_API
13027 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
13028 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
13029 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
13030 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
13031
13032[+] http://www.turkmenajans.net/readme.html
13033 | Found By: Direct Access (Aggressive Detection)
13034 | Confidence: 100%
13035
13036[+] http://www.turkmenajans.net/wp-cron.php
13037 | Found By: Direct Access (Aggressive Detection)
13038 | Confidence: 60%
13039 | References:
13040 | - https://www.iplocation.net/defend-wordpress-from-ddos
13041 | - https://github.com/wpscanteam/wpscan/issues/1299
13042
13043[+] WordPress version 5.1.1 identified (Insecure, released on 2019-03-13).
13044 | Found By: Rss Generator (Passive Detection)
13045 | - https://www.turkmenajans.net/feed/, <generator>https://wordpress.org/?v=5.1.1</generator>
13046 | Confirmed By: Atom Generator (Passive Detection)
13047 | - https://www.turkmenajans.net/feed/atom/, <generator uri="https://wordpress.org/" version="5.1.1">WordPress</generator>
13048
13049[+] WordPress theme in use: HaberMatikV2
13050 | Location: http://www.turkmenajans.net/wp-content/themes/HaberMatikV2/
13051 | Style URL: http://www.turkmenajans.net/wp-content/themes/HaberMatikV2/style.css
13052 | Style Name: HaberMatik
13053 | Style URI: http://www.habermatik.net
13054 | Description: WordPress Haber Teması...
13055 | Author: AKIN MEDYA
13056 | Author URI: http://www.akinmedya.com.tr
13057 |
13058 | Found By: Css Style In Homepage (Passive Detection)
13059 | Confirmed By: Css Style In 404 Page (Passive Detection)
13060 |
13061 | Version: 2.3 (80% confidence)
13062 | Found By: Style (Passive Detection)
13063 | - http://www.turkmenajans.net/wp-content/themes/HaberMatikV2/style.css, Match: 'Version: 2.3'
13064
13065[+] Enumerating Users (via Passive and Aggressive Methods)
13066 Brute Forcing Author IDs - Time: 00:00:00 <============> (10 / 10) 100.00% Time: 00:00:00
13067
13068[i] User(s) Identified:
13069
13070[+] admin
13071 | Found By: Rss Generator (Passive Detection)
13072 | Confirmed By:
13073 | Wp Json Api (Aggressive Detection)
13074 | - https://www.turkmenajans.net/wp-json/wp/v2/users/?per_page=100&page=1
13075 | Rss Generator (Aggressive Detection)
13076 | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
13077
13078[+] demo
13079 | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
13080
13081[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
13082[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
13083
13084[+] Finished: Sun Nov 24 18:00:00 2019
13085[+] Requests Done: 15
13086[+] Cached Requests: 46
13087[+] Data Sent: 3.069 KB
13088[+] Data Received: 67.385 KB
13089[+] Memory used: 164.896 MB
13090[+] Elapsed time: 00:01:30
13091#######################################################################################################################################
13092[INFO] ------TARGET info------
13093[*] TARGET: http://www.turkmenajans.net/
13094[*] TARGET IP: 144.76.114.219
13095[INFO] NO load balancer detected for www.turkmenajans.net...
13096[*] DNS servers: turkmenajans.net.
13097[*] TARGET server: LiteSpeed
13098[*] CC: DE
13099[*] Country: Germany
13100[*] RegionCode: SN
13101[*] RegionName: Saxony
13102[*] City: Falkenstein
13103[*] ASN: AS24940
13104[*] BGP_PREFIX: 144.76.0.0/16
13105[*] ISP: HETZNER-AS Hetzner Online GmbH, DE
13106[INFO] DNS enumeration:
13107[*] ftp.turkmenajans.net 144.76.114.219
13108[*] mail.turkmenajans.net turkmenajans.net. 144.76.114.219
13109[*] webmail.turkmenajans.net 144.76.114.219
13110[INFO] Possible abuse mails are:
13111[*] abuse@turkmenajans.net
13112[*] abuse@www.turkmenajans.net
13113[INFO] NO PAC (Proxy Auto Configuration) file FOUND
13114[ALERT] robots.txt file FOUND in http://www.turkmenajans.net/robots.txt
13115[INFO] Checking for HTTP status codes recursively from http://www.turkmenajans.net/robots.txt
13116[INFO] Status code Folders
13117[*] 200 http://www.turkmenajans.net/wp-admin/
13118[INFO] Starting FUZZing in http://www.turkmenajans.net/FUzZzZzZzZz...
13119[INFO] Status code Folders
13120[ALERT] Look in the source code. It may contain passwords
13121[INFO] Links found from http://www.turkmenajans.net/ http://144.76.114.219/:
13122[*] http://144.76.114.219/cgi-sys/defaultwebpage.cgi
13123[*] https://plus.google.com/+HüseyinBozan
13124[*] https://twitter.com/huseyinbozan?ref_src=twsrc^tfw
13125[*] https://www.akinmedya.com.tr/
13126[*] https://www.turkmenajans.net/
13127[*] https://www.turkmenajans.net/bati-turkmeneli-dernegi-yeni-yerine-tasindi/
13128[*] https://www.turkmenajans.net/bir-defter-bir-kalem-ile-bir-cocuk-okut/
13129[*] https://www.turkmenajans.net/cobanbeyde-7000-kisiye-istihdam-saglayacak-dev-proje/
13130[*] https://www.turkmenajans.net/cobanbey-saldirisini-planlayan-teroristler-yakalandi/
13131[*] https://www.turkmenajans.net/cumhurbaskani-erdogan-suriye-konulu-uclu-zirve-sonrasi-aciklama-yapti-erdogan-suriyede-cozum-umudu-hic-bu-kadar-filizlenmedi-dedi-cumhurbaskani-erdogan-suriyede-cozum-umudu-hic-bu-kadar/
13132[*] https://www.turkmenajans.net/feed
13133[*] https://www.turkmenajans.net/feed/
13134[*] https://www.turkmenajans.net/feed/atom/
13135[*] https://www.turkmenajans.net/feed/rss/
13136[*] https://www.turkmenajans.net/firat-kalkani-harekatiyla-terorden-temizlenen-bolgelerde-suc-orani-yuzde-2ye-dustu/
13137[*] https://www.turkmenajans.net/gazete-mansetleri/
13138[*] https://www.turkmenajans.net/giris
13139[*] https://www.turkmenajans.net/giris/
13140[*] https://www.turkmenajans.net/hersey-vatan-icin/
13141[*] https://www.turkmenajans.net/iki-farkli-besiktas/
13142[*] https://www.turkmenajans.net/iletisim
13143[*] https://www.turkmenajans.net/iletisim/
13144[*] https://www.turkmenajans.net/kategori/dunya/
13145[*] https://www.turkmenajans.net/kategori/egitim/
13146[*] https://www.turkmenajans.net/kategori/ekonomi/
13147[*] https://www.turkmenajans.net/kategori/foto-galeri/
13148[*] https://www.turkmenajans.net/kategori/gundem/
13149[*] https://www.turkmenajans.net/kategori/spor/
13150[*] https://www.turkmenajans.net/kategori/teknoloji/
13151[*] https://www.turkmenajans.net/kategori/turkmeneli/
13152[*] https://www.turkmenajans.net/kategori/video-galeri/
13153[*] https://www.turkmenajans.net/kayit-ol/
13154[*] https://www.turkmenajans.net/kunye
13155[*] https://www.turkmenajans.net/kunye/
13156[*] https://www.turkmenajans.net/menbic-de-firatin-dogusu-da-bizi-ve-turkiyeyi-dort-gozle-bekliyor/
13157[*] https://www.turkmenajans.net/operasyona-haziriz-emir-bekliyoruz/
13158[*] https://www.turkmenajans.net/ornek-sayfa/
13159[*] https://www.turkmenajans.net/page/2/
13160[*] https://www.turkmenajans.net/rusya-ile-iranin-hakimiyet-kavgasi-devam-ediyor/
13161[*] https://www.turkmenajans.net/sitene-ekle
13162[*] https://www.turkmenajans.net/sitene-ekle/
13163[*] https://www.turkmenajans.net/suriye-lirasi-karsisinda-doviz-kurlari-ne-kadar/
13164[*] https://www.turkmenajans.net/telaferden-ayrilan-turkmenlerin-yuzde-35i-bolgeye-donebildi/
13165[*] https://www.turkmenajans.net/teror-orgutu-ypg-pkk-roj-multeci-kampinda-cocuklari-tutukladi/
13166[*] https://www.turkmenajans.net/tum-yazarlar
13167[*] https://www.turkmenajans.net/tum-yazarlar/
13168[*] https://www.turkmenajans.net/turkmenler-dernek-acilisinda-toplandi/
13169[*] https://www.turkmenajans.net/turkmen-meclisi-baskani-genclerle-bulustu/
13170[*] http://www.facebook.com/turkmenajans1
13171[*] http://www.habermatik.net/
13172[*] http://www.turkmenajans.net/
13173[*] http://www.turkmenajans.net/www.twitter.com/turkmenajans
13174cut: intervalle de champ incorrecte
13175Saisissez « cut --help » pour plus d'informations.
13176[INFO] Shodan detected the following opened ports on 144.76.114.219:
13177[*] 2
13178[*] 2082
13179[*] 2083
13180[*] 2086
13181[*] 2087
13182[*] 21
13183[*] 3389
13184[*] 443
13185[*] 465
13186[*] 6
13187[*] 7
13188[*] 9
13189[INFO] ------VirusTotal SECTION------
13190[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
13191[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
13192[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
13193[INFO] ------Alexa Rank SECTION------
13194[INFO] Percent of Visitors Rank in Country:
13195[INFO] Percent of Search Traffic:
13196[INFO] Percent of Unique Visits:
13197[INFO] Total Sites Linking In:
13198[*] Total Sites
13199[INFO] Useful links related to www.turkmenajans.net - 144.76.114.219:
13200[*] https://www.virustotal.com/pt/ip-address/144.76.114.219/information/
13201[*] https://www.hybrid-analysis.com/search?host=144.76.114.219
13202[*] https://www.shodan.io/host/144.76.114.219
13203[*] https://www.senderbase.org/lookup/?search_string=144.76.114.219
13204[*] https://www.alienvault.com/open-threat-exchange/ip/144.76.114.219
13205[*] http://pastebin.com/search?q=144.76.114.219
13206[*] http://urlquery.net/search.php?q=144.76.114.219
13207[*] http://www.alexa.com/siteinfo/www.turkmenajans.net
13208[*] http://www.google.com/safebrowsing/diagnostic?site=www.turkmenajans.net
13209[*] https://censys.io/ipv4/144.76.114.219
13210[*] https://www.abuseipdb.com/check/144.76.114.219
13211[*] https://urlscan.io/search/#144.76.114.219
13212[*] https://github.com/search?q=144.76.114.219&type=Code
13213[INFO] Useful links related to AS24940 - 144.76.0.0/16:
13214[*] http://www.google.com/safebrowsing/diagnostic?site=AS:24940
13215[*] https://www.senderbase.org/lookup/?search_string=144.76.0.0/16
13216[*] http://bgp.he.net/AS24940
13217[*] https://stat.ripe.net/AS24940
13218[INFO] Date: 24/11/19 | Time: 17:59:56
13219[INFO] Total time: 0 minute(s) and 50 second(s)
13220#######################################################################################################################################
13221[I] Threads: 5
13222[-] Target: http://www.turkmenajans.net (144.76.114.219)
13223[M] Website Not in HTTPS: http://www.turkmenajans.net
13224[I] Server: LiteSpeed
13225[L] X-Frame-Options: Not Enforced
13226[I] Strict-Transport-Security: Not Enforced
13227[I] X-Content-Security-Policy: Not Enforced
13228[I] X-Content-Type-Options: Not Enforced
13229[L] Robots.txt Found: http://www.turkmenajans.net/robots.txt
13230[I] CMS Detection: WordPress
13231[I] Wordpress Theme: HaberMatikV2
13232[-] WordPress usernames identified:
13233[M] admin
13234[M] demo
13235[M] XML-RPC services are enabled
13236[M] Website vulnerable to XML-RPC Brute Force Vulnerability
13237[I] Autocomplete Off Not Found: http://www.turkmenajans.net/wp-login.php
13238[-] Default WordPress Files:
13239[I] http://www.turkmenajans.net/license.txt
13240[I] http://www.turkmenajans.net/readme.html
13241[I] http://www.turkmenajans.net/wp-includes/ID3/license.commercial.txt
13242[I] http://www.turkmenajans.net/wp-includes/ID3/license.txt
13243[I] http://www.turkmenajans.net/wp-includes/ID3/readme.txt
13244[I] http://www.turkmenajans.net/wp-includes/images/crystal/license.txt
13245[I] http://www.turkmenajans.net/wp-includes/js/plupload/license.txt
13246[I] http://www.turkmenajans.net/wp-includes/js/swfupload/license.txt
13247[I] http://www.turkmenajans.net/wp-includes/js/tinymce/license.txt
13248[-] Searching Wordpress Plugins ...
13249[I] akismet
13250[M] EDB-ID: 37826 "WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities"
13251[M] EDB-ID: 37902 "WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities"
13252[I] feed
13253[M] EDB-ID: 38624 "WordPress Plugin WP Feed - 'nid' SQL Injection"
13254[I] Checking for Directory Listing Enabled ...
13255[-] Date & Time: 24/11/2019 18:03:15
13256[-] Completed in: 0:06:30
13257#######################################################################################################################################
13258 Anonymous JTSEC #OpISIS Full Recon #20