· 6 years ago · Dec 06, 2019, 06:45 PM
1######################################################################################################################################
2=======================================================================================================================================
3Hostname kujirakan.jp ISP SAKURA Internet Inc.
4Continent Asia Flag
5JP
6Country Japan Country Code JP
7Region Ōsaka Local time 07 Dec 2019 01:01 JST
8City Osaka Postal Code 543-0062
9IP Address 219.94.128.84 Latitude 34.685
10 Longitude 135.514
11======================================================================================================================================
12######################################################################################################################################
13> kujirakan.jp
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: kujirakan.jp
19Address: 219.94.128.84
20>
21#######################################################################################################################################
22
23Domain Information:
24[Domain Name] KUJIRAKAN.JP
25
26[Registrant] taiji whale museum
27
28[Name Server] ns1.dns.ne.jp
29[Name Server] ns2.dns.ne.jp
30[Signing Key]
31
32[Created on] 2011/04/06
33[Expires on] 2020/04/30
34[Status] Active
35[Last Updated] 2019/05/01 01:05:12 (JST)
36
37Contact Information:
38[Name] SAKURA Internet Domain Registration
39[Email] jprs-staff@sakura.ad.jp
40[Web Page]
41[Postal code] 530-0011
42[Postal Address] osaka
43 osaka
44 35F,4-20,ofukacho,kitaku
45[Phone] +81.663764800
46[Fax]
47######################################################################################################################################
48[+] Target : kujirakan.jp
49
50[+] IP Address : 219.94.128.84
51
52[+] Headers :
53
54[+] Server : nginx
55[+] Date : Fri, 06 Dec 2019 16:06:04 GMT
56[+] Content-Type : text/html
57[+] Content-Length : 18552
58[+] Connection : keep-alive
59[+] Last-Modified : Thu, 24 Oct 2019 04:57:27 GMT
60[+] ETag : "4878-595a0deb0fbc0"
61[+] Accept-Ranges : bytes
62
63[+] SSL Certificate Information :
64
65[+] organizationalUnitName : Domain Control Validated
66[+] commonName : *.sakura.ne.jp
67[+] countryName : JP
68[+] stateOrProvinceName : Tokyo
69[+] localityName : Chiyoda-ku
70[+] organizationName : Gehirn Inc.
71[+] commonName : Gehirn Managed Certification Authority - RSA DV
72[+] Version : 3
73[+] Serial Number : 5488628599050F18AC9B2075B76A66FA
74[+] Not Before : Jun 28 00:00:00 2018 GMT
75[+] Not After : Jun 27 23:59:59 2020 GMT
76[+] OCSP : ('http://ocsp.usertrust.com',)
77[+] subject Alt Name : (('DNS', '*.sakura.ne.jp'), ('DNS', '*.180r.com'), ('DNS', '*.2-d.jp'), ('DNS', '*.achoo.jp'), ('DNS', '*.amaretto.jp'), ('DNS', '*.bona.jp'), ('DNS', '*.chew.jp'), ('DNS', '*.crap.jp'), ('DNS', '*.daynight.jp'), ('DNS', '*.deko8.jp'), ('DNS', '*.dojin.com'), ('DNS', '*.eek.jp'), ('DNS', '*.flop.jp'), ('DNS', '*.from.tv'), ('DNS', '*.fubuki.info'), ('DNS', '*.gokujou.biz'), ('DNS', '*.grats.jp'), ('DNS', '*.grrr.jp'), ('DNS', '*.halfmoon.jp'), ('DNS', '*.ivory.ne.jp'), ('DNS', '*.jeez.jp'), ('DNS', '*.jpn.org'), ('DNS', '*.kirara.st'), ('DNS', '*.kokage.cc'), ('DNS', '*.mail-box.ne.jp'), ('DNS', '*.matrix.jp'), ('DNS', '*.mimoza.jp'), ('DNS', '*.mints.ne.jp'), ('DNS', '*.mokuren.ne.jp'), ('DNS', '*.nazo.cc'), ('DNS', '*.netgamers.jp'), ('DNS', '*.noob.jp'), ('DNS', '*.nyanta.jp'), ('DNS', '*.o0o0.jp'), ('DNS', '*.opal.ne.jp'), ('DNS', '*.rash.jp'), ('DNS', '*.razor.jp'), ('DNS', '*.rdy.jp'), ('DNS', '*.rgr.jp'), ('DNS', '*.rojo.jp'), ('DNS', '*.rossa.cc'), ('DNS', '*.rulez.jp'), ('DNS', '*.rusk.to'), ('DNS', '*.saikyou.biz'), ('DNS', '*.sakura.tv'), ('DNS', '*.sakuratan.com'), ('DNS', '*.sakuraweb.com'), ('DNS', '*.saloon.jp'), ('DNS', '*.silk.to'), ('DNS', '*.skr.jp'), ('DNS', '*.spawn.jp'), ('DNS', '*.squares.net'), ('DNS', '*.sumomo.ne.jp'), ('DNS', '*.tank.jp'), ('DNS', '*.thyme.jp'), ('DNS', '*.topaz.ne.jp'), ('DNS', '*.uh-oh.jp'), ('DNS', '*.undo.jp'), ('DNS', '*.websozai.jp'), ('DNS', '*.whoa.jp'), ('DNS', '*.x0.com'), ('DNS', '*.x0.to'), ('DNS', '*.xii.jp'))
78[+] CA Issuers : ('http://crt.usertrust.com/GehirnManagedCertificationAuthorityRSADV.crt',)
79[+] CRL Distribution Points : ('http://crl.usertrust.com/GehirnManagedCertificationAuthorityRSADV.crl',)
80
81[+] Whois Lookup :
82
83[+] NIR : {'query': '219.94.128.84', 'raw': None, 'nets': [{'cidr': '219.94.128.0/24', 'name': 'SAKURA Internet Inc.', 'handle': 'SAKURA-NET', 'range': '219.94.128.1 - 219.94.128.255', 'country': 'JP', 'address': None, 'postal_code': None, 'nameservers': ['ns1.dns.ne.jp', 'ns2.dns.ne.jp'], 'created': None, 'updated': '2006-03-31T02:35:03', 'contacts': {'admin': {'name': 'Tanaka, Kunihiro', 'email': 'jprs-staff@sakura.ad.jp', 'reply_email': 'jpnic-staff@sakura.ad.jp', 'organization': 'SAKURA Internet Inc.', 'division': '', 'title': 'President', 'phone': '06-6376-4800', 'fax': '06-6292-4250', 'updated': '2017-07-05T08:46:53'}, 'tech': {'name': 'Washikita, Ken', 'email': 'jpnic-staff@sakura.ad.jp', 'reply_email': '', 'organization': 'SAKURA Internet Inc', 'division': '', 'title': '', 'phone': '06-6376-4800', 'fax': '06-6292-4250', 'updated': '2017-06-27T10:18:45'}}}]}
84[+] ASN Registry : apnic
85[+] ASN : 9371
86[+] ASN CIDR : 219.94.128.0/17
87[+] ASN Country Code : JP
88[+] ASN Date : 2004-10-13
89[+] ASN Description : SAKURA-C SAKURA Internet Inc., JP
90[+] cidr : 219.94.128.0/17
91[+] name : SAKURA-OSAKA
92[+] handle : JNIC1-AP
93[+] range : 219.94.128.0 - 219.94.255.255
94[+] description : SAKURA Internet Inc.
95Grandfront Osaka Bldg. Tower-A 35F, 4-20, Ofukacho, Kita-ku, Osaka 530-0011 Japan
96[+] country : JP
97[+] state : None
98[+] city : None
99[+] address : Urbannet-Kanda Bldg 4F, 3-6-2 Uchi-Kanda
100Chiyoda-ku, Tokyo 101-0047, Japan
101[+] postal_code : None
102[+] emails : ['abuse@sakura.ad.jp', 'hostmaster@nic.ad.jp']
103[+] created : None
104[+] updated : None
105
106[+] Crawling Target...
107
108[+] Looking for robots.txt........[ Found ]
109[+] Extracting robots Links.......[ 0 ]
110[+] Looking for sitemap.xml.......[ Found ]
111[+] Extracting sitemap Links......[ 39 ]
112[+] Extracting CSS Links..........[ 2 ]
113[+] Extracting Javascript Links...[ 5 ]
114[+] Extracting Internal Links.....[ 0 ]
115[+] Extracting External Links.....[ 2 ]
116[+] Extracting Images.............[ 18 ]
117
118[+] Total Links Extracted : 66
119
120[+] Dumping Links in /opt/FinalRecon/dumps/kujirakan.jp.dump
121[+] Completed!
122#####################################################################################################################################
123[i] Scanning Site: http://kujirakan.jp
124
125
126
127B A S I C I N F O
128====================
129
130
131[+] Site Title: ���n����������̔�����
132[+] IP address: 219.94.128.84
133[+] Web Server: nginx
134[+] CMS: Could Not Detect
135[+] Cloudflare: Not Detected
136[+] Robots File: Found
137
138-------------[ contents ]----------------
139User-Agent:*
140Sitemap:http://www.kujirakan.jp/
141
142
143-----------[end of contents]-------------
144
145
146
147W H O I S L O O K U P
148========================
149
150 [ JPRS database provides information on network administration. Its use is ]
151[ restricted to network administration purposes. For further information, ]
152[ use 'whois -h whois.jprs.jp help'. To suppress Japanese output, add'/e' ]
153[ at the end of command, e.g. 'whois -h whois.jprs.jp xxx/e'. ]
154
155Domain Information:
156[Domain Name] KUJIRAKAN.JP
157
158[Registrant] taiji whale museum
159
160[Name Server] ns1.dns.ne.jp
161[Name Server] ns2.dns.ne.jp
162[Signing Key]
163
164[Created on] 2011/04/06
165[Expires on] 2020/04/30
166[Status] Active
167[Last Updated] 2019/05/01 01:05:12 (JST)
168
169Contact Information:
170[Name] SAKURA Internet Domain Registration
171[Email] jprs-staff@sakura.ad.jp
172[Web Page]
173[Postal code] 530-0011
174[Postal Address] osaka
175 osaka
176 35F,4-20,ofukacho,kitaku
177[Phone] +81.663764800
178[Fax]
179
180
181
182
183
184G E O I P L O O K U P
185=========================
186
187[i] IP Address: 219.94.128.84
188[i] Country: Japan
189[i] State: Osaka
190[i] City: Osaka
191[i] Latitude: 34.6833
192[i] Longitude: 135.5167
193
194
195
196
197H T T P H E A D E R S
198=======================
199
200
201[i] HTTP/1.1 200 OK
202[i] Server: nginx
203[i] Date: Fri, 06 Dec 2019 16:06:41 GMT
204[i] Content-Type: text/html
205[i] Content-Length: 18552
206[i] Connection: close
207[i] Last-Modified: Thu, 24 Oct 2019 04:57:27 GMT
208[i] ETag: "4878-595a0deb0fbc0"
209[i] Accept-Ranges: bytes
210
211
212
213
214D N S L O O K U P
215===================
216
217kujirakan.jp. 3599 IN NS ns1.dns.ne.jp.
218kujirakan.jp. 3599 IN NS ns2.dns.ne.jp.
219kujirakan.jp. 3599 IN A 219.94.128.84
220kujirakan.jp. 3599 IN MX 10 kujirakan.jp.
221kujirakan.jp. 3599 IN SOA master.dns.ne.jp. tech.sakura.ad.jp. 2011040709 3600 900 3600000 3600
222
223
224
225
226S U B N E T C A L C U L A T I O N
227====================================
228
229Address = 219.94.128.84
230Network = 219.94.128.84 / 32
231Netmask = 255.255.255.255
232Broadcast = not needed on Point-to-Point links
233Wildcard Mask = 0.0.0.0
234Hosts Bits = 0
235Max. Hosts = 1 (2^0 - 0)
236Host Range = { 219.94.128.84 - 219.94.128.84 }
237
238
239
240N M A P P O R T S C A N
241============================
242
243Starting Nmap 7.70 ( https://nmap.org ) at 2019-12-06 16:06 UTC
244Nmap scan report for kujirakan.jp (219.94.128.84)
245Host is up (0.15s latency).
246rDNS record for 219.94.128.84: www874.sakura.ne.jp
247
248PORT STATE SERVICE
24921/tcp open ftp
25022/tcp open ssh
25123/tcp filtered telnet
25280/tcp open http
253110/tcp open pop3
254143/tcp open imap
255443/tcp open https
2563389/tcp closed ms-wbt-server
257
258Nmap done: 1 IP address (1 host up) scanned in 2.12 seconds
259
260
261#####################################################################################################################################
262[+] Starting At 2019-12-06 11:10:20.181779
263[+] Collecting Information On: http://kujirakan.jp/
264[#] Status: 200
265--------------------------------------------------
266[#] Web Server Detected: nginx
267[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
268- Server: nginx
269- Date: Fri, 06 Dec 2019 16:10:21 GMT
270- Content-Type: text/html
271- Content-Length: 18552
272- Connection: keep-alive
273- Last-Modified: Thu, 24 Oct 2019 04:57:27 GMT
274- ETag: "4878-595a0deb0fbc0"
275- Accept-Ranges: bytes
276--------------------------------------------------
277[#] Finding Location..!
278[#] status: success
279[#] country: Japan
280[#] countryCode: JP
281[#] region: 27
282[#] regionName: Ōsaka
283[#] city: Chuo Ward
284[#] zip: 541-0054
285[#] lat: 34.6825
286[#] lon: 135.504
287[#] timezone: Asia/Tokyo
288[#] isp: SAKURA
289[#] org: SAKURA Internet Inc.
290[#] as: AS9371 SAKURA Internet Inc.
291[#] query: 219.94.128.84
292--------------------------------------------------
293[x] Didn't Detect WAF Presence on: http://kujirakan.jp/
294--------------------------------------------------
295[#] Starting Reverse DNS
296[-] Failed ! Fail
297--------------------------------------------------
298[!] Scanning Open Port
299[#] 21/tcp open ftp
300[#] 22/tcp open ssh
301[#] 80/tcp open http
302[#] 110/tcp open pop3
303[#] 143/tcp open imap
304[#] 443/tcp open https
305[#] 587/tcp open submission
306[#] 993/tcp open imaps
307[#] 995/tcp open pop3s
308--------------------------------------------------
309[+] Collecting Information Disclosure!
310[#] Detecting sitemap.xml file
311[!] sitemap.xml File Found: http://kujirakan.jp//sitemap.xml
312[#] Detecting robots.txt file
313[!] robots.txt File Found: http://kujirakan.jp//robots.txt
314[#] Detecting GNU Mailman
315[-] GNU Mailman App Not Detected!?
316--------------------------------------------------
317[+] Crawling Url Parameter On: http://kujirakan.jp/
318--------------------------------------------------
319[#] Searching Html Form !
320[-] No Html Form Found!?
321--------------------------------------------------
322[!] Found 6 dom parameter
323[#] http://kujirakan.jp//use/index.html#¨¾Èîñ
324[#] http://kujirakan.jp//facility/index.html#6
325[#] http://kujirakan.jp//facility/index.html#3
326[#] http://kujirakan.jp//#
327[#] http://kujirakan.jp//use/index.html#¨¾Èîñ
328[#] http://kujirakan.jp//site_p.html#®¨æµ
329--------------------------------------------------
330[-] No internal Dynamic Parameter Found!?
331--------------------------------------------------
332[-] No external Dynamic Paramter Found!?
333--------------------------------------------------
334[!] 32 Internal links Discovered
335[+] http://kujirakan.jp//object/camera.css
336[+] http://kujirakan.jp//styletope.css
337[+] http://kujirakan.jp//index.html
338[+] http://kujirakan.jp//q_and_a.html
339[+] http://kujirakan.jp//sitemap.html
340[+] http://kujirakan.jp//facility/index.html
341[+] http://kujirakan.jp//use/index.html
342[+] http://kujirakan.jp//facility/osusume.html
343[+] http://kujirakan.jp//doubututachi.html
344[+] http://kujirakan.jp//program/index.html
345[+] http://kujirakan.jp//show/index.html
346[+] http://kujirakan.jp//experience/index.html
347[+] http://kujirakan.jp//facility/honkan.html
348[+] http://kujirakan.jp//pdf/20190403_logo.pdf
349[+] http://kujirakan.jp//news04.html
350[+] http://kujirakan.jp//news01.html
351[+] http://kujirakan.jp//news01.html
352[+] http://kujirakan.jp//news01.html
353[+] http://kujirakan.jp//news01.html
354[+] http://kujirakan.jp//subwindow_schedule.html
355[+] http://kujirakan.jp//use/subwindow_kujirahamakouen.html
356[+] http://kujirakan.jp//jissyuusei.html
357[+] http://kujirakan.jp//news02.html
358[+] http://kujirakan.jp//facility/index.html
359[+] http://kujirakan.jp//use/index.html
360[+] http://kujirakan.jp//facility/osusume.html
361[+] http://kujirakan.jp//doubututachi.html
362[+] http://kujirakan.jp//program/index.html
363[+] http://kujirakan.jp//downloard.html
364[+] http://kujirakan.jp//site_p.html
365[+] http://kujirakan.jp//sitemap.html
366[+] http://kujirakan.jp//count/dayxmgr.cgi
367--------------------------------------------------
368[!] 2 External links Discovered
369[#] https://www.facebook.com/kujirakan
370[#] https://kujira-digital-museum.com/
371--------------------------------------------------
372[#] Mapping Subdomain..
373[!] Found 1 Subdomain
374- kujirakan.jp
375--------------------------------------------------
376[!] Done At 2019-12-06 11:10:55.483214
377#######################################################################################################################################
378[INFO] ------TARGET info------
379[*] TARGET: http://kujirakan.jp/
380[*] TARGET IP: 219.94.128.84
381[INFO] NO load balancer detected for kujirakan.jp...
382[*] DNS servers: master.dns.ne.jp.
383[*] TARGET server: nginx
384[*] CC: JP
385[*] Country: Japan
386[*] RegionCode: 27
387[*] RegionName: Ōsaka
388[*] City: Chuo Ward
389[*] ASN: AS9371
390[*] BGP_PREFIX: 219.94.128.0/17
391[*] ISP: SAKURA-C SAKURA Internet Inc., JP
392[INFO] DNS enumeration:
393[*] ftp.kujirakan.jp kujirakan.jp. 219.94.128.84
394[*] mail.kujirakan.jp kujirakan.jp. 219.94.128.84
395[INFO] Possible abuse mails are:
396[*] abuse@kujirakan.jp
397[*] abuse@sakura.ad.jp
398[*] support@sakura.ad.jp
399[INFO] NO PAC (Proxy Auto Configuration) file FOUND
400[ALERT] robots.txt file FOUND in http://kujirakan.jp/robots.txt
401[INFO] Checking for HTTP status codes recursively from http://kujirakan.jp/robots.txt
402[INFO] Status code Folders
403[INFO] Starting FUZZing in http://kujirakan.jp/FUzZzZzZzZz...
404[INFO] Status code Folders
405[*] 200 http://kujirakan.jp/index
406[ALERT] Look in the source code. It may contain passwords
407[INFO] Links found from http://kujirakan.jp/ http://219.94.128.84/:
408[*] http://kujirakan.jp/
409[*] http://kujirakan.jp/doubututachi.html
410[*] http://kujirakan.jp/downloard.html
411[*] http://kujirakan.jp/experience/index.html
412[*] http://kujirakan.jp/facility/honkan.html
413[*] http://kujirakan.jp/facility/index.html
414[*] http://kujirakan.jp/facility/index.html#3
415[*] http://kujirakan.jp/facility/index.html#6
416[*] http://kujirakan.jp/facility/osusume.html
417[*] http://kujirakan.jp/index.html
418[*] http://kujirakan.jp/jissyuusei.html
419[*] http://kujirakan.jp/news01.html
420[*] http://kujirakan.jp/news02.html
421[*] http://kujirakan.jp/news04.html
422[*] http://kujirakan.jp/pdf/20190403_logo.pdf
423[*] http://kujirakan.jp/program/index.html
424[*] http://kujirakan.jp/q_and_a.html
425[*] http://kujirakan.jp/show/index.html
426[*] http://kujirakan.jp/sitemap.html
427[*] http://kujirakan.jp/site_p.html
428[*] http://kujirakan.jp/site_p.html#動物取扱
429[*] http://kujirakan.jp/subwindow_schedule.html
430[*] http://kujirakan.jp/#title_01
431[*] http://kujirakan.jp/use/index.html
432[*] http://kujirakan.jp/use/index.html#お得な情報
433[*] http://kujirakan.jp/use/subwindow_kujirahamakouen.html
434[*] https://kujira-digital-museum.com/
435[*] https://www.facebook.com/kujirakan
436cut: les champs sont numérotés à partir de 1
437Saisissez « cut --help » pour plus d'informations.
438[INFO] Shodan detected the following opened ports on 219.94.128.84:
439[*] 0
440[*] 1
441[*] 110
442[*] 143
443[*] 180
444[*] 2
445[*] 21
446[*] 214
447[*] 22
448[*] 25
449[*] 4
450[*] 443
451[*] 587
452[*] 8
453[*] 80
454[*] 993
455[*] 995
456[INFO] ------VirusTotal SECTION------
457[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
458[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
459[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
460[INFO] ------Alexa Rank SECTION------
461[INFO] Percent of Visitors Rank in Country:
462[INFO] Percent of Search Traffic:
463[INFO] Percent of Unique Visits:
464[INFO] Total Sites Linking In:
465[*] Total Sites
466[INFO] Useful links related to kujirakan.jp - 219.94.128.84:
467[*] https://www.virustotal.com/pt/ip-address/219.94.128.84/information/
468[*] https://www.hybrid-analysis.com/search?host=219.94.128.84
469[*] https://www.shodan.io/host/219.94.128.84
470[*] https://www.senderbase.org/lookup/?search_string=219.94.128.84
471[*] https://www.alienvault.com/open-threat-exchange/ip/219.94.128.84
472[*] http://pastebin.com/search?q=219.94.128.84
473[*] http://urlquery.net/search.php?q=219.94.128.84
474[*] http://www.alexa.com/siteinfo/kujirakan.jp
475[*] http://www.google.com/safebrowsing/diagnostic?site=kujirakan.jp
476[*] https://censys.io/ipv4/219.94.128.84
477[*] https://www.abuseipdb.com/check/219.94.128.84
478[*] https://urlscan.io/search/#219.94.128.84
479[*] https://github.com/search?q=219.94.128.84&type=Code
480[INFO] Useful links related to AS9371 - 219.94.128.0/17:
481[*] http://www.google.com/safebrowsing/diagnostic?site=AS:9371
482[*] https://www.senderbase.org/lookup/?search_string=219.94.128.0/17
483[*] http://bgp.he.net/AS9371
484[*] https://stat.ripe.net/AS9371
485[INFO] Date: 06/12/19 | Time: 11:13:38
486[INFO] Total time: 3 minute(s) and 16 second(s)
487######################################################################################################################################
488Trying "kujirakan.jp"
489;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53353
490;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 3
491
492;; QUESTION SECTION:
493;kujirakan.jp. IN ANY
494
495;; ANSWER SECTION:
496kujirakan.jp. 3600 IN SOA master.dns.ne.jp. tech.sakura.ad.jp. 2011040709 3600 900 3600000 3600
497kujirakan.jp. 3600 IN MX 10 kujirakan.jp.
498kujirakan.jp. 3600 IN A 219.94.128.84
499kujirakan.jp. 3600 IN NS ns1.dns.ne.jp.
500kujirakan.jp. 3600 IN NS ns2.dns.ne.jp.
501
502;; ADDITIONAL SECTION:
503kujirakan.jp. 3600 IN A 219.94.128.84
504ns1.dns.ne.jp. 33723 IN A 61.211.236.1
505ns2.dns.ne.jp. 33723 IN A 133.167.21.1
506
507Received 211 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 1971 ms
508######################################################################################################################################
509 AVAILABLE PLUGINS
510 -----------------
511
512 OpenSslCipherSuitesPlugin
513 RobotPlugin
514 HttpHeadersPlugin
515 CompressionPlugin
516 OpenSslCcsInjectionPlugin
517 SessionRenegotiationPlugin
518 SessionResumptionPlugin
519 CertificateInfoPlugin
520 FallbackScsvPlugin
521 HeartbleedPlugin
522 EarlyDataPlugin
523
524
525
526 CHECKING HOST(S) AVAILABILITY
527 -----------------------------
528
529 219.94.128.84:443 => 219.94.128.84
530
531
532
533
534 SCAN RESULTS FOR 219.94.128.84:443 - 219.94.128.84
535 --------------------------------------------------
536
537 * TLSV1 Cipher Suites:
538 Server rejected all cipher suites.
539
540 * TLSV1_1 Cipher Suites:
541 Server rejected all cipher suites.
542
543 * Certificate Information:
544 Content
545 SHA1 Fingerprint: 989fbf04bb6efe968cc8eba722a3449ebcf5a32a
546 Common Name: *.sakura.ne.jp
547 Issuer: Gehirn Managed Certification Authority - RSA DV
548 Serial Number: 112363302279537764564678927296641001210
549 Not Before: 2018-06-28 00:00:00
550 Not After: 2020-06-27 23:59:59
551 Signature Algorithm: sha256
552 Public Key Algorithm: RSA
553 Key Size: 2048
554 Exponent: 65537 (0x10001)
555 DNS Subject Alternative Names: ['*.sakura.ne.jp', '*.180r.com', '*.2-d.jp', '*.achoo.jp', '*.amaretto.jp', '*.bona.jp', '*.chew.jp', '*.crap.jp', '*.daynight.jp', '*.deko8.jp', '*.dojin.com', '*.eek.jp', '*.flop.jp', '*.from.tv', '*.fubuki.info', '*.gokujou.biz', '*.grats.jp', '*.grrr.jp', '*.halfmoon.jp', '*.ivory.ne.jp', '*.jeez.jp', '*.jpn.org', '*.kirara.st', '*.kokage.cc', '*.mail-box.ne.jp', '*.matrix.jp', '*.mimoza.jp', '*.mints.ne.jp', '*.mokuren.ne.jp', '*.nazo.cc', '*.netgamers.jp', '*.noob.jp', '*.nyanta.jp', '*.o0o0.jp', '*.opal.ne.jp', '*.rash.jp', '*.razor.jp', '*.rdy.jp', '*.rgr.jp', '*.rojo.jp', '*.rossa.cc', '*.rulez.jp', '*.rusk.to', '*.saikyou.biz', '*.sakura.tv', '*.sakuratan.com', '*.sakuraweb.com', '*.saloon.jp', '*.silk.to', '*.skr.jp', '*.spawn.jp', '*.squares.net', '*.sumomo.ne.jp', '*.tank.jp', '*.thyme.jp', '*.topaz.ne.jp', '*.uh-oh.jp', '*.undo.jp', '*.websozai.jp', '*.whoa.jp', '*.x0.com', '*.x0.to', '*.xii.jp']
556
557 Trust
558 Hostname Validation: FAILED - Certificate does NOT match 219.94.128.84
559 Android CA Store (9.0.0_r9): OK - Certificate is trusted
560 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
561 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
562 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
563 Windows CA Store (2019-05-27): OK - Certificate is trusted
564 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
565 Received Chain: *.sakura.ne.jp --> Gehirn Managed Certification Authority - RSA DV --> USERTrust RSA Certification Authority
566 Verified Chain: *.sakura.ne.jp --> Gehirn Managed Certification Authority - RSA DV --> USERTrust RSA Certification Authority
567 Received Chain Contains Anchor: OK - Anchor certificate not sent
568 Received Chain Order: OK - Order is valid
569 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
570
571 Extensions
572 OCSP Must-Staple: NOT SUPPORTED - Extension not found
573 Certificate Transparency: OK - 3 SCTs included
574
575 OCSP Stapling
576 OCSP Response Status: successful
577 Validation w/ Mozilla Store: OK - Response is trusted
578 Responder Id: 12E66A258671EDCC8E690C5919C007BC1CA8AD4B
579 Cert Status: good
580 Cert Serial Number: 5488628599050F18AC9B2075B76A66FA
581 This Update: Dec 6 15:28:44 2019 GMT
582 Next Update: Dec 10 15:28:44 2019 GMT
583
584 * Deflate Compression:
585 OK - Compression disabled
586
587 * TLS 1.2 Session Resumption Support:
588 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
589 With TLS Tickets: OK - Supported
590
591 * SSLV3 Cipher Suites:
592 Server rejected all cipher suites.
593
594 * OpenSSL CCS Injection:
595 OK - Not vulnerable to OpenSSL CCS injection
596
597 * SSLV2 Cipher Suites:
598 Server rejected all cipher suites.
599
600 * TLSV1_2 Cipher Suites:
601 Forward Secrecy OK - Supported
602 RC4 OK - Not Supported
603
604 Preferred:
605 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
606 Accepted:
607 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
608 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
609 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
610 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
611 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
612 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
613 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
614 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 200 OK
615 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
616 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
617 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
618 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
619 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
620 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
621 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
622 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
623 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
624 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
625
626 * Downgrade Attacks:
627 TLS_FALLBACK_SCSV: OK - Supported
628
629 * Session Renegotiation:
630 Client-initiated Renegotiation: OK - Rejected
631 Secure Renegotiation: OK - Supported
632
633 * TLSV1_3 Cipher Suites:
634 Server rejected all cipher suites.
635
636 * OpenSSL Heartbleed:
637 OK - Not vulnerable to Heartbleed
638
639 * ROBOT Attack:
640 OK - Not vulnerable
641
642
643 SCAN COMPLETED IN 83.57 S
644 -------------------------
645######################################################################################################################################
646Domains still to check: 1
647 Checking if the hostname kujirakan.jp. given is in fact a domain...
648
649Analyzing domain: kujirakan.jp.
650 Checking NameServers using system default resolver...
651 IP: 133.167.21.1 (Japan)
652 HostName: ns2.dns.ne.jp Type: NS
653 HostName: ns2.dns.ne.jp Type: PTR
654 IP: 61.211.236.1 (Japan)
655 HostName: ns1.dns.ne.jp Type: NS
656 HostName: ns1.dns.ne.jp Type: PTR
657
658 Checking MailServers using system default resolver...
659 IP: 219.94.128.84 (Japan)
660 HostName: kujirakan.jp Type: MX
661 HostName: www874.sakura.ne.jp Type: PTR
662
663 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
664 No zone transfer found on nameserver 133.167.21.1
665 No zone transfer found on nameserver 61.211.236.1
666
667 Checking SPF record...
668 No SPF record
669
670 Checking 192 most common hostnames using system default resolver...
671 IP: 219.94.128.84 (Japan)
672 HostName: kujirakan.jp Type: MX
673 HostName: www874.sakura.ne.jp Type: PTR
674 HostName: www.kujirakan.jp. Type: A
675 IP: 219.94.128.84 (Japan)
676 HostName: kujirakan.jp Type: MX
677 HostName: www874.sakura.ne.jp Type: PTR
678 HostName: www.kujirakan.jp. Type: A
679 HostName: ftp.kujirakan.jp. Type: A
680 IP: 219.94.128.84 (Japan)
681 HostName: kujirakan.jp Type: MX
682 HostName: www874.sakura.ne.jp Type: PTR
683 HostName: www.kujirakan.jp. Type: A
684 HostName: ftp.kujirakan.jp. Type: A
685 HostName: mail.kujirakan.jp. Type: A
686
687 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
688 Checking netblock 133.167.21.0
689 Checking netblock 219.94.128.0
690 Checking netblock 61.211.236.0
691
692 Searching for kujirakan.jp. emails in Google
693
694 Checking 3 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
695 Host 133.167.21.1 is up (reset ttl 64)
696 Host 219.94.128.84 is up (reset ttl 64)
697 Host 61.211.236.1 is up (reset ttl 64)
698
699 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
700 Scanning ip 133.167.21.1 (ns2.dns.ne.jp (PTR)):
701 53/tcp open domain syn-ack ttl 111 NLnet Labs NSD 4.1.23
702 | dns-nsid:
703 | id.server: osnns-nsd2.sakura.ad.jp
704 |_ bind.version: NSD 4.1.23
705 Scanning ip 219.94.128.84 (mail.kujirakan.jp.):
706 80/tcp open http syn-ack ttl 45 nginx
707 | http-methods:
708 |_ Supported Methods: GET HEAD
709 |_http-title: \x82\xB3\x82\xAD\x82\xE7\x82\xCC\x83\x8C\x83\x93\x83^\x83\x8B\x83T\x81[\x83o
710 443/tcp open ssl/http syn-ack ttl 46 nginx
711 | http-methods:
712 |_ Supported Methods: GET HEAD POST OPTIONS
713 |_http-title: 400 The plain HTTP request was sent to HTTPS port
714 | ssl-cert: Subject: commonName=*.sakura.ne.jp
715 | Subject Alternative Name: DNS:*.sakura.ne.jp, DNS:*.180r.com, DNS:*.2-d.jp, DNS:*.achoo.jp, DNS:*.amaretto.jp, DNS:*.bona.jp, DNS:*.chew.jp, DNS:*.crap.jp, DNS:*.daynight.jp, DNS:*.deko8.jp, DNS:*.dojin.com, DNS:*.eek.jp, DNS:*.flop.jp, DNS:*.from.tv, DNS:*.fubuki.info, DNS:*.gokujou.biz, DNS:*.grats.jp, DNS:*.grrr.jp, DNS:*.halfmoon.jp, DNS:*.ivory.ne.jp, DNS:*.jeez.jp, DNS:*.jpn.org, DNS:*.kirara.st, DNS:*.kokage.cc, DNS:*.mail-box.ne.jp, DNS:*.matrix.jp, DNS:*.mimoza.jp, DNS:*.mints.ne.jp, DNS:*.mokuren.ne.jp, DNS:*.nazo.cc, DNS:*.netgamers.jp, DNS:*.noob.jp, DNS:*.nyanta.jp, DNS:*.o0o0.jp, DNS:*.opal.ne.jp, DNS:*.rash.jp, DNS:*.razor.jp, DNS:*.rdy.jp, DNS:*.rgr.jp, DNS:*.rojo.jp, DNS:*.rossa.cc, DNS:*.rulez.jp, DNS:*.rusk.to, DNS:*.saikyou.biz, DNS:*.sakura.tv, DNS:*.sakuratan.com, DNS:*.sakuraweb.com, DNS:*.saloon.jp, DNS:*.silk.to, DNS:*.skr.jp, DNS:*.spawn.jp, DNS:*.squares.net, DNS:*.sumomo.ne.jp, DNS:*.tank.jp, DNS:*.thyme.jp, DNS:*.topaz.ne.jp, DNS:*.uh-oh.jp, DNS:*.undo.jp, DNS:*.websozai.jp, DNS:*.whoa.jp, DNS:*.x0.com, DNS:*.x0.to, DNS:*.xii.jp
716 | Issuer: commonName=Gehirn Managed Certification Authority - RSA DV/organizationName=Gehirn Inc./stateOrProvinceName=Tokyo/countryName=JP
717 | Public Key type: rsa
718 | Public Key bits: 2048
719 | Signature Algorithm: sha256WithRSAEncryption
720 | Not valid before: 2018-06-28T00:00:00
721 | Not valid after: 2020-06-27T23:59:59
722 | MD5: ce1d 7d87 c75c d366 142c 50ef 778c c39b
723 |_SHA-1: 989f bf04 bb6e fe96 8cc8 eba7 22a3 449e bcf5 a32a
724 |_ssl-date: TLS randomness does not represent time
725 | tls-alpn:
726 | h2
727 |_ http/1.1
728 | tls-nextprotoneg:
729 | h2
730 |_ http/1.1
731 Scanning ip 61.211.236.1 (ns1.dns.ne.jp (PTR)):
732 53/tcp open domain syn-ack ttl 111 NLnet Labs NSD 4.1.23
733 | dns-nsid:
734 | NSID: f8b0659f-5919-45f6-bbb3-ee0f4d79d226 (66386230363539662d353931392d343566362d626262332d656530663464373964323236)
735 | id.server: f8b0659f-5919-45f6-bbb3-ee0f4d79d226
736 |_ bind.version: NSD 4.1.23
737 WebCrawling domain's web servers... up to 50 max links.
738
739 + URL to crawl: http://ftp.kujirakan.jp.
740 + Date: 2019-12-06
741
742 + Crawling URL: http://ftp.kujirakan.jp.:
743 + Links:
744 + Crawling http://ftp.kujirakan.jp.
745 + Searching for directories...
746 + Searching open folders...
747
748
749 + URL to crawl: http://www.kujirakan.jp.
750 + Date: 2019-12-06
751
752 + Crawling URL: http://www.kujirakan.jp.:
753 + Links:
754 + Crawling http://www.kujirakan.jp.
755 + Crawling http://www.kujirakan.jp./index.html
756 + Crawling http://www.kujirakan.jp./q_and_a.html
757 + Crawling http://www.kujirakan.jp./sitemap.html
758 + Crawling http://www.kujirakan.jp./facility/index.html
759 + Crawling http://www.kujirakan.jp./use/index.html
760 + Crawling http://www.kujirakan.jp./facility/osusume.html
761 + Crawling http://www.kujirakan.jp./doubututachi.html
762 + Crawling http://www.kujirakan.jp./program/index.html
763 + Crawling http://www.kujirakan.jp./show/index.html
764 + Crawling http://www.kujirakan.jp./experience/index.html
765 + Crawling http://www.kujirakan.jp./facility/honkan.html
766 + Crawling http://www.kujirakan.jp./news04.html
767 + Crawling http://www.kujirakan.jp./news01.html
768 + Crawling http://www.kujirakan.jp./subwindow_schedule.html
769 + Crawling http://www.kujirakan.jp./use/subwindow_kujirahamakouen.html
770 + Crawling http://www.kujirakan.jp./jissyuusei.html
771 + Crawling http://www.kujirakan.jp./news02.html
772 + Crawling http://www.kujirakan.jp./downloard.html
773 + Crawling http://www.kujirakan.jp./site_p.html
774 + Crawling http://www.kujirakan.jp./count/dayxmgr.cgi
775 + Crawling http://www.kujirakan.jp./use/sub01.html
776 + Crawling http://www.kujirakan.jp./use/subwindow_hazashi.html
777 + Crawling http://www.kujirakan.jp./use/subwindow_ishigakikinenkan.html
778 + Crawling http://www.kujirakan.jp./use/subwindow_kinomatusima.html
779 + Crawling http://www.kujirakan.jp./use/subwindow_kujirahama_b.html
780 + Crawling http://www.kujirakan.jp./use/subwindow_hogeisen.html
781 + Crawling http://www.kujirakan.jp./use/subwindow_shippo.html
782 + Crawling http://www.kujirakan.jp./use/subwindow_taijibussan.html (404 Not Found)
783 + Crawling http://www.kujirakan.jp./use/subwindow_taketonbo.html
784 + Crawling http://www.kujirakan.jp./use/subwindow_portin.html
785 + Crawling http://www.kujirakan.jp./show/subwindow_irukashow.html
786 + Crawling http://www.kujirakan.jp./show/subwindow_kujirashow.html
787 + Crawling http://www.kujirakan.jp./experience/subwindow_irukatouch.html
788 + Crawling http://www.kujirakan.jp./experience/subwindow_iruka_trener.html
789 + Crawling http://www.kujirakan.jp./experience/subwindow_esaagetaiken.html
790 + Crawling http://www.kujirakan.jp./experience/subwindow_kayak_adventure.html
791 + Crawling http://www.kujirakan.jp./experience/subwindow_bichidehureai.html
792 + Crawling http://www.kujirakan.jp./experience/subwindow_fureaisuimu.html
793 + Crawling http://www.kujirakan.jp./facility/honkan_3f.html
794 + Crawling http://www.kujirakan.jp./facility/honkan_2f.html
795 + Crawling http://www.kujirakan.jp./facility/honkan_1f.html
796 + Crawling http://www.kujirakan.jp./program/sub01.html
797 + Crawling http://www.kujirakan.jp./photo_g.html (404 Not Found)
798 + Crawling http://www.kujirakan.jp./facility/marinarium.html
799 + Crawling http://www.kujirakan.jp./use/subwindow_ruboa.html
800 + Searching for directories...
801 - Found: http://www.kujirakan.jp./facility/
802 - Found: http://www.kujirakan.jp./use/
803 - Found: http://www.kujirakan.jp./program/
804 - Found: http://www.kujirakan.jp./show/
805 - Found: http://www.kujirakan.jp./experience/
806 - Found: http://www.kujirakan.jp./count/
807 - Found: http://www.kujirakan.jp./object/
808 - Found: http://www.kujirakan.jp./pdf/
809 - Found: http://www.kujirakan.jp./facility/image/
810 - Found: http://www.kujirakan.jp./image/
811 - Found: http://www.kujirakan.jp./image/whale/
812 - Found: http://www.kujirakan.jp./news/
813 - Found: http://www.kujirakan.jp./news/data/
814 - Found: http://www.kujirakan.jp./use/image/
815 - Found: http://www.kujirakan.jp./image/kannai/
816 + Searching open folders...
817 - http://www.kujirakan.jp./facility/ (No Open Folder)
818 - http://www.kujirakan.jp./use/ (No Open Folder)
819 - http://www.kujirakan.jp./program/ (No Open Folder)
820 - http://www.kujirakan.jp./show/ (No Open Folder)
821 - http://www.kujirakan.jp./experience/ (No Open Folder)
822 - http://www.kujirakan.jp./count/ (403 Forbidden)
823 - http://www.kujirakan.jp./object/ (403 Forbidden)
824 - http://www.kujirakan.jp./pdf/ (403 Forbidden)
825 - http://www.kujirakan.jp./facility/image/ (403 Forbidden)
826 - http://www.kujirakan.jp./image/ (403 Forbidden)
827 - http://www.kujirakan.jp./image/whale/ (403 Forbidden)
828 - http://www.kujirakan.jp./news/ (403 Forbidden)
829 - http://www.kujirakan.jp./news/data/ (403 Forbidden)
830 - http://www.kujirakan.jp./use/image/ (403 Forbidden)
831 - http://www.kujirakan.jp./image/kannai/ (403 Forbidden)
832 + Crawl finished successfully.
833----------------------------------------------------------------------
834Summary of http://http://www.kujirakan.jp.
835----------------------------------------------------------------------
836+ Links crawled:
837 - http://www.kujirakan.jp.
838 - http://www.kujirakan.jp./count/dayxmgr.cgi
839 - http://www.kujirakan.jp./doubututachi.html
840 - http://www.kujirakan.jp./downloard.html
841 - http://www.kujirakan.jp./experience/index.html
842 - http://www.kujirakan.jp./experience/subwindow_bichidehureai.html
843 - http://www.kujirakan.jp./experience/subwindow_esaagetaiken.html
844 - http://www.kujirakan.jp./experience/subwindow_fureaisuimu.html
845 - http://www.kujirakan.jp./experience/subwindow_iruka_trener.html
846 - http://www.kujirakan.jp./experience/subwindow_irukatouch.html
847 - http://www.kujirakan.jp./experience/subwindow_kayak_adventure.html
848 - http://www.kujirakan.jp./facility/honkan.html
849 - http://www.kujirakan.jp./facility/honkan_1f.html
850 - http://www.kujirakan.jp./facility/honkan_2f.html
851 - http://www.kujirakan.jp./facility/honkan_3f.html
852 - http://www.kujirakan.jp./facility/index.html
853 - http://www.kujirakan.jp./facility/marinarium.html
854 - http://www.kujirakan.jp./facility/osusume.html
855 - http://www.kujirakan.jp./index.html
856 - http://www.kujirakan.jp./jissyuusei.html
857 - http://www.kujirakan.jp./news01.html
858 - http://www.kujirakan.jp./news02.html
859 - http://www.kujirakan.jp./news04.html
860 - http://www.kujirakan.jp./photo_g.html (404 Not Found)
861 - http://www.kujirakan.jp./program/index.html
862 - http://www.kujirakan.jp./program/sub01.html
863 - http://www.kujirakan.jp./q_and_a.html
864 - http://www.kujirakan.jp./show/index.html
865 - http://www.kujirakan.jp./show/subwindow_kujirashow.html
866 - http://www.kujirakan.jp./site_p.html
867 - http://www.kujirakan.jp./sitemap.html
868 - http://www.kujirakan.jp./subwindow_schedule.html
869 - http://www.kujirakan.jp./use/index.html
870 - http://www.kujirakan.jp./use/sub01.html
871 - http://www.kujirakan.jp./use/subwindow_hazashi.html
872 - http://www.kujirakan.jp./use/subwindow_hogeisen.html
873 - http://www.kujirakan.jp./use/subwindow_ishigakikinenkan.html
874 - http://www.kujirakan.jp./use/subwindow_kinomatusima.html
875 - http://www.kujirakan.jp./use/subwindow_kujirahama_b.html
876 - http://www.kujirakan.jp./use/subwindow_kujirahamakouen.html
877 - http://www.kujirakan.jp./use/subwindow_portin.html
878 - http://www.kujirakan.jp./use/subwindow_ruboa.html
879 - http://www.kujirakan.jp./use/subwindow_shippo.html
880 - http://www.kujirakan.jp./use/subwindow_taijibussan.html (404 Not Found)
881 - http://www.kujirakan.jp./use/subwindow_taketonbo.html
882 Total links crawled: 45
883
884+ Links to files found:
885 - http://www.kujirakan.jp./blue.gif
886 - http://www.kujirakan.jp./facility/image/honkan_01.jpg
887 - http://www.kujirakan.jp./facility/image/honkan_02.jpg
888 - http://www.kujirakan.jp./facility/image/honkan_03.jpg
889 - http://www.kujirakan.jp./facility/image/honkan_04.jpg
890 - http://www.kujirakan.jp./facility/image/honkan_05.jpg
891 - http://www.kujirakan.jp./facility/image/honkan_06.jpg
892 - http://www.kujirakan.jp./facility/image/honkan_07.jpg
893 - http://www.kujirakan.jp./facility/image/honkan_08.jpg
894 - http://www.kujirakan.jp./facility/image/honkan_09.jpg
895 - http://www.kujirakan.jp./facility/image/honkan_10.jpg
896 - http://www.kujirakan.jp./facility/image/honkan_12.jpg
897 - http://www.kujirakan.jp./facility/image/honkan_13.jpg
898 - http://www.kujirakan.jp./facility/image/honkan_14.jpg
899 - http://www.kujirakan.jp./facility/image/honkan_15.jpg
900 - http://www.kujirakan.jp./facility/image/i_map01.jpg
901 - http://www.kujirakan.jp./facility/image/kouen_map1000.jpg
902 - http://www.kujirakan.jp./facility/image/kouen_map730.jpg
903 - http://www.kujirakan.jp./facility/image/shironagasu.jpg
904 - http://www.kujirakan.jp./facility/image/siryoukan01.jpg
905 - http://www.kujirakan.jp./facility/image/siryoukan01_1.jpg
906 - http://www.kujirakan.jp./image/2019img01.jpg
907 - http://www.kujirakan.jp./image/2019img02.jpg
908 - http://www.kujirakan.jp./image/2019img03.jpg
909 - http://www.kujirakan.jp./image/2019img04.jpg
910 - http://www.kujirakan.jp./image/2019img05.jpg
911 - http://www.kujirakan.jp./image/2019img06.jpg
912 - http://www.kujirakan.jp./image/2019img07.jpg
913 - http://www.kujirakan.jp./image/2019img08.jpg
914 - http://www.kujirakan.jp./image/2019img09.jpg
915 - http://www.kujirakan.jp./image/2019img10.jpg
916 - http://www.kujirakan.jp./image/2019img11.jpg
917 - http://www.kujirakan.jp./image/2019img12.jpg
918 - http://www.kujirakan.jp./image/2019img14.jpg
919 - http://www.kujirakan.jp./image/2019img15.jpg
920 - http://www.kujirakan.jp./image/2019img16.jpg
921 - http://www.kujirakan.jp./image/2019img17.jpg
922 - http://www.kujirakan.jp./image/2019img18.jpg
923 - http://www.kujirakan.jp./image/2019img19.jpg
924 - http://www.kujirakan.jp./image/2019img20.jpg
925 - http://www.kujirakan.jp./image/2019img21.jpg
926 - http://www.kujirakan.jp./image/2019img22.jpg
927 - http://www.kujirakan.jp./image/2019img23.jpg
928 - http://www.kujirakan.jp./image/2019img24.jpg
929 - http://www.kujirakan.jp./image/2019img25.jpg
930 - http://www.kujirakan.jp./image/2019img26.jpg
931 - http://www.kujirakan.jp./image/2019img27.jpg
932 - http://www.kujirakan.jp./image/dolphin_suimu_dv.jpg
933 - http://www.kujirakan.jp./image/etsuketaiken.jpg
934 - http://www.kujirakan.jp./image/its_heard.JPG
935 - http://www.kujirakan.jp./image/kannai/image_005m.jpg
936 - http://www.kujirakan.jp./image/museum_tour.JPG
937 - http://www.kujirakan.jp./image/pf_01_omote.jpg
938 - http://www.kujirakan.jp./image/pf_01_ura.jpg
939 - http://www.kujirakan.jp./image/seminar.JPG
940 - http://www.kujirakan.jp./image/set_ticket.gif
941 - http://www.kujirakan.jp./image/spot_guide.JPG
942 - http://www.kujirakan.jp./image/whale/n_bandouiruka.jpg
943 - http://www.kujirakan.jp./image/whale/n_bandouiruka_01.jpg
944 - http://www.kujirakan.jp./image/whale/n_bandouiruka_02.jpg
945 - http://www.kujirakan.jp./image/whale/n_hanagondou.jpg
946 - http://www.kujirakan.jp./image/whale/n_hanagondou_01.jpg
947 - http://www.kujirakan.jp./image/whale/n_hanagondou_02.jpg
948 - http://www.kujirakan.jp./image/whale/n_kamairuka.jpg
949 - http://www.kujirakan.jp./image/whale/n_kamairuka_01.jpg
950 - http://www.kujirakan.jp./image/whale/n_kamairuka_02.jpg
951 - http://www.kujirakan.jp./image/whale/n_kazuhagondou.jpg
952 - http://www.kujirakan.jp./image/whale/n_kazuhagondou_01.jpg
953 - http://www.kujirakan.jp./image/whale/n_kazuhagondou_02.jpg
954 - http://www.kujirakan.jp./image/whale/n_kobiregondou.jpg
955 - http://www.kujirakan.jp./image/whale/n_kobiregondou_01.jpg
956 - http://www.kujirakan.jp./image/whale/n_kobiregondou_02.jpg
957 - http://www.kujirakan.jp./image/whale/n_madarairuka.jpg
958 - http://www.kujirakan.jp./image/whale/n_madarairuka_01.jpg
959 - http://www.kujirakan.jp./image/whale/n_madarairuka_02.jpg
960 - http://www.kujirakan.jp./image/whale/n_okigondou.jpg
961 - http://www.kujirakan.jp./image/whale/n_okigondou_01.jpg
962 - http://www.kujirakan.jp./image/whale/n_okigondou_02.jpg
963 - http://www.kujirakan.jp./image/whale/n_sujiiruka.jpg
964 - http://www.kujirakan.jp./image/whale/n_sujiiruka_01.jpg
965 - http://www.kujirakan.jp./image/whale/n_sujiiruka_02.jpg
966 - http://www.kujirakan.jp./image/worksheet.jpg
967 - http://www.kujirakan.jp./news/20190403_logo.jpg
968 - http://www.kujirakan.jp./news/20190907_kujiramamire.jpg
969 - http://www.kujirakan.jp./news/20190907_kujiramamire_icon.jpg
970 - http://www.kujirakan.jp./news/20190912_kujiramamire.pdf
971 - http://www.kujirakan.jp./news/20190912_kujiramamire_map.pdf
972 - http://www.kujirakan.jp./news/2019_05_31.jpg
973 - http://www.kujirakan.jp./news/data/A-1.pdf
974 - http://www.kujirakan.jp./news/data/A-2.pdf
975 - http://www.kujirakan.jp./news/data/B-1.pdf
976 - http://www.kujirakan.jp./news/data/B-10.pdf
977 - http://www.kujirakan.jp./news/data/B-11.pdf
978 - http://www.kujirakan.jp./news/data/B-12.pdf
979 - http://www.kujirakan.jp./news/data/B-13.pdf
980 - http://www.kujirakan.jp./news/data/B-14.pdf
981 - http://www.kujirakan.jp./news/data/B-15.pdf
982 - http://www.kujirakan.jp./news/data/B-16.pdf
983 - http://www.kujirakan.jp./news/data/B-17.pdf
984 - http://www.kujirakan.jp./news/data/B-18.pdf
985 - http://www.kujirakan.jp./news/data/B-2.pdf
986 - http://www.kujirakan.jp./news/data/B-3.pdf
987 - http://www.kujirakan.jp./news/data/B-4.pdf
988 - http://www.kujirakan.jp./news/data/B-5.pdf
989 - http://www.kujirakan.jp./news/data/B-6.pdf
990 - http://www.kujirakan.jp./news/data/B-7.pdf
991 - http://www.kujirakan.jp./news/data/B-8.pdf
992 - http://www.kujirakan.jp./news/data/B-9.pdf
993 - http://www.kujirakan.jp./news/data/C-1.pdf
994 - http://www.kujirakan.jp./news_rist_yajirusi.jpg
995 - http://www.kujirakan.jp./object/back_top.jpg
996 - http://www.kujirakan.jp./object/camera.css
997 - http://www.kujirakan.jp./object/camera.min.js
998 - http://www.kujirakan.jp./object/down_f.jpg
999 - http://www.kujirakan.jp./object/fl_002.jpg
1000 - http://www.kujirakan.jp./object/fl_003.jpg
1001 - http://www.kujirakan.jp./object/fl_004.jpg
1002 - http://www.kujirakan.jp./object/fl_005.jpg
1003 - http://www.kujirakan.jp./object/fl_006.jpg
1004 - http://www.kujirakan.jp./object/fl_007.jpg
1005 - http://www.kujirakan.jp./object/fl_008sp.jpg
1006 - http://www.kujirakan.jp./object/jquery.easing.1.3.js
1007 - http://www.kujirakan.jp./object/jquery.min.js
1008 - http://www.kujirakan.jp./object/jquery.mobile.customized.min.js
1009 - http://www.kujirakan.jp./object/list.jpg
1010 - http://www.kujirakan.jp./object/list_b.jpg
1011 - http://www.kujirakan.jp./object/map_kakunin.jpg
1012 - http://www.kujirakan.jp./object/map_kannai_1f.jpg
1013 - http://www.kujirakan.jp./object/map_kannai_2f.jpg
1014 - http://www.kujirakan.jp./object/map_kannai_3f.jpg
1015 - http://www.kujirakan.jp./object/menu_guidemap.jpg
1016 - http://www.kujirakan.jp./object/menu_image01.jpg
1017 - http://www.kujirakan.jp./object/menu_image02.jpg
1018 - http://www.kujirakan.jp./object/menu_image03.jpg
1019 - http://www.kujirakan.jp./object/menu_image04.jpg
1020 - http://www.kujirakan.jp./object/menu_jissyuusei.jpg
1021 - http://www.kujirakan.jp./object/menu_saiyoujyouhou.jpg
1022 - http://www.kujirakan.jp./object/menu_schedule.jpg
1023 - http://www.kujirakan.jp./object/new_menu_facebook.jpg
1024 - http://www.kujirakan.jp./object/new_menu_harabire.jpg
1025 - http://www.kujirakan.jp./object/new_menu_logo.jpg
1026 - http://www.kujirakan.jp./object/qanda.jpg
1027 - http://www.kujirakan.jp./object/schedule.jpg
1028 - http://www.kujirakan.jp./object/sp_menyu_dm.jpg
1029 - http://www.kujirakan.jp./object/space_10.jpg
1030 - http://www.kujirakan.jp./object/sub_title_00.jpg
1031 - http://www.kujirakan.jp./object/sub_title_01.jpg
1032 - http://www.kujirakan.jp./object/sub_title_02.jpg
1033 - http://www.kujirakan.jp./object/sub_title_03.jpg
1034 - http://www.kujirakan.jp./object/sub_title_04.jpg
1035 - http://www.kujirakan.jp./object/sub_title_05.jpg
1036 - http://www.kujirakan.jp./object/subu_txt_bcg02.jpg
1037 - http://www.kujirakan.jp./object/syousai.jpg
1038 - http://www.kujirakan.jp./object/title_01.gif
1039 - http://www.kujirakan.jp./pdf/201503_spica.pdf
1040 - http://www.kujirakan.jp./pdf/2017_04ryoukinkaitei.pdf
1041 - http://www.kujirakan.jp./pdf/20190403_logo.pdf
1042 - http://www.kujirakan.jp./pdf/challenge_sheet_a.pdf
1043 - http://www.kujirakan.jp./pdf/challenge_stamp_r_a.pdf
1044 - http://www.kujirakan.jp./pdf/gakoudantai_nyukanyoyakusyo.pdf
1045 - http://www.kujirakan.jp./pdf/gakoudantai_onegai.pdf
1046 - http://www.kujirakan.jp./pdf/gakoupuroguramu_mousikomisyo.pdf
1047 - http://www.kujirakan.jp./pdf/gakusyupuroguramu_itiran.pdf
1048 - http://www.kujirakan.jp./pdf/haruka201306.pdf
1049 - http://www.kujirakan.jp./pdf/jissyuusei_seiyakusyo.pdf
1050 - http://www.kujirakan.jp./pdf/jissyuusei_sinsei.pdf
1051 - http://www.kujirakan.jp./pdf/kujirakan_pf.pdf
1052 - http://www.kujirakan.jp./pdf/kujitanmini1.pdf
1053 - http://www.kujirakan.jp./pdf/kujitanmini2.pdf
1054 - http://www.kujirakan.jp./pdf/nyukan_waribikiken.pdf
1055 - http://www.kujirakan.jp./pdf/pf_01_omote.pdf
1056 - http://www.kujirakan.jp./pdf/pf_01_ura.pdf
1057 - http://www.kujirakan.jp./pdf/spica_201408.pdf
1058 - http://www.kujirakan.jp./red.gif
1059 - http://www.kujirakan.jp./scroll.js
1060 - http://www.kujirakan.jp./styletope.css
1061 - http://www.kujirakan.jp./use/image/Kaisuiyokujyou.jpg
1062 - http://www.kujirakan.jp./use/image/hazashi.jpg
1063 - http://www.kujirakan.jp./use/image/hogeisenKyomaru.jpg
1064 - http://www.kujirakan.jp./use/image/ishigakikinenn.jpg
1065 - http://www.kujirakan.jp./use/image/matsushimaKankousen.jpg
1066 - http://www.kujirakan.jp./use/image/port_in_kujirahama.jpg
1067 - http://www.kujirakan.jp./use/image/ruboa.jpg
1068 - http://www.kujirakan.jp./use/image/sippo.jpg
1069 - http://www.kujirakan.jp./use/image/taketombo.jpg
1070 Total links to files: 185
1071
1072+ Externals links found:
1073 - http://kinomatsushima.com/
1074 - http://www.kent-web.com/
1075 - http://www.kujirakan.jp/count/dayx.cgi?gif
1076 - http://www.kujirakan.jp/count/dayx.cgi?today
1077 - http://www.kujirakan.jp/count/dayx.cgi?yes
1078 - http://www.kushimoto.co.jp/
1079 - http://www.town.taiji.wakayama.jp/ishigaki/
1080 - http://www.town.taiji.wakayama.jp/kankou/sub_04.html
1081 - http://www.town.taiji.wakayama.jp/kurasi/basu.html
1082 - https://kujira-digital-museum.com/
1083 - https://maps.google.co.jp/maps?f=q&source=embed&hl=ja&geocode=&q=%E5%A4%AA%E5%9C%B0%E7%94%BA2934-2%E3%80%80%E3%81%8F%E3%81%98%E3%82%89%E3%81%AE%E5%8D%9A%E7%89%A9%E9%A4%A8&aq=&sll=33.60219,135.945811&sspn=0.006291,0.013025&brcurrent=3,0x600616fec33fd451:0xa1d13cc39b2dd9ee,0&ie=UTF8&hq=&hnear=%E5%92%8C%E6%AD%8C%E5%B1%B1%E7%9C%8C%E6%9D%B1%E7%89%9F%E5%A9%81%E9%83%A1%E5%A4%AA%E5%9C%B0%E7%94%BA%E5%A4%AA%E5%9C%B0%EF%BC%92%EF%BC%99%EF%BC%93%EF%BC%94%E2%88%92%EF%BC%92+%E3%81%8F%E3%81%98%E3%82%89%E3%81%AE%E5%8D%9A%E7%89%A9%E9%A4%A8&t=m&ll=33.603075,135.946026&spn=0.003128,0.00706&z=17&iwloc=A
1084 - https://maps.google.co.jp/maps?f=q&source=s_q&hl=ja&geocode=&q=%E5%A4%AA%E5%9C%B0%E7%94%BA2934-2%E3%80%80%E3%81%8F%E3%81%98%E3%82%89%E3%81%AE%E5%8D%9A%E7%89%A9%E9%A4%A8&aq=&sll=33.60219,135.945811&sspn=0.006291,0.013025&brcurrent=3,0x600616fec33fd451:0xa1d13cc39b2dd9ee,0&ie=UTF8&hq=&hnear=%E5%92%8C%E6%AD%8C%E5%B1%B1%E7%9C%8C%E6%9D%B1%E7%89%9F%E5%A9%81%E9%83%A1%E5%A4%AA%E5%9C%B0%E7%94%BA%E5%A4%AA%E5%9C%B0%EF%BC%92%EF%BC%99%EF%BC%93%EF%BC%94%E2%88%92%EF%BC%92+%E3%81%8F%E3%81%98%E3%82%89%E3%81%AE%E5%8D%9A%E7%89%A9%E9%A4%A8&t=m&ll=33.603075,135.946026&spn=0.003128,0.00706&z=17&iwloc=A&output=embed
1085 - https://www.facebook.com/kujirakan
1086 - https://www.kmcscuba1977.com/blank-1
1087 Total external links: 14
1088
1089+ Email addresses found:
1090 Total email address found: 0
1091
1092+ Directories found:
1093 - http://www.kujirakan.jp./count/ (403 Forbidden)
1094 - http://www.kujirakan.jp./experience/ (No open folder)
1095 - http://www.kujirakan.jp./facility/ (No open folder)
1096 - http://www.kujirakan.jp./facility/image/ (403 Forbidden)
1097 - http://www.kujirakan.jp./image/ (403 Forbidden)
1098 - http://www.kujirakan.jp./image/kannai/ (403 Forbidden)
1099 - http://www.kujirakan.jp./image/whale/ (403 Forbidden)
1100 - http://www.kujirakan.jp./news/ (403 Forbidden)
1101 - http://www.kujirakan.jp./news/data/ (403 Forbidden)
1102 - http://www.kujirakan.jp./object/ (403 Forbidden)
1103 - http://www.kujirakan.jp./pdf/ (403 Forbidden)
1104 - http://www.kujirakan.jp./program/ (No open folder)
1105 - http://www.kujirakan.jp./show/ (No open folder)
1106 - http://www.kujirakan.jp./use/ (No open folder)
1107 - http://www.kujirakan.jp./use/image/ (403 Forbidden)
1108 Total directories: 15
1109
1110+ Directory indexing found:
1111 Total directories with indexing: 0
1112
1113----------------------------------------------------------------------
1114
1115
1116 + URL to crawl: http://mail.kujirakan.jp.
1117 + Date: 2019-12-06
1118
1119 + Crawling URL: http://mail.kujirakan.jp.:
1120 + Links:
1121 + Crawling http://mail.kujirakan.jp.
1122 + Searching for directories...
1123 + Searching open folders...
1124
1125
1126 + URL to crawl: http://kujirakan.jp
1127 + Date: 2019-12-06
1128
1129 + Crawling URL: http://kujirakan.jp:
1130 + Links:
1131 + Crawling http://kujirakan.jp
1132 + Crawling http://kujirakan.jp/index.html
1133 + Crawling http://kujirakan.jp/q_and_a.html
1134 + Crawling http://kujirakan.jp/sitemap.html
1135 + Crawling http://kujirakan.jp/facility/index.html
1136 + Crawling http://kujirakan.jp/use/index.html
1137 + Crawling http://kujirakan.jp/facility/osusume.html
1138 + Crawling http://kujirakan.jp/doubututachi.html
1139 + Crawling http://kujirakan.jp/program/index.html
1140 + Crawling http://kujirakan.jp/show/index.html
1141 + Crawling http://kujirakan.jp/experience/index.html
1142 + Crawling http://kujirakan.jp/facility/honkan.html
1143 + Crawling http://kujirakan.jp/news04.html
1144 + Crawling http://kujirakan.jp/news01.html
1145 + Crawling http://kujirakan.jp/subwindow_schedule.html
1146 + Crawling http://kujirakan.jp/use/subwindow_kujirahamakouen.html
1147 + Crawling http://kujirakan.jp/jissyuusei.html
1148 + Crawling http://kujirakan.jp/news02.html
1149 + Crawling http://kujirakan.jp/downloard.html
1150 + Crawling http://kujirakan.jp/site_p.html
1151 + Crawling http://kujirakan.jp/count/dayxmgr.cgi
1152 + Crawling http://kujirakan.jp/use/sub01.html
1153 + Crawling http://kujirakan.jp/use/subwindow_hazashi.html
1154 + Crawling http://kujirakan.jp/use/subwindow_ishigakikinenkan.html
1155 + Crawling http://kujirakan.jp/use/subwindow_kinomatusima.html
1156 + Crawling http://kujirakan.jp/use/subwindow_kujirahama_b.html
1157 + Crawling http://kujirakan.jp/use/subwindow_hogeisen.html
1158 + Crawling http://kujirakan.jp/use/subwindow_shippo.html
1159 + Crawling http://kujirakan.jp/use/subwindow_taijibussan.html (404 Not Found)
1160 + Crawling http://kujirakan.jp/use/subwindow_taketonbo.html
1161 + Crawling http://kujirakan.jp/use/subwindow_portin.html
1162 + Crawling http://kujirakan.jp/show/subwindow_irukashow.html
1163 + Crawling http://kujirakan.jp/show/subwindow_kujirashow.html
1164 + Crawling http://kujirakan.jp/experience/subwindow_irukatouch.html
1165 + Crawling http://kujirakan.jp/experience/subwindow_iruka_trener.html
1166 + Crawling http://kujirakan.jp/experience/subwindow_esaagetaiken.html
1167 + Crawling http://kujirakan.jp/experience/subwindow_kayak_adventure.html
1168 + Crawling http://kujirakan.jp/experience/subwindow_bichidehureai.html
1169 + Crawling http://kujirakan.jp/experience/subwindow_fureaisuimu.html
1170 + Crawling http://kujirakan.jp/facility/honkan_3f.html
1171 + Crawling http://kujirakan.jp/facility/honkan_2f.html
1172 + Crawling http://kujirakan.jp/facility/honkan_1f.html
1173 + Crawling http://kujirakan.jp/program/sub01.html
1174 + Crawling http://kujirakan.jp/photo_g.html (404 Not Found)
1175 + Crawling http://kujirakan.jp/facility/marinarium.html
1176 + Crawling http://kujirakan.jp/use/subwindow_ruboa.html
1177 + Searching for directories...
1178 - Found: http://kujirakan.jp/facility/
1179 - Found: http://kujirakan.jp/use/
1180 - Found: http://kujirakan.jp/program/
1181 - Found: http://kujirakan.jp/show/
1182 - Found: http://kujirakan.jp/experience/
1183 - Found: http://kujirakan.jp/count/
1184 - Found: http://kujirakan.jp/object/
1185 - Found: http://kujirakan.jp/pdf/
1186 - Found: http://kujirakan.jp/facility/image/
1187 - Found: http://kujirakan.jp/image/
1188 - Found: http://kujirakan.jp/image/whale/
1189 - Found: http://kujirakan.jp/news/
1190 - Found: http://kujirakan.jp/news/data/
1191 - Found: http://kujirakan.jp/use/image/
1192 - Found: http://kujirakan.jp/image/kannai/
1193 + Searching open folders...
1194 - http://kujirakan.jp/facility/ (No Open Folder)
1195 - http://kujirakan.jp/use/ (No Open Folder)
1196 - http://kujirakan.jp/program/ (No Open Folder)
1197 - http://kujirakan.jp/show/ (No Open Folder)
1198 - http://kujirakan.jp/experience/ (No Open Folder)
1199 - http://kujirakan.jp/count/ (403 Forbidden)
1200 - http://kujirakan.jp/object/ (403 Forbidden)
1201 - http://kujirakan.jp/pdf/ (403 Forbidden)
1202 - http://kujirakan.jp/facility/image/ (403 Forbidden)
1203 - http://kujirakan.jp/image/ (403 Forbidden)
1204 - http://kujirakan.jp/image/whale/ (403 Forbidden)
1205 - http://kujirakan.jp/news/ (403 Forbidden)
1206 - http://kujirakan.jp/news/data/ (403 Forbidden)
1207 - http://kujirakan.jp/use/image/ (403 Forbidden)
1208 - http://kujirakan.jp/image/kannai/ (403 Forbidden)
1209 + Crawl finished successfully.
1210----------------------------------------------------------------------
1211Summary of http://http://kujirakan.jp
1212----------------------------------------------------------------------
1213+ Links crawled:
1214 - http://kujirakan.jp
1215 - http://kujirakan.jp/count/dayxmgr.cgi
1216 - http://kujirakan.jp/doubututachi.html
1217 - http://kujirakan.jp/downloard.html
1218 - http://kujirakan.jp/experience/index.html
1219 - http://kujirakan.jp/experience/subwindow_bichidehureai.html
1220 - http://kujirakan.jp/experience/subwindow_esaagetaiken.html
1221 - http://kujirakan.jp/experience/subwindow_fureaisuimu.html
1222 - http://kujirakan.jp/experience/subwindow_iruka_trener.html
1223 - http://kujirakan.jp/experience/subwindow_irukatouch.html
1224 - http://kujirakan.jp/experience/subwindow_kayak_adventure.html
1225 - http://kujirakan.jp/facility/honkan.html
1226 - http://kujirakan.jp/facility/honkan_1f.html
1227 - http://kujirakan.jp/facility/honkan_2f.html
1228 - http://kujirakan.jp/facility/honkan_3f.html
1229 - http://kujirakan.jp/facility/index.html
1230 - http://kujirakan.jp/facility/marinarium.html
1231 - http://kujirakan.jp/facility/osusume.html
1232 - http://kujirakan.jp/index.html
1233 - http://kujirakan.jp/jissyuusei.html
1234 - http://kujirakan.jp/news01.html
1235 - http://kujirakan.jp/news02.html
1236 - http://kujirakan.jp/news04.html
1237 - http://kujirakan.jp/photo_g.html (404 Not Found)
1238 - http://kujirakan.jp/program/index.html
1239 - http://kujirakan.jp/program/sub01.html
1240 - http://kujirakan.jp/q_and_a.html
1241 - http://kujirakan.jp/show/index.html
1242 - http://kujirakan.jp/show/subwindow_irukashow.html
1243 - http://kujirakan.jp/show/subwindow_kujirashow.html
1244 - http://kujirakan.jp/site_p.html
1245 - http://kujirakan.jp/sitemap.html
1246 - http://kujirakan.jp/subwindow_schedule.html
1247 - http://kujirakan.jp/use/index.html
1248 - http://kujirakan.jp/use/sub01.html
1249 - http://kujirakan.jp/use/subwindow_hazashi.html
1250 - http://kujirakan.jp/use/subwindow_hogeisen.html
1251 - http://kujirakan.jp/use/subwindow_ishigakikinenkan.html
1252 - http://kujirakan.jp/use/subwindow_kinomatusima.html
1253 - http://kujirakan.jp/use/subwindow_kujirahama_b.html
1254 - http://kujirakan.jp/use/subwindow_kujirahamakouen.html
1255 - http://kujirakan.jp/use/subwindow_portin.html
1256 - http://kujirakan.jp/use/subwindow_ruboa.html
1257 - http://kujirakan.jp/use/subwindow_shippo.html
1258 - http://kujirakan.jp/use/subwindow_taijibussan.html (404 Not Found)
1259 - http://kujirakan.jp/use/subwindow_taketonbo.html
1260 Total links crawled: 46
1261
1262+ Links to files found:
1263 - http://kujirakan.jp/blue.gif
1264 - http://kujirakan.jp/facility/image/honkan_01.jpg
1265 - http://kujirakan.jp/facility/image/honkan_02.jpg
1266 - http://kujirakan.jp/facility/image/honkan_03.jpg
1267 - http://kujirakan.jp/facility/image/honkan_04.jpg
1268 - http://kujirakan.jp/facility/image/honkan_05.jpg
1269 - http://kujirakan.jp/facility/image/honkan_06.jpg
1270 - http://kujirakan.jp/facility/image/honkan_07.jpg
1271 - http://kujirakan.jp/facility/image/honkan_08.jpg
1272 - http://kujirakan.jp/facility/image/honkan_09.jpg
1273 - http://kujirakan.jp/facility/image/honkan_10.jpg
1274 - http://kujirakan.jp/facility/image/honkan_12.jpg
1275 - http://kujirakan.jp/facility/image/honkan_13.jpg
1276 - http://kujirakan.jp/facility/image/honkan_14.jpg
1277 - http://kujirakan.jp/facility/image/honkan_15.jpg
1278 - http://kujirakan.jp/facility/image/i_map01.jpg
1279 - http://kujirakan.jp/facility/image/kouen_map1000.jpg
1280 - http://kujirakan.jp/facility/image/kouen_map730.jpg
1281 - http://kujirakan.jp/facility/image/shironagasu.jpg
1282 - http://kujirakan.jp/facility/image/siryoukan01.jpg
1283 - http://kujirakan.jp/facility/image/siryoukan01_1.jpg
1284 - http://kujirakan.jp/image/2019img01.jpg
1285 - http://kujirakan.jp/image/2019img02.jpg
1286 - http://kujirakan.jp/image/2019img03.jpg
1287 - http://kujirakan.jp/image/2019img04.jpg
1288 - http://kujirakan.jp/image/2019img05.jpg
1289 - http://kujirakan.jp/image/2019img06.jpg
1290 - http://kujirakan.jp/image/2019img07.jpg
1291 - http://kujirakan.jp/image/2019img08.jpg
1292 - http://kujirakan.jp/image/2019img09.jpg
1293 - http://kujirakan.jp/image/2019img10.jpg
1294 - http://kujirakan.jp/image/2019img11.jpg
1295 - http://kujirakan.jp/image/2019img12.jpg
1296 - http://kujirakan.jp/image/2019img13.jpg
1297 - http://kujirakan.jp/image/2019img14.jpg
1298 - http://kujirakan.jp/image/2019img15.jpg
1299 - http://kujirakan.jp/image/2019img16.jpg
1300 - http://kujirakan.jp/image/2019img17.jpg
1301 - http://kujirakan.jp/image/2019img18.jpg
1302 - http://kujirakan.jp/image/2019img19.jpg
1303 - http://kujirakan.jp/image/2019img20.jpg
1304 - http://kujirakan.jp/image/2019img21.jpg
1305 - http://kujirakan.jp/image/2019img22.jpg
1306 - http://kujirakan.jp/image/2019img23.jpg
1307 - http://kujirakan.jp/image/2019img24.jpg
1308 - http://kujirakan.jp/image/2019img25.jpg
1309 - http://kujirakan.jp/image/2019img26.jpg
1310 - http://kujirakan.jp/image/2019img27.jpg
1311 - http://kujirakan.jp/image/dolphin_suimu_dv.jpg
1312 - http://kujirakan.jp/image/etsuketaiken.jpg
1313 - http://kujirakan.jp/image/its_heard.JPG
1314 - http://kujirakan.jp/image/kannai/image_005m.jpg
1315 - http://kujirakan.jp/image/museum_tour.JPG
1316 - http://kujirakan.jp/image/pf_01_omote.jpg
1317 - http://kujirakan.jp/image/pf_01_ura.jpg
1318 - http://kujirakan.jp/image/seminar.JPG
1319 - http://kujirakan.jp/image/set_ticket.gif
1320 - http://kujirakan.jp/image/spot_guide.JPG
1321 - http://kujirakan.jp/image/whale/n_bandouiruka.jpg
1322 - http://kujirakan.jp/image/whale/n_bandouiruka_01.jpg
1323 - http://kujirakan.jp/image/whale/n_bandouiruka_02.jpg
1324 - http://kujirakan.jp/image/whale/n_hanagondou.jpg
1325 - http://kujirakan.jp/image/whale/n_hanagondou_01.jpg
1326 - http://kujirakan.jp/image/whale/n_hanagondou_02.jpg
1327 - http://kujirakan.jp/image/whale/n_kamairuka.jpg
1328 - http://kujirakan.jp/image/whale/n_kamairuka_01.jpg
1329 - http://kujirakan.jp/image/whale/n_kamairuka_02.jpg
1330 - http://kujirakan.jp/image/whale/n_kazuhagondou.jpg
1331 - http://kujirakan.jp/image/whale/n_kazuhagondou_01.jpg
1332 - http://kujirakan.jp/image/whale/n_kazuhagondou_02.jpg
1333 - http://kujirakan.jp/image/whale/n_kobiregondou.jpg
1334 - http://kujirakan.jp/image/whale/n_kobiregondou_01.jpg
1335 - http://kujirakan.jp/image/whale/n_kobiregondou_02.jpg
1336 - http://kujirakan.jp/image/whale/n_madarairuka.jpg
1337 - http://kujirakan.jp/image/whale/n_madarairuka_01.jpg
1338 - http://kujirakan.jp/image/whale/n_madarairuka_02.jpg
1339 - http://kujirakan.jp/image/whale/n_okigondou.jpg
1340 - http://kujirakan.jp/image/whale/n_okigondou_01.jpg
1341 - http://kujirakan.jp/image/whale/n_okigondou_02.jpg
1342 - http://kujirakan.jp/image/whale/n_sujiiruka.jpg
1343 - http://kujirakan.jp/image/whale/n_sujiiruka_01.jpg
1344 - http://kujirakan.jp/image/whale/n_sujiiruka_02.jpg
1345 - http://kujirakan.jp/image/worksheet.jpg
1346 - http://kujirakan.jp/news/20190403_logo.jpg
1347 - http://kujirakan.jp/news/20190907_kujiramamire.jpg
1348 - http://kujirakan.jp/news/20190907_kujiramamire_icon.jpg
1349 - http://kujirakan.jp/news/20190912_kujiramamire.pdf
1350 - http://kujirakan.jp/news/20190912_kujiramamire_map.pdf
1351 - http://kujirakan.jp/news/2019_05_31.jpg
1352 - http://kujirakan.jp/news/data/A-1.pdf
1353 - http://kujirakan.jp/news/data/A-2.pdf
1354 - http://kujirakan.jp/news/data/B-1.pdf
1355 - http://kujirakan.jp/news/data/B-10.pdf
1356 - http://kujirakan.jp/news/data/B-11.pdf
1357 - http://kujirakan.jp/news/data/B-12.pdf
1358 - http://kujirakan.jp/news/data/B-13.pdf
1359 - http://kujirakan.jp/news/data/B-14.pdf
1360 - http://kujirakan.jp/news/data/B-15.pdf
1361 - http://kujirakan.jp/news/data/B-16.pdf
1362 - http://kujirakan.jp/news/data/B-17.pdf
1363 - http://kujirakan.jp/news/data/B-18.pdf
1364 - http://kujirakan.jp/news/data/B-2.pdf
1365 - http://kujirakan.jp/news/data/B-3.pdf
1366 - http://kujirakan.jp/news/data/B-4.pdf
1367 - http://kujirakan.jp/news/data/B-5.pdf
1368 - http://kujirakan.jp/news/data/B-6.pdf
1369 - http://kujirakan.jp/news/data/B-7.pdf
1370 - http://kujirakan.jp/news/data/B-8.pdf
1371 - http://kujirakan.jp/news/data/B-9.pdf
1372 - http://kujirakan.jp/news/data/C-1.pdf
1373 - http://kujirakan.jp/news_rist_yajirusi.jpg
1374 - http://kujirakan.jp/object/back_top.jpg
1375 - http://kujirakan.jp/object/camera.css
1376 - http://kujirakan.jp/object/camera.min.js
1377 - http://kujirakan.jp/object/down_f.jpg
1378 - http://kujirakan.jp/object/fl_002.jpg
1379 - http://kujirakan.jp/object/fl_003.jpg
1380 - http://kujirakan.jp/object/fl_004.jpg
1381 - http://kujirakan.jp/object/fl_005.jpg
1382 - http://kujirakan.jp/object/fl_006.jpg
1383 - http://kujirakan.jp/object/fl_007.jpg
1384 - http://kujirakan.jp/object/fl_008sp.jpg
1385 - http://kujirakan.jp/object/jquery.easing.1.3.js
1386 - http://kujirakan.jp/object/jquery.min.js
1387 - http://kujirakan.jp/object/jquery.mobile.customized.min.js
1388 - http://kujirakan.jp/object/list.jpg
1389 - http://kujirakan.jp/object/list_b.jpg
1390 - http://kujirakan.jp/object/map_kakunin.jpg
1391 - http://kujirakan.jp/object/map_kannai_1f.jpg
1392 - http://kujirakan.jp/object/map_kannai_2f.jpg
1393 - http://kujirakan.jp/object/map_kannai_3f.jpg
1394 - http://kujirakan.jp/object/menu_guidemap.jpg
1395 - http://kujirakan.jp/object/menu_image01.jpg
1396 - http://kujirakan.jp/object/menu_image02.jpg
1397 - http://kujirakan.jp/object/menu_image03.jpg
1398 - http://kujirakan.jp/object/menu_image04.jpg
1399 - http://kujirakan.jp/object/menu_jissyuusei.jpg
1400 - http://kujirakan.jp/object/menu_saiyoujyouhou.jpg
1401 - http://kujirakan.jp/object/menu_schedule.jpg
1402 - http://kujirakan.jp/object/new_menu_facebook.jpg
1403 - http://kujirakan.jp/object/new_menu_harabire.jpg
1404 - http://kujirakan.jp/object/new_menu_logo.jpg
1405 - http://kujirakan.jp/object/qanda.jpg
1406 - http://kujirakan.jp/object/schedule.jpg
1407 - http://kujirakan.jp/object/sp_menyu_dm.jpg
1408 - http://kujirakan.jp/object/space_10.jpg
1409 - http://kujirakan.jp/object/sub_title_00.jpg
1410 - http://kujirakan.jp/object/sub_title_01.jpg
1411 - http://kujirakan.jp/object/sub_title_02.jpg
1412 - http://kujirakan.jp/object/sub_title_03.jpg
1413 - http://kujirakan.jp/object/sub_title_04.jpg
1414 - http://kujirakan.jp/object/sub_title_05.jpg
1415 - http://kujirakan.jp/object/subu_txt_bcg02.jpg
1416 - http://kujirakan.jp/object/syousai.jpg
1417 - http://kujirakan.jp/object/title_01.gif
1418 - http://kujirakan.jp/pdf/201503_spica.pdf
1419 - http://kujirakan.jp/pdf/2017_04ryoukinkaitei.pdf
1420 - http://kujirakan.jp/pdf/20190403_logo.pdf
1421 - http://kujirakan.jp/pdf/challenge_sheet_a.pdf
1422 - http://kujirakan.jp/pdf/challenge_stamp_r_a.pdf
1423 - http://kujirakan.jp/pdf/gakoudantai_nyukanyoyakusyo.pdf
1424 - http://kujirakan.jp/pdf/gakoudantai_onegai.pdf
1425 - http://kujirakan.jp/pdf/gakoupuroguramu_mousikomisyo.pdf
1426 - http://kujirakan.jp/pdf/gakusyupuroguramu_itiran.pdf
1427 - http://kujirakan.jp/pdf/haruka201306.pdf
1428 - http://kujirakan.jp/pdf/jissyuusei_seiyakusyo.pdf
1429 - http://kujirakan.jp/pdf/jissyuusei_sinsei.pdf
1430 - http://kujirakan.jp/pdf/kujirakan_pf.pdf
1431 - http://kujirakan.jp/pdf/kujitanmini1.pdf
1432 - http://kujirakan.jp/pdf/kujitanmini2.pdf
1433 - http://kujirakan.jp/pdf/nyukan_waribikiken.pdf
1434 - http://kujirakan.jp/pdf/pf_01_omote.pdf
1435 - http://kujirakan.jp/pdf/pf_01_ura.pdf
1436 - http://kujirakan.jp/pdf/spica_201408.pdf
1437 - http://kujirakan.jp/red.gif
1438 - http://kujirakan.jp/scroll.js
1439 - http://kujirakan.jp/styletope.css
1440 - http://kujirakan.jp/use/image/Kaisuiyokujyou.jpg
1441 - http://kujirakan.jp/use/image/hazashi.jpg
1442 - http://kujirakan.jp/use/image/hogeisenKyomaru.jpg
1443 - http://kujirakan.jp/use/image/ishigakikinenn.jpg
1444 - http://kujirakan.jp/use/image/matsushimaKankousen.jpg
1445 - http://kujirakan.jp/use/image/port_in_kujirahama.jpg
1446 - http://kujirakan.jp/use/image/ruboa.jpg
1447 - http://kujirakan.jp/use/image/sippo.jpg
1448 - http://kujirakan.jp/use/image/taketombo.jpg
1449 Total links to files: 186
1450
1451+ Externals links found:
1452 - http://kinomatsushima.com/
1453 - http://www.kent-web.com/
1454 - http://www.kujirakan.jp/count/dayx.cgi?gif
1455 - http://www.kujirakan.jp/count/dayx.cgi?today
1456 - http://www.kujirakan.jp/count/dayx.cgi?yes
1457 - http://www.kushimoto.co.jp/
1458 - http://www.town.taiji.wakayama.jp/ishigaki/
1459 - http://www.town.taiji.wakayama.jp/kankou/sub_04.html
1460 - http://www.town.taiji.wakayama.jp/kurasi/basu.html
1461 - https://kujira-digital-museum.com/
1462 - https://maps.google.co.jp/maps?f=q&source=embed&hl=ja&geocode=&q=%E5%A4%AA%E5%9C%B0%E7%94%BA2934-2%E3%80%80%E3%81%8F%E3%81%98%E3%82%89%E3%81%AE%E5%8D%9A%E7%89%A9%E9%A4%A8&aq=&sll=33.60219,135.945811&sspn=0.006291,0.013025&brcurrent=3,0x600616fec33fd451:0xa1d13cc39b2dd9ee,0&ie=UTF8&hq=&hnear=%E5%92%8C%E6%AD%8C%E5%B1%B1%E7%9C%8C%E6%9D%B1%E7%89%9F%E5%A9%81%E9%83%A1%E5%A4%AA%E5%9C%B0%E7%94%BA%E5%A4%AA%E5%9C%B0%EF%BC%92%EF%BC%99%EF%BC%93%EF%BC%94%E2%88%92%EF%BC%92+%E3%81%8F%E3%81%98%E3%82%89%E3%81%AE%E5%8D%9A%E7%89%A9%E9%A4%A8&t=m&ll=33.603075,135.946026&spn=0.003128,0.00706&z=17&iwloc=A
1463 - https://maps.google.co.jp/maps?f=q&source=s_q&hl=ja&geocode=&q=%E5%A4%AA%E5%9C%B0%E7%94%BA2934-2%E3%80%80%E3%81%8F%E3%81%98%E3%82%89%E3%81%AE%E5%8D%9A%E7%89%A9%E9%A4%A8&aq=&sll=33.60219,135.945811&sspn=0.006291,0.013025&brcurrent=3,0x600616fec33fd451:0xa1d13cc39b2dd9ee,0&ie=UTF8&hq=&hnear=%E5%92%8C%E6%AD%8C%E5%B1%B1%E7%9C%8C%E6%9D%B1%E7%89%9F%E5%A9%81%E9%83%A1%E5%A4%AA%E5%9C%B0%E7%94%BA%E5%A4%AA%E5%9C%B0%EF%BC%92%EF%BC%99%EF%BC%93%EF%BC%94%E2%88%92%EF%BC%92+%E3%81%8F%E3%81%98%E3%82%89%E3%81%AE%E5%8D%9A%E7%89%A9%E9%A4%A8&t=m&ll=33.603075,135.946026&spn=0.003128,0.00706&z=17&iwloc=A&output=embed
1464 - https://www.facebook.com/kujirakan
1465 - https://www.kmcscuba1977.com/blank-1
1466 Total external links: 14
1467
1468+ Email addresses found:
1469 Total email address found: 0
1470
1471+ Directories found:
1472 - http://kujirakan.jp/count/ (403 Forbidden)
1473 - http://kujirakan.jp/experience/ (No open folder)
1474 - http://kujirakan.jp/facility/ (No open folder)
1475 - http://kujirakan.jp/facility/image/ (403 Forbidden)
1476 - http://kujirakan.jp/image/ (403 Forbidden)
1477 - http://kujirakan.jp/image/kannai/ (403 Forbidden)
1478 - http://kujirakan.jp/image/whale/ (403 Forbidden)
1479 - http://kujirakan.jp/news/ (403 Forbidden)
1480 - http://kujirakan.jp/news/data/ (403 Forbidden)
1481 - http://kujirakan.jp/object/ (403 Forbidden)
1482 - http://kujirakan.jp/pdf/ (403 Forbidden)
1483 - http://kujirakan.jp/program/ (No open folder)
1484 - http://kujirakan.jp/show/ (No open folder)
1485 - http://kujirakan.jp/use/ (No open folder)
1486 - http://kujirakan.jp/use/image/ (403 Forbidden)
1487 Total directories: 15
1488
1489+ Directory indexing found:
1490 Total directories with indexing: 0
1491
1492----------------------------------------------------------------------
1493
1494
1495 + URL to crawl: https://ftp.kujirakan.jp.
1496 + Date: 2019-12-06
1497
1498 + Crawling URL: https://ftp.kujirakan.jp.:
1499 + Links:
1500 + Crawling https://ftp.kujirakan.jp.
1501 + Searching for directories...
1502 + Searching open folders...
1503
1504
1505 + URL to crawl: https://www.kujirakan.jp.
1506 + Date: 2019-12-06
1507
1508 + Crawling URL: https://www.kujirakan.jp.:
1509 + Links:
1510 + Crawling https://www.kujirakan.jp.
1511 + Searching for directories...
1512 + Searching open folders...
1513
1514
1515 + URL to crawl: https://mail.kujirakan.jp.
1516 + Date: 2019-12-06
1517
1518 + Crawling URL: https://mail.kujirakan.jp.:
1519 + Links:
1520 + Crawling https://mail.kujirakan.jp.
1521 + Searching for directories...
1522 + Searching open folders...
1523
1524
1525 + URL to crawl: https://kujirakan.jp
1526 + Date: 2019-12-06
1527
1528 + Crawling URL: https://kujirakan.jp:
1529 + Links:
1530 + Crawling https://kujirakan.jp
1531 + Searching for directories...
1532 + Searching open folders...
1533
1534--Finished--
1535Summary information for domain kujirakan.jp.
1536-----------------------------------------
1537
1538 Domain Ips Information:
1539 IP: 133.167.21.1
1540 HostName: ns2.dns.ne.jp Type: NS
1541 HostName: ns2.dns.ne.jp Type: PTR
1542 Country: Japan
1543 Is Active: True (reset ttl 64)
1544 Port: 53/tcp open domain syn-ack ttl 111 NLnet Labs NSD 4.1.23
1545 Script Info: | dns-nsid:
1546 Script Info: | id.server: osnns-nsd2.sakura.ad.jp
1547 Script Info: |_ bind.version: NSD 4.1.23
1548 IP: 219.94.128.84
1549 HostName: kujirakan.jp Type: MX
1550 HostName: www874.sakura.ne.jp Type: PTR
1551 HostName: www.kujirakan.jp. Type: A
1552 HostName: ftp.kujirakan.jp. Type: A
1553 HostName: mail.kujirakan.jp. Type: A
1554 Country: Japan
1555 Is Active: True (reset ttl 64)
1556 Port: 80/tcp open http syn-ack ttl 45 nginx
1557 Script Info: | http-methods:
1558 Script Info: |_ Supported Methods: GET HEAD
1559 Script Info: |_http-title: \x82\xB3\x82\xAD\x82\xE7\x82\xCC\x83\x8C\x83\x93\x83^\x83\x8B\x83T\x81[\x83o
1560 Port: 443/tcp open ssl/http syn-ack ttl 46 nginx
1561 Script Info: | http-methods:
1562 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1563 Script Info: |_http-title: 400 The plain HTTP request was sent to HTTPS port
1564 Script Info: | ssl-cert: Subject: commonName=*.sakura.ne.jp
1565 Script Info: | Subject Alternative Name: DNS:*.sakura.ne.jp, DNS:*.180r.com, DNS:*.2-d.jp, DNS:*.achoo.jp, DNS:*.amaretto.jp, DNS:*.bona.jp, DNS:*.chew.jp, DNS:*.crap.jp, DNS:*.daynight.jp, DNS:*.deko8.jp, DNS:*.dojin.com, DNS:*.eek.jp, DNS:*.flop.jp, DNS:*.from.tv, DNS:*.fubuki.info, DNS:*.gokujou.biz, DNS:*.grats.jp, DNS:*.grrr.jp, DNS:*.halfmoon.jp, DNS:*.ivory.ne.jp, DNS:*.jeez.jp, DNS:*.jpn.org, DNS:*.kirara.st, DNS:*.kokage.cc, DNS:*.mail-box.ne.jp, DNS:*.matrix.jp, DNS:*.mimoza.jp, DNS:*.mints.ne.jp, DNS:*.mokuren.ne.jp, DNS:*.nazo.cc, DNS:*.netgamers.jp, DNS:*.noob.jp, DNS:*.nyanta.jp, DNS:*.o0o0.jp, DNS:*.opal.ne.jp, DNS:*.rash.jp, DNS:*.razor.jp, DNS:*.rdy.jp, DNS:*.rgr.jp, DNS:*.rojo.jp, DNS:*.rossa.cc, DNS:*.rulez.jp, DNS:*.rusk.to, DNS:*.saikyou.biz, DNS:*.sakura.tv, DNS:*.sakuratan.com, DNS:*.sakuraweb.com, DNS:*.saloon.jp, DNS:*.silk.to, DNS:*.skr.jp, DNS:*.spawn.jp, DNS:*.squares.net, DNS:*.sumomo.ne.jp, DNS:*.tank.jp, DNS:*.thyme.jp, DNS:*.topaz.ne.jp, DNS:*.uh-oh.jp, DNS:*.undo.jp, DNS:*.websozai.jp, DNS:*.whoa.jp, DNS:*.x0.com, DNS:*.x0.to, DNS:*.xii.jp
1566 Script Info: | Issuer: commonName=Gehirn Managed Certification Authority - RSA DV/organizationName=Gehirn Inc./stateOrProvinceName=Tokyo/countryName=JP
1567 Script Info: | Public Key type: rsa
1568 Script Info: | Public Key bits: 2048
1569 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1570 Script Info: | Not valid before: 2018-06-28T00:00:00
1571 Script Info: | Not valid after: 2020-06-27T23:59:59
1572 Script Info: | MD5: ce1d 7d87 c75c d366 142c 50ef 778c c39b
1573 Script Info: |_SHA-1: 989f bf04 bb6e fe96 8cc8 eba7 22a3 449e bcf5 a32a
1574 Script Info: |_ssl-date: TLS randomness does not represent time
1575 Script Info: | tls-alpn:
1576 Script Info: | h2
1577 Script Info: |_ http/1.1
1578 Script Info: | tls-nextprotoneg:
1579 Script Info: | h2
1580 Script Info: |_ http/1.1
1581 IP: 61.211.236.1
1582 HostName: ns1.dns.ne.jp Type: NS
1583 HostName: ns1.dns.ne.jp Type: PTR
1584 Country: Japan
1585 Is Active: True (reset ttl 64)
1586 Port: 53/tcp open domain syn-ack ttl 111 NLnet Labs NSD 4.1.23
1587 Script Info: | dns-nsid:
1588 Script Info: | NSID: f8b0659f-5919-45f6-bbb3-ee0f4d79d226 (66386230363539662d353931392d343566362d626262332d656530663464373964323236)
1589 Script Info: | id.server: f8b0659f-5919-45f6-bbb3-ee0f4d79d226
1590 Script Info: |_ bind.version: NSD 4.1.23
1591
1592--------------End Summary --------------
1593-----------------------------------------
1594#######################################################################################################################################
1595traceroute to kujirakan.jp (219.94.128.84), 30 hops max, 60 byte packets
1596 1 10.253.204.1 (10.253.204.1) 344.151 ms 344.126 ms 344.105 ms
1597 2 213.184.122.97 (213.184.122.97) 344.088 ms 344.070 ms 344.049 ms
1598 3 bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9) 344.028 ms 344.057 ms 344.036 ms
1599 4 bzq-179-124-185.cust.bezeqint.net (212.179.124.185) 343.940 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185) 446.892 ms 446.870 ms
1600 5 bzq-179-124-249.cust.bezeqint.net (212.179.124.249) 446.755 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1) 343.821 ms 343.803 ms
1601 6 ae8.cr1-fra2.ip4.gtt.net (46.33.89.237) 653.027 ms bzq-179-124-249.cust.bezeqint.net (212.179.124.249) 476.640 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237) 476.587 ms
1602 7 bzq-179-124-74.cust.bezeqint.net (212.179.124.74) 476.585 ms bzq-179-124-42.cust.bezeqint.net (212.179.124.42) 476.543 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237) 476.486 ms
1603 8 et-0-0-19.cr10-fra2.ip4.gtt.net (89.149.136.121) 476.461 ms et-0-0-71.cr10-fra2.ip4.gtt.net (89.149.180.230) 476.448 ms et-0-0-5.cr10-fra2.ip4.gtt.net (89.149.136.117) 476.374 ms
1604 9 ae-1.r25.frnkge08.de.bb.gin.ntt.net (129.250.4.16) 476.351 ms et-0-0-19.cr10-fra2.ip4.gtt.net (89.149.136.121) 476.268 ms ip4.gtt.net (46.33.83.254) 476.272 ms
160510 ip4.gtt.net (46.33.83.254) 476.246 ms * 559.564 ms
160611 ae-8.r22.asbnva02.us.bb.gin.ntt.net (129.250.4.96) 624.941 ms * 661.812 ms
160712 ae-0.r23.asbnva02.us.bb.gin.ntt.net (129.250.3.85) 661.730 ms ae-10.r22.snjsca04.us.bb.gin.ntt.net (129.250.6.237) 661.789 ms *
160813 ae-15.r25.osakjp02.jp.bb.gin.ntt.net (129.250.2.177) 701.693 ms ae-17.r24.osakjp02.jp.bb.gin.ntt.net (129.250.2.119) 701.653 ms ae-10.r22.snjsca04.us.bb.gin.ntt.net (129.250.6.237) 661.766 ms
160914 ae-1.r22.lsanca07.us.bb.gin.ntt.net (129.250.2.206) 661.739 ms ae-10.r22.snjsca04.us.bb.gin.ntt.net (129.250.6.237) 661.697 ms ae-17.r24.osakjp02.jp.bb.gin.ntt.net (129.250.2.119) 701.623 ms
161015 ae-2.r03.osakjp02.jp.bb.gin.ntt.net (129.250.7.33) 701.633 ms ae-1.r02.osakjp02.jp.bb.gin.ntt.net (129.250.2.40) 701.618 ms ae-1.a00.osakjp02.jp.bb.gin.ntt.net (129.250.3.210) 781.219 ms
161116 xe-0-0-19-1.a01.osakjp02.jp.ce.gin.ntt.net (61.200.82.178) 781.113 ms 781.037 ms ae-1.r02.osakjp02.jp.bb.gin.ntt.net (129.250.2.40) 781.054 ms
161217 ae-2.a01.osakjp02.jp.bb.gin.ntt.net (129.250.3.106) 690.384 ms xe-0-0-19-1.a01.osakjp02.jp.ce.gin.ntt.net (61.200.82.178) 690.123 ms osnrt1s-nrt3-2.bb.sakura.ad.jp (157.17.146.162) 690.223 ms
161318 osnrt1b-nrt1s-2.bb.sakura.ad.jp (157.17.146.246) 690.298 ms osnrt1s-nrt3-2.bb.sakura.ad.jp (157.17.146.162) 690.209 ms osnrt1s-nrt3-3.bb.sakura.ad.jp (157.17.146.242) 690.226 ms
161419 osnrt2b-nrt201s-2.bb.sakura.ad.jp (157.17.146.210) 690.115 ms osnrt201s-nrt3-1.bb.sakura.ad.jp (157.17.146.70) 690.075 ms osnrt2b-nrt1s-2.bb.sakura.ad.jp (157.17.146.250) 689.990 ms
161520 www874.sakura.ne.jp (219.94.128.84) 689.951 ms osnrt1b-nrt1s.bb.sakura.ad.jp (157.17.146.138) 689.977 ms osnrt11e-nrt2b.bb.sakura.ad.jp (157.17.148.70) 689.884 ms
1616######################################################################################################################################
1617----- kujirakan.jp -----
1618
1619
1620Host's addresses:
1621__________________
1622
1623kujirakan.jp. 1207 IN A 219.94.128.84
1624
1625
1626Name Servers:
1627______________
1628
1629ns1.dns.ne.jp. 86357 IN A 61.211.236.1
1630ns2.dns.ne.jp. 85065 IN A 133.167.21.1
1631
1632
1633Mail (MX) Servers:
1634___________________
1635
1636kujirakan.jp. 1204 IN A 219.94.128.84
1637
1638
1639Brute forcing with /usr/share/dnsenum/dns.txt:
1640_______________________________________________
1641
1642ftp.kujirakan.jp. 1755 IN CNAME kujirakan.jp.
1643kujirakan.jp. 1755 IN A 219.94.128.84
1644mail.kujirakan.jp. 1719 IN CNAME kujirakan.jp.
1645kujirakan.jp. 1719 IN A 219.94.128.84
1646www.kujirakan.jp. 969 IN CNAME kujirakan.jp.
1647kujirakan.jp. 969 IN A 219.94.128.84
1648
1649
1650Launching Whois Queries:
1651_________________________
1652
1653 whois ip result: 219.94.128.0 -> 219.94.128.0/24
1654
1655
1656kujirakan.jp____________
1657
1658 219.94.128.0/24
1659######################################################################################################################################
1660WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
1661Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-06 12:05 EST
1662Nmap scan report for www874.sakura.ne.jp (219.94.128.84)
1663Host is up (0.23s latency).
1664Not shown: 479 closed ports, 8 filtered ports
1665Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1666PORT STATE SERVICE
166721/tcp open ftp
166822/tcp open ssh
166980/tcp open http
1670110/tcp open pop3
1671143/tcp open imap
1672443/tcp open https
1673587/tcp open submission
1674993/tcp open imaps
1675995/tcp open pop3s
1676
1677Nmap done: 1 IP address (1 host up) scanned in 3.43 seconds
1678######################################################################################################################################
1679Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-06 12:05 EST
1680Nmap scan report for www874.sakura.ne.jp (219.94.128.84)
1681Host is up (0.19s latency).
1682Not shown: 9 closed ports, 2 filtered ports
1683PORT STATE SERVICE
168469/udp open|filtered tftp
1685123/udp open|filtered ntp
1686139/udp open|filtered netbios-ssn
1687161/udp open|filtered snmp
1688
1689Nmap done: 1 IP address (1 host up) scanned in 1.88 seconds
1690######################################################################################################################################
1691# general
1692(gen) banner: SSH-2.0-OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503
1693(gen) software: OpenSSH 5.8p2 (_hpn13v11) running on FreeBSD (2011-05-03)
1694(gen) compatibility: OpenSSH 5.7-6.6, Dropbear SSH 2013.62+
1695(gen) compression: enabled (zlib@openssh.com)
1696
1697# key exchange algorithms
1698(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
1699 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1700(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
1701 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1702(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
1703 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1704(kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
1705 `- [info] available since OpenSSH 4.4
1706(kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1707 `- [warn] using weak hashing algorithm
1708 `- [info] available since OpenSSH 2.3.0
1709(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
1710 `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
1711(kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1712 `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
1713 `- [warn] using small 1024-bit modulus
1714 `- [warn] using weak hashing algorithm
1715 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1716
1717# host-key algorithms
1718(key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
1719(key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
1720 `- [warn] using small 1024-bit modulus
1721 `- [warn] using weak random number generator could reveal the key
1722 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1723(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
1724 `- [warn] using weak random number generator could reveal the key
1725 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1726
1727# encryption algorithms (ciphers)
1728(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1729(enc) aes192-ctr -- [info] available since OpenSSH 3.7
1730(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1731(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1732 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1733 `- [warn] using weak cipher
1734 `- [info] available since OpenSSH 4.2
1735(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1736 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1737 `- [warn] using weak cipher
1738 `- [info] available since OpenSSH 4.2
1739(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1740 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1741 `- [warn] using weak cipher
1742 `- [info] available since OpenSSH 2.1.0
1743
1744# message authentication code algorithms
1745(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1746 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1747 `- [warn] using encrypt-and-MAC mode
1748 `- [info] available since OpenSSH 2.5.0
1749(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
1750 `- [warn] using weak hashing algorithm
1751 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1752
1753# algorithm recommendations (for OpenSSH 5.8)
1754(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
1755(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
1756(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
1757(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
1758(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
1759(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
1760(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
1761(rec) -ssh-dss -- key algorithm to remove
1762(rec) -arcfour256 -- enc algorithm to remove
1763(rec) -arcfour -- enc algorithm to remove
1764(rec) -arcfour128 -- enc algorithm to remove
1765(rec) -hmac-ripemd160 -- mac algorithm to remove
1766#######################################################################################################################################
1767Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-06 12:06 EST
1768NSE: [ssh-run] Failed to specify credentials and command to run.
1769NSE: [ssh-brute] usernames: Time limit 10m00s exceeded.
1770NSE: [ssh-brute] usernames: Time limit 10m00s exceeded.
1771NSE: [ssh-brute] passwords: Time limit 10m00s exceeded.
1772Nmap scan report for www874.sakura.ne.jp (219.94.128.84)
1773Host is up (0.22s latency).
1774
1775PORT STATE SERVICE VERSION
177622/tcp open ssh OpenSSH 5.8p2_hpn13v11 (FreeBSD 20110503; protocol 2.0)
1777| ssh-auth-methods:
1778| Supported authentication methods:
1779| publickey
1780|_ password
1781| ssh-brute:
1782| Accounts: No valid accounts found
1783|_ Statistics: Performed 0 guesses in 1409 seconds, average tps: 0.0
1784| ssh-hostkey:
1785|_ 2048 f5:dd:17:46:ad:18:8c:dd:69:3c:dd:bb:86:b7:79:90 (DSA)
1786|_ssh-publickey-acceptance: ERROR: Script execution failed (use -d to debug)
1787|_ssh-run: Failed to specify credentials and command to run.
1788| vulscan: VulDB - https://vuldb.com:
1789| [80267] OpenSSH up to 5.x/6.x/7.1p1 Forward Option roaming_common.c roaming_read/roaming_write memory corruption
1790| [80266] OpenSSH up to 5.x/6.x/7.1p1 roaming_common.c resend_bytes information disclosure
1791| [4584] OpenSSH up to 5.7 auth-options.c information disclosure
1792| [4282] OpenSSH 5.6/5.7 Legacy Certificate memory corruption
1793|
1794| MITRE CVE - https://cve.mitre.org:
1795| [CVE-2011-5000] The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
1796| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
1797| [CVE-2012-0814] The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
1798| [CVE-2011-0539] The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
1799| [CVE-2010-4478] OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
1800| [CVE-2009-2904] A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
1801| [CVE-2008-3844] Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.
1802| [CVE-2008-3259] OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
1803| [CVE-2006-0883] OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.
1804|
1805| SecurityFocus - https://www.securityfocus.com/bid/:
1806| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
1807| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
1808| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
1809| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
1810| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
1811| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
1812| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
1813| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
1814| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
1815| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
1816| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
1817| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
1818| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
1819| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
1820| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
1821| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
1822| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
1823| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
1824| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
1825| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
1826| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
1827| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
1828| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
1829| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
1830| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
1831| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
1832| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
1833| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
1834| [75990] OpenSSH Login Handling Security Bypass Weakness
1835| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
1836| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
1837| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
1838| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
1839| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
1840| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
1841| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
1842| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
1843| [61286] OpenSSH Remote Denial of Service Vulnerability
1844| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
1845| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
1846| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
1847| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
1848| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
1849| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
1850| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
1851| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
1852| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
1853| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
1854| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
1855| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
1856| [30794] Red Hat OpenSSH Backdoor Vulnerability
1857| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
1858| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
1859| [28531] OpenSSH ForceCommand Command Execution Weakness
1860| [28444] OpenSSH X Connections Session Hijacking Vulnerability
1861| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
1862| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
1863| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
1864| [20956] OpenSSH Privilege Separation Key Signature Weakness
1865| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
1866| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
1867| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
1868| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
1869| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
1870| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
1871| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
1872| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
1873| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
1874| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
1875| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
1876| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
1877| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
1878| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
1879| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
1880| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
1881| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
1882| [6168] OpenSSH Visible Password Vulnerability
1883| [5374] OpenSSH Trojan Horse Vulnerability
1884| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
1885| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
1886| [4241] OpenSSH Channel Code Off-By-One Vulnerability
1887| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
1888| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
1889| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
1890| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
1891| [2917] OpenSSH PAM Session Evasion Vulnerability
1892| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
1893| [2356] OpenSSH Private Key Authentication Check Vulnerability
1894| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
1895| [1334] OpenSSH UseLogin Vulnerability
1896|
1897| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1898| [83258] GSI-OpenSSH auth-pam.c security bypass
1899| [82781] OpenSSH time limit denial of service
1900| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
1901| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
1902| [72756] Debian openssh-server commands information disclosure
1903| [68339] OpenSSH pam_thread buffer overflow
1904| [67264] OpenSSH ssh-keysign unauthorized access
1905| [65910] OpenSSH remote_glob function denial of service
1906| [65163] OpenSSH certificate information disclosure
1907| [64387] OpenSSH J-PAKE security bypass
1908| [63337] Cisco Unified Videoconferencing OpenSSH weak security
1909| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
1910| [45202] OpenSSH signal handler denial of service
1911| [44747] RHEL OpenSSH backdoor
1912| [44280] OpenSSH PermitRootLogin information disclosure
1913| [44279] OpenSSH sshd weak security
1914| [44037] OpenSSH sshd SELinux role unauthorized access
1915| [43940] OpenSSH X11 forwarding information disclosure
1916| [41549] OpenSSH ForceCommand directive security bypass
1917| [41438] OpenSSH sshd session hijacking
1918| [40897] OpenSSH known_hosts weak security
1919| [40587] OpenSSH username weak security
1920| [37371] OpenSSH username data manipulation
1921| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
1922| [37112] RHSA update for OpenSSH signal handler race condition not installed
1923| [37107] RHSA update for OpenSSH identical block denial of service not installed
1924| [36637] OpenSSH X11 cookie privilege escalation
1925| [35167] OpenSSH packet.c newkeys[mode] denial of service
1926| [34490] OpenSSH OPIE information disclosure
1927| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
1928| [32975] Apple Mac OS X OpenSSH denial of service
1929| [32387] RHSA-2006:0738 updates for openssh not installed
1930| [32359] RHSA-2006:0697 updates for openssh not installed
1931| [32230] RHSA-2006:0298 updates for openssh not installed
1932| [32132] RHSA-2006:0044 updates for openssh not installed
1933| [30120] OpenSSH privilege separation monitor authentication verification weakness
1934| [29255] OpenSSH GSSAPI user enumeration
1935| [29254] OpenSSH signal handler race condition
1936| [29158] OpenSSH identical block denial of service
1937| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
1938| [25116] OpenSSH OpenPAM denial of service
1939| [24305] OpenSSH SCP shell expansion command execution
1940| [22665] RHSA-2005:106 updates for openssh not installed
1941| [22117] OpenSSH GSSAPI allows elevated privileges
1942| [22115] OpenSSH GatewayPorts security bypass
1943| [20930] OpenSSH sshd.c LoginGraceTime denial of service
1944| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
1945| [17213] OpenSSH allows port bouncing attacks
1946| [16323] OpenSSH scp file overwrite
1947| [13797] OpenSSH PAM information leak
1948| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
1949| [13264] OpenSSH PAM code could allow an attacker to gain access
1950| [13215] OpenSSH buffer management errors could allow an attacker to execute code
1951| [13214] OpenSSH memory vulnerabilities
1952| [13191] OpenSSH large packet buffer overflow
1953| [12196] OpenSSH could allow an attacker to bypass login restrictions
1954| [11970] OpenSSH could allow an attacker to obtain valid administrative account
1955| [11902] OpenSSH PAM support enabled information leak
1956| [9803] OpenSSH "
1957| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
1958| [9307] OpenSSH is running on the system
1959| [9169] OpenSSH "
1960| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
1961| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
1962| [8383] OpenSSH off-by-one error in channel code
1963| [7647] OpenSSH UseLogin option arbitrary code execution
1964| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
1965| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
1966| [7179] OpenSSH source IP access control bypass
1967| [6757] OpenSSH "
1968| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
1969| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
1970| [5517] OpenSSH allows unauthorized access to resources
1971| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
1972|
1973| Exploit-DB - https://www.exploit-db.com:
1974| [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
1975| [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
1976| [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
1977| [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability
1978| [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability
1979| [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
1980| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
1981| [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)
1982| [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
1983| [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit
1984| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
1985| [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x
1986| [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
1987| [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool
1988|
1989| OpenVAS (Nessus) - http://www.openvas.org:
1990| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
1991| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
1992| [881183] CentOS Update for openssh CESA-2012:0884 centos6
1993| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
1994| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
1995| [870763] RedHat Update for openssh RHSA-2012:0884-04
1996| [870129] RedHat Update for openssh RHSA-2008:0855-01
1997| [861813] Fedora Update for openssh FEDORA-2010-5429
1998| [861319] Fedora Update for openssh FEDORA-2007-395
1999| [861170] Fedora Update for openssh FEDORA-2007-394
2000| [861012] Fedora Update for openssh FEDORA-2007-715
2001| [840345] Ubuntu Update for openssh vulnerability USN-597-1
2002| [840300] Ubuntu Update for openssh update USN-612-5
2003| [840271] Ubuntu Update for openssh vulnerability USN-612-2
2004| [840268] Ubuntu Update for openssh update USN-612-7
2005| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
2006| [840214] Ubuntu Update for openssh vulnerability USN-566-1
2007| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
2008| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
2009| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
2010| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
2011| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
2012| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
2013| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
2014| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
2015| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
2016| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
2017| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
2018| [100584] OpenSSH X Connections Session Hijacking Vulnerability
2019| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
2020| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
2021| [65987] SLES10: Security update for OpenSSH
2022| [65819] SLES10: Security update for OpenSSH
2023| [65514] SLES9: Security update for OpenSSH
2024| [65513] SLES9: Security update for OpenSSH
2025| [65334] SLES9: Security update for OpenSSH
2026| [65248] SLES9: Security update for OpenSSH
2027| [65218] SLES9: Security update for OpenSSH
2028| [65169] SLES9: Security update for openssh,openssh-askpass
2029| [65126] SLES9: Security update for OpenSSH
2030| [65019] SLES9: Security update for OpenSSH
2031| [65015] SLES9: Security update for OpenSSH
2032| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
2033| [61639] Debian Security Advisory DSA 1638-1 (openssh)
2034| [61030] Debian Security Advisory DSA 1576-2 (openssh)
2035| [61029] Debian Security Advisory DSA 1576-1 (openssh)
2036| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
2037| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
2038| [60667] Slackware Advisory SSA:2008-095-01 openssh
2039| [59014] Slackware Advisory SSA:2007-255-01 openssh
2040| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
2041| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
2042| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
2043| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
2044| [57492] Slackware Advisory SSA:2006-272-02 openssh
2045| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
2046| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
2047| [57470] FreeBSD Ports: openssh
2048| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
2049| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
2050| [56294] Slackware Advisory SSA:2006-045-06 openssh
2051| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
2052| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
2053| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
2054| [53788] Debian Security Advisory DSA 025-1 (openssh)
2055| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
2056| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
2057| [11343] OpenSSH Client Unauthorized Remote Forwarding
2058| [10954] OpenSSH AFS/Kerberos ticket/token passing
2059| [10883] OpenSSH Channel Code Off by 1
2060| [10823] OpenSSH UseLogin Environment Variables
2061|
2062| SecurityTracker - https://www.securitytracker.com:
2063| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
2064| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
2065| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
2066| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
2067| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
2068| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
2069| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
2070| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
2071| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
2072| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
2073| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
2074| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
2075| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
2076| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
2077| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
2078| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
2079| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
2080| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
2081| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
2082| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
2083| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
2084| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
2085| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
2086| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
2087| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
2088| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
2089| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
2090| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
2091| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
2092| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
2093| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
2094| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
2095| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
2096| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
2097| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
2098| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
2099| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
2100| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
2101|
2102| OSVDB - http://www.osvdb.org:
2103| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
2104| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
2105| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
2106| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
2107| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
2108| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
2109| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
2110| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
2111| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
2112| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
2113| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
2114| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
2115| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
2116| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
2117| [56921] OpenSSH Unspecified Remote Compromise
2118| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
2119| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
2120| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
2121| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
2122| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
2123| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
2124| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
2125| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
2126| [43745] OpenSSH X11 Forwarding Local Session Hijacking
2127| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
2128| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
2129| [37315] pam_usb OpenSSH Authentication Unspecified Issue
2130| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
2131| [34601] OPIE w/ OpenSSH Account Enumeration
2132| [34600] OpenSSH S/KEY Authentication Account Enumeration
2133| [32721] OpenSSH Username Password Complexity Account Enumeration
2134| [30232] OpenSSH Privilege Separation Monitor Weakness
2135| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
2136| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
2137| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
2138| [29152] OpenSSH Identical Block Packet DoS
2139| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
2140| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
2141| [22692] OpenSSH scp Command Line Filename Processing Command Injection
2142| [20216] OpenSSH with KerberosV Remote Authentication Bypass
2143| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
2144| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
2145| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
2146| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
2147| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
2148| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
2149| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
2150| [6601] OpenSSH *realloc() Unspecified Memory Errors
2151| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
2152| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
2153| [6072] OpenSSH PAM Conversation Function Stack Modification
2154| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
2155| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
2156| [5408] OpenSSH echo simulation Information Disclosure
2157| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
2158| [4536] OpenSSH Portable AIX linker Privilege Escalation
2159| [3938] OpenSSL and OpenSSH /dev/random Check Failure
2160| [3456] OpenSSH buffer_append_space() Heap Corruption
2161| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
2162| [2140] OpenSSH w/ PAM Username Validity Timing Attack
2163| [2112] OpenSSH Reverse DNS Lookup Bypass
2164| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
2165| [1853] OpenSSH Symbolic Link 'cookies' File Removal
2166| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
2167| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
2168| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
2169| [688] OpenSSH UseLogin Environment Variable Local Command Execution
2170| [642] OpenSSH Multiple Key Type ACL Bypass
2171| [504] OpenSSH SSHv2 Public Key Authentication Bypass
2172| [341] OpenSSH UseLogin Local Privilege Escalation
2173|_
2174Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2175Aggressive OS guesses: FreeBSD 7.1-RELEASE - 9.0-CURRENT (97%), FreeBSD 9.2-RELEASE (97%), FreeBSD 8.0-RELEASE (96%), FreeBSD 8.1-RELEASE (96%), FreeBSD 7.0-STABLE (95%), FreeBSD 9.0-RELEASE (95%), FreeBSD 7.0-RELEASE-p1 - 10.0-CURRENT (94%), FreeBSD 7.0-BETA4 - 7.0 (94%), OpenBSD 4.0 (x86) (94%), NAS4Free (FreeBSD 9.1) (94%)
2176No exact OS matches for host (test conditions non-ideal).
2177Network Distance: 19 hops
2178Service Info: OS: FreeBSD; CPE: cpe:/o:freebsd:freebsd
2179
2180TRACEROUTE (using port 22/tcp)
2181HOP RTT ADDRESS
21821 130.72 ms 10.246.204.1
21832 130.79 ms 104.245.145.177
21843 130.77 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
21854 130.81 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
21865 89.23 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
21876 59.50 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
21887 110.06 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
21898 110.08 ms be2765.ccr41.ord03.atlas.cogentco.com (154.54.45.18)
21909 55.98 ms ae-11.r08.chcgil09.us.bb.gin.ntt.net (129.250.9.121)
219110 84.80 ms ae-0.r20.chcgil09.us.bb.gin.ntt.net (129.250.2.191)
219211 147.05 ms ae-7.r23.sttlwa01.us.bb.gin.ntt.net (129.250.3.42)
219312 261.89 ms ae-16.r24.osakjp02.jp.bb.gin.ntt.net (129.250.3.61)
219413 261.95 ms ae-1.r02.osakjp02.jp.bb.gin.ntt.net (129.250.2.40)
219514 231.52 ms ae-1.a01.osakjp02.jp.bb.gin.ntt.net (129.250.3.232)
219615 231.55 ms xe-0-0-19-1.a01.osakjp02.jp.ce.gin.ntt.net (61.200.82.178)
219716 ... 18
219819 262.01 ms www874.sakura.ne.jp (219.94.128.84)
2199######################################################################################################################################
2200USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
2201RHOSTS => 219.94.128.84
2202RHOST => 219.94.128.84
2203[*] 219.94.128.84:22 - SSH - Using malformed packet technique
2204[*] 219.94.128.84:22 - SSH - Starting scan
2205[+] 219.94.128.84:22 - SSH - User 'admin' found
2206[-] 219.94.128.84:22 - SSH - User 'administrator' not found
2207[-] 219.94.128.84:22 - SSH - User 'anonymous' not found
2208[-] 219.94.128.84:22 - SSH - User 'backup' not found
2209[-] 219.94.128.84:22 - SSH - User 'bee' not found
2210[-] 219.94.128.84:22 - SSH - User 'ftp' not found
2211[-] 219.94.128.84:22 - SSH - User 'guest' not found
2212[-] 219.94.128.84:22 - SSH - User 'GUEST' not found
2213[-] 219.94.128.84:22 - SSH - User 'info' not found
2214[-] 219.94.128.84:22 - SSH - User 'mail' not found
2215[-] 219.94.128.84:22 - SSH - User 'mailadmin' not found
2216[-] 219.94.128.84:22 - SSH - User 'msfadmin' not found
2217[-] 219.94.128.84:22 - SSH - User 'mysql' not found
2218[+] 219.94.128.84:22 - SSH - User 'nobody' found
2219[-] 219.94.128.84:22 - SSH - User 'oracle' not found
2220[-] 219.94.128.84:22 - SSH - User 'owaspbwa' not found
2221[-] 219.94.128.84:22 - SSH - User 'postfix' not found
2222[-] 219.94.128.84:22 - SSH - User 'postgres' not found
2223[-] 219.94.128.84:22 - SSH - User 'private' not found
2224[-] 219.94.128.84:22 - SSH - User 'proftpd' not found
2225[-] 219.94.128.84:22 - SSH - User 'public' not found
2226[+] 219.94.128.84:22 - SSH - User 'root' found
2227[-] 219.94.128.84:22 - SSH - User 'superadmin' not found
2228[-] 219.94.128.84:22 - SSH - User 'support' not found
2229[-] 219.94.128.84:22 - SSH - User 'sys' not found
2230[-] 219.94.128.84:22 - SSH - User 'system' not found
2231[-] 219.94.128.84:22 - SSH - User 'systemadmin' not found
2232[-] 219.94.128.84:22 - SSH - User 'systemadministrator' not found
2233[-] 219.94.128.84:22 - SSH - User 'test' not found
2234[-] 219.94.128.84:22 - SSH - User 'tomcat' not found
2235[-] 219.94.128.84:22 - SSH - User 'user' not found
2236[-] 219.94.128.84:22 - SSH - User 'webmaster' not found
2237[-] 219.94.128.84:22 - SSH - User 'www-data' not found
2238[-] 219.94.128.84:22 - SSH - User 'Fortimanager_Access' on could not connect
2239[*] Scanned 1 of 1 hosts (100% complete)
2240[*] Auxiliary module execution completed
2241#######################################################################################################################################
2242HTTP/1.1 200 OK
2243Server: nginx
2244Date: Fri, 06 Dec 2019 17:32:32 GMT
2245Content-Type: text/html
2246Connection: keep-alive
2247######################################################################################################################################
2248Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-06 12:33 EST
2249NSE: Loaded 163 scripts for scanning.
2250NSE: Script Pre-scanning.
2251Initiating NSE at 12:33
2252Completed NSE at 12:33, 0.00s elapsed
2253Initiating NSE at 12:33
2254Completed NSE at 12:33, 0.00s elapsed
2255Initiating Parallel DNS resolution of 1 host. at 12:33
2256Completed Parallel DNS resolution of 1 host. at 12:33, 0.23s elapsed
2257Initiating SYN Stealth Scan at 12:33
2258Scanning www874.sakura.ne.jp (219.94.128.84) [1 port]
2259Discovered open port 80/tcp on 219.94.128.84
2260Completed SYN Stealth Scan at 12:33, 0.23s elapsed (1 total ports)
2261Initiating Service scan at 12:33
2262Scanning 1 service on www874.sakura.ne.jp (219.94.128.84)
2263Completed Service scan at 12:33, 6.39s elapsed (1 service on 1 host)
2264Initiating OS detection (try #1) against www874.sakura.ne.jp (219.94.128.84)
2265Retrying OS detection (try #2) against www874.sakura.ne.jp (219.94.128.84)
2266Initiating Traceroute at 12:33
2267Completed Traceroute at 12:33, 3.02s elapsed
2268Initiating Parallel DNS resolution of 16 hosts. at 12:33
2269Completed Parallel DNS resolution of 16 hosts. at 12:33, 0.44s elapsed
2270NSE: Script scanning 219.94.128.84.
2271Initiating NSE at 12:33
2272Completed NSE at 12:34, 54.38s elapsed
2273Initiating NSE at 12:34
2274Completed NSE at 12:34, 0.97s elapsed
2275Nmap scan report for www874.sakura.ne.jp (219.94.128.84)
2276Host is up (0.21s latency).
2277
2278PORT STATE SERVICE VERSION
227980/tcp open http nginx
2280| http-brute:
2281|_ Path "/" does not require authentication
2282|_http-chrono: Request times for /; avg: 694.75ms; min: 639.71ms; max: 836.94ms
2283|_http-csrf: Couldn't find any CSRF vulnerabilities.
2284|_http-date: Fri, 06 Dec 2019 17:33:41 GMT; 0s from local time.
2285|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
2286|_http-dombased-xss: Couldn't find any DOM based XSS.
2287|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
2288|_http-errors: Couldn't find any error pages.
2289|_http-feed: Couldn't find any feeds.
2290|_http-fetch: Please enter the complete path of the directory to save data in.
2291| http-headers:
2292| Server: nginx
2293| Date: Fri, 06 Dec 2019 17:33:39 GMT
2294| Content-Type: text/html
2295| Connection: close
2296|
2297|_ (Request type: HEAD)
2298|_http-jsonp-detection: Couldn't find any JSONP endpoints.
2299| http-methods:
2300|_ Supported Methods: GET HEAD
2301|_http-mobileversion-checker: No mobile version detected.
2302| http-php-version: Logo query returned unknown hash ebd252ea200d27e0fd364ec74cac839d
2303|_Credits query returned unknown hash ebd252ea200d27e0fd364ec74cac839d
2304|_http-security-headers:
2305| http-sitemap-generator:
2306| Directory structure:
2307| /
2308| Other: 1; png: 1
2309| Longest directory structure:
2310| Depth: 0
2311| Dir: /
2312| Total files found (by extension):
2313|_ Other: 1; png: 1
2314|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
2315|_http-title: \x82\xB3\x82\xAD\x82\xE7\x82\xCC\x83\x8C\x83\x93\x83^\x83\x8B\x83T\x81[\x83o
2316| http-vhosts:
2317| 126 names had status 200
2318|_direct.sakura.ne.jp
2319|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
2320|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
2321|_http-xssed: No previously reported XSS vuln.
2322| vulscan: VulDB - https://vuldb.com:
2323| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
2324| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
2325| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
2326| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
2327| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
2328| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
2329| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
2330| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
2331| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
2332| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
2333| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
2334| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
2335| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
2336| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
2337| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
2338| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
2339| [67677] nginx up to 1.7.3 SSL weak authentication
2340| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
2341| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
2342| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
2343| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
2344| [65364] nginx up to 1.1.13 Default Configuration information disclosure
2345| [8671] nginx up to 1.4 proxy_pass denial of service
2346| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
2347| [7247] nginx 1.2.6 Proxy Function spoofing
2348| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
2349| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
2350| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
2351| [59645] nginx up to 0.8.9 Heap-based memory corruption
2352| [53592] nginx 0.8.36 memory corruption
2353| [53590] nginx up to 0.8.9 unknown vulnerability
2354| [51533] nginx 0.7.64 Terminal privilege escalation
2355| [50905] nginx up to 0.8.9 directory traversal
2356| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
2357| [50043] nginx up to 0.8.10 memory corruption
2358|
2359| MITRE CVE - https://cve.mitre.org:
2360| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
2361| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
2362| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
2363| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
2364| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
2365| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
2366| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
2367| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
2368| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
2369| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
2370| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
2371| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
2372| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
2373|
2374| SecurityFocus - https://www.securityfocus.com/bid/:
2375| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
2376| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
2377| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
2378| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
2379| [82230] nginx Multiple Denial of Service Vulnerabilities
2380| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
2381| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
2382| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
2383| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
2384| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
2385| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
2386| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
2387| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
2388| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
2389| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
2390| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
2391| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
2392| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
2393| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
2394| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2395| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2396| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2397| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2398| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
2399| [40420] nginx Directory Traversal Vulnerability
2400| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2401| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2402| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2403| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2404| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
2405|
2406| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2407| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
2408| [84172] nginx denial of service
2409| [84048] nginx buffer overflow
2410| [83923] nginx ngx_http_close_connection() integer overflow
2411| [83688] nginx null byte code execution
2412| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
2413| [82319] nginx access.log information disclosure
2414| [80952] nginx SSL spoofing
2415| [77244] nginx and Microsoft Windows request security bypass
2416| [76778] Naxsi module for Nginx nx_extract.py directory traversal
2417| [74831] nginx ngx_http_mp4_module.c buffer overflow
2418| [74191] nginx ngx_cpystrn() information disclosure
2419| [74045] nginx header response information disclosure
2420| [71355] nginx ngx_resolver_copy() buffer overflow
2421| [59370] nginx characters denial of service
2422| [59369] nginx DATA source code disclosure
2423| [59047] nginx space source code disclosure
2424| [58966] nginx unspecified directory traversal
2425| [54025] nginx ngx_http_parse.c denial of service
2426| [53431] nginx WebDAV component directory traversal
2427| [53328] Nginx CRC-32 cached domain name spoofing
2428| [53250] Nginx ngx_http_parse_complex_uri() function code execution
2429|
2430| Exploit-DB - https://www.exploit-db.com:
2431| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
2432| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
2433| [25499] nginx 1.3.9-1.4.0 DoS PoC
2434| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
2435| [14830] nginx 0.6.38 - Heap Corruption Exploit
2436| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
2437| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
2438| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
2439| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
2440| [9829] nginx 0.7.61 WebDAV directory traversal
2441|
2442| OpenVAS (Nessus) - http://www.openvas.org:
2443| [864418] Fedora Update for nginx FEDORA-2012-3846
2444| [864310] Fedora Update for nginx FEDORA-2012-6238
2445| [864209] Fedora Update for nginx FEDORA-2012-6411
2446| [864204] Fedora Update for nginx FEDORA-2012-6371
2447| [864121] Fedora Update for nginx FEDORA-2012-4006
2448| [864115] Fedora Update for nginx FEDORA-2012-3991
2449| [864065] Fedora Update for nginx FEDORA-2011-16075
2450| [863654] Fedora Update for nginx FEDORA-2011-16110
2451| [861232] Fedora Update for nginx FEDORA-2007-1158
2452| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
2453| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
2454| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
2455| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
2456| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2457| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2458| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2459| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2460| [100659] nginx Directory Traversal Vulnerability
2461| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
2462| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2463| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2464| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2465| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
2466| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2467| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
2468| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
2469| [71297] FreeBSD Ports: nginx
2470| [71276] FreeBSD Ports: nginx
2471| [71239] Debian Security Advisory DSA 2434-1 (nginx)
2472| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
2473| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
2474| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
2475| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
2476| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
2477| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
2478| [64894] FreeBSD Ports: nginx
2479| [64869] Debian Security Advisory DSA 1884-1 (nginx)
2480|
2481| SecurityTracker - https://www.securitytracker.com:
2482| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
2483| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
2484| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
2485| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
2486|
2487| OSVDB - http://www.osvdb.org:
2488| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
2489| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
2490| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
2491| [92796] nginx ngx_http_close_connection Function Crafted r->
2492| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
2493| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
2494| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
2495| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
2496| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
2497| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
2498| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
2499| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
2500| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
2501| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
2502| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
2503| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
2504| [62617] nginx Internal DNS Cache Poisoning Weakness
2505| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
2506| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
2507| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
2508| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
2509| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
2510| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
2511| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
2512| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
2513| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
2514| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
2515|_
2516Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2517Aggressive OS guesses: FreeBSD 10.3-RELEASE (97%), FreeBSD 7.1-RELEASE - 9.0-CURRENT (97%), FreeBSD 10.2-RELEASE (97%), FreeBSD 8.0-RELEASE (96%), FreeBSD 8.1-RELEASE (96%), FreeBSD 10.1-RELEASE (95%), FreeBSD 7.0-RELEASE-p1 - 10.0-CURRENT (95%), FreeBSD 7.0-BETA4 - 7.0 (95%), Cisco AsyncOS 9.6 - 9.7 (94%), FreeBSD 8.2-RELEASE (94%)
2518No exact OS matches for host (test conditions non-ideal).
2519Uptime guess: 0.002 days (since Fri Dec 6 12:32:17 2019)
2520Network Distance: 19 hops
2521TCP Sequence Prediction: Difficulty=262 (Good luck!)
2522IP ID Sequence Generation: Incremental
2523
2524TRACEROUTE (using port 80/tcp)
2525HOP RTT ADDRESS
25261 90.93 ms 10.246.204.1
25272 91.00 ms 104.245.145.177
25283 91.03 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
25294 91.10 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
25305 91.60 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
25316 91.70 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
25327 89.49 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
25338 58.25 ms be2765.ccr41.ord03.atlas.cogentco.com (154.54.45.18)
25349 109.18 ms ae-11.r08.chcgil09.us.bb.gin.ntt.net (129.250.9.121)
253510 80.12 ms ae-0.r20.chcgil09.us.bb.gin.ntt.net (129.250.2.191)
253611 158.13 ms ae-7.r23.sttlwa01.us.bb.gin.ntt.net (129.250.3.42)
253712 250.21 ms ae-16.r24.osakjp02.jp.bb.gin.ntt.net (129.250.3.61)
253813 250.20 ms ae-1.r03.osakjp02.jp.bb.gin.ntt.net (129.250.7.31)
253914 250.24 ms ae-2.a00.osakjp02.jp.bb.gin.ntt.net (129.250.3.88)
254015 250.16 ms xe-0-0-14-2.a00.osakjp02.jp.ce.gin.ntt.net (61.200.91.186)
254116 ... 18
254219 220.21 ms www874.sakura.ne.jp (219.94.128.84)
2543
2544NSE: Script Post-scanning.
2545Initiating NSE at 12:34
2546Completed NSE at 12:34, 0.00s elapsed
2547Initiating NSE at 12:34
2548Completed NSE at 12:34, 0.00s elapsed
2549#######################################################################################################################################
2550Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-06 12:34 EST
2551Nmap scan report for www874.sakura.ne.jp (219.94.128.84)
2552Host is up (0.22s latency).
2553
2554PORT STATE SERVICE VERSION
2555110/tcp filtered pop3
2556Too many fingerprints match this host to give specific OS details
2557Network Distance: 19 hops
2558
2559TRACEROUTE (using proto 1/icmp)
2560HOP RTT ADDRESS
25611 132.28 ms 10.246.204.1
25622 132.32 ms 104.245.145.177
25633 132.35 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
25644 132.35 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
25655 132.36 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
25666 89.34 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
25677 59.49 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
25688 69.87 ms be2765.ccr41.ord03.atlas.cogentco.com (154.54.45.18)
25699 113.50 ms ae-11.r08.chcgil09.us.bb.gin.ntt.net (129.250.9.121)
257010 88.35 ms ae-0.r20.chcgil09.us.bb.gin.ntt.net (129.250.2.191)
257111 165.87 ms ae-7.r23.sttlwa01.us.bb.gin.ntt.net (129.250.3.42)
257212 241.90 ms ae-16.r24.osakjp02.jp.bb.gin.ntt.net (129.250.3.61)
257313 241.93 ms ae-1.r03.osakjp02.jp.bb.gin.ntt.net (129.250.7.31)
257414 241.92 ms ae-2.a01.osakjp02.jp.bb.gin.ntt.net (129.250.3.106)
257515 241.90 ms xe-0-0-19-1.a01.osakjp02.jp.ce.gin.ntt.net (61.200.82.178)
257616 ... 18
257719 204.64 ms www874.sakura.ne.jp (219.94.128.84)
2578#######################################################################################################################################
2579Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-06 13:31 EST
2580Nmap scan report for kujirakan.jp (219.94.128.84)
2581Host is up (0.76s latency).
2582rDNS record for 219.94.128.84: www874.sakura.ne.jp
2583Not shown: 988 closed ports
2584PORT STATE SERVICE
258521/tcp open ftp
258622/tcp open ssh
258723/tcp filtered telnet
258879/tcp filtered finger
258980/tcp open http
2590110/tcp open pop3
2591111/tcp filtered rpcbind
2592143/tcp open imap
2593443/tcp open https
2594587/tcp open submission
2595993/tcp open imaps
2596995/tcp open pop3s
2597
2598Host script results:
2599| dns-brute:
2600| DNS Brute-force hostnames:
2601| mail.kujirakan.jp - 219.94.128.84
2602| www.kujirakan.jp - 219.94.128.84
2603|_ ftp.kujirakan.jp - 219.94.128.84
2604#######################################################################################################################################
2605Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-06 13:31 EST
2606Nmap scan report for www874.sakura.ne.jp (219.94.128.84)
2607Host is up (0.60s latency).
2608Not shown: 988 closed ports
2609PORT STATE SERVICE VERSION
261021/tcp open ftp ProFTPD 1.3.5a
2611| vulscan: VulDB - https://vuldb.com:
2612| [81624] ProFTPD up to 1.3.5a/1.3.6rc1 mod_tls mod_tls.c weak encryption
2613| [138380] ProFTPD 1.3.5b mod_copy Code Execution
2614|
2615| MITRE CVE - https://cve.mitre.org:
2616| [CVE-2012-6095] ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
2617| [CVE-2011-4130] Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
2618| [CVE-2011-1137] Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.
2619| [CVE-2010-4652] Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
2620| [CVE-2010-4221] Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
2621| [CVE-2010-3867] Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.
2622| [CVE-2009-3639] The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
2623| [CVE-2009-0543] ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
2624| [CVE-2009-0542] SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
2625| [CVE-2008-7265] The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.
2626| [CVE-2008-4242] ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
2627| [CVE-2006-6563] Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
2628| [CVE-2006-6171] ** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability.
2629| [CVE-2006-6170] Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.
2630| [CVE-2006-5815] Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
2631| [CVE-2005-4816] Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
2632| [CVE-2005-2390] Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.
2633| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
2634|
2635| SecurityFocus - https://www.securityfocus.com/bid/:
2636| [50631] ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
2637|
2638| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2639| [80980] ProFTPD FTP commands symlink
2640| [71226] ProFTPD pool code execution
2641| [65207] ProFTPD mod_sftp module denial of service
2642| [64495] ProFTPD sql_prepare_where() buffer overflow
2643| [63658] ProFTPD FTP server backdoor
2644| [63407] mod_sql module for ProFTPD buffer overflow
2645| [63155] ProFTPD pr_data_xfer denial of service
2646| [62909] ProFTPD mod_site_misc directory traversal
2647| [62908] ProFTPD pr_netio_telnet_gets() buffer overflow
2648| [53936] ProFTPD mod_tls SSL certificate security bypass
2649| [48951] ProFTPD mod_sql username percent SQL injection
2650| [48558] ProFTPD NLS support SQL injection protection bypass
2651| [45274] ProFTPD URL cross-site request forgery
2652| [33733] ProFTPD Auth API security bypass
2653| [31461] ProFTPD mod_radius buffer overflow
2654| [30906] ProFTPD Controls (mod_ctrls) module buffer overflow
2655| [30554] ProFTPD mod_tls module tls_x509_name_oneline() buffer overflow
2656| [30147] ProFTPD sreplace() buffer overflow
2657| [21530] ProFTPD mod_sql format string attack
2658| [21528] ProFTPD shutdown message format string attack
2659| [19410] GProFTPD file name format string attack
2660| [18453] ProFTPD SITE CHGRP command allows group ownership modification
2661| [17724] ProFTPD could allow an attacker to obtain valid accounts
2662| [16038] ProFTPD CIDR entry ACL bypass
2663| [15387] ProFTPD off-by-one _xlate_ascii_write function buffer overflow
2664| [12369] ProFTPD mod_sql SQL injection
2665| [12200] ProFTPD ASCII file newline buffer overflow
2666| [10932] ProFTPD long PASS command buffer overflow
2667| [8332] ProFTPD mod_sqlpw stores passwords in the wtmp log file
2668| [7818] ProFTPD ls "
2669| [7816] ProFTPD file globbing denial of service
2670| [7126] ProFTPD fails to resolve hostnames
2671| [6433] ProFTPD format string
2672| [6209] proFTPD /var symlink
2673| [6208] ProFTPD contains configuration error in postinst script when running as root
2674| [5801] proftpd memory leak when using SIZE or USER commands
2675| [5737] ProFTPD system using mod_sqlpw unauthorized access
2676|
2677| Exploit-DB - https://www.exploit-db.com:
2678| [20690] wu-ftpd 2.4/2.5/2.6,Trolltech ftpd 1.2,ProFTPD 1.2,BeroFTPD 1.3.4 FTP glob Expansion Vulnerability
2679| [16878] ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)
2680| [16852] ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux)
2681| [16851] ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (Linux)
2682| [15662] ProFTPD 1.3.3c compromised source remote root Trojan
2683| [10044] ProFTPd 1.3.0 mod_ctrls Local Stack Overflow (opensuse)
2684| [3730] ProFTPD 1.3.0/1.3.0a (mod_ctrls) Local Overflow Exploit (exec-shield)
2685| [3333] ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit 2
2686| [3330] ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit
2687| [2928] ProFTPD <= 1.3.0a (mod_ctrls support) Local Buffer Overflow PoC
2688| [2856] ProFTPD 1.3.0 (sreplace) Remote Stack Overflow Exploit (meta)
2689|
2690| OpenVAS (Nessus) - http://www.openvas.org:
2691| [103331] ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
2692| [63497] Debian Security Advisory DSA 1730-1 (proftpd-dfsg)
2693|
2694| SecurityTracker - https://www.securitytracker.com:
2695| [1028040] ProFTPD MKD/XMKD Race Condition Lets Local Users Gain Elevated Privileges
2696| [1026321] ProFTPD Use-After-Free Memory Error Lets Remote Authenticated Users Execute Arbitrary Code
2697| [1020945] ProFTPD Request Processing Bug Permits Cross-Site Request Forgery Attacks
2698| [1017931] ProFTPD Auth API State Error May Let Remote Users Access the System in Certain Cases
2699| [1017167] ProFTPD sreplace() Off-by-one Bug Lets Remote Users Execute Arbitrary Code
2700| [1012488] ProFTPD SITE CHGRP Command Lets Remote Authenticated Users Modify File/Directory Group Ownership
2701| [1011687] ProFTPd Login Timing Differences Disclose Valid User Account Names to Remote Users
2702| [1009997] ProFTPD Access Control Bug With CIDR Addresses May Let Remote Authenticated Users Access Files
2703| [1009297] ProFTPD _xlate_ascii_write() Off-By-One Buffer Overflows Let Remote Users Execute Arbitrary Code With Root Privileges
2704| [1007794] ProFTPD ASCII Mode File Upload Buffer Overflow Lets Certain Remote Users Execute Arbitrary Code
2705| [1007020] ProFTPD Input Validation Flaw When Authenticating Against Postgresql Using 'mod_sql' Lets Remote Users Gain Access
2706| [1003019] ProFTPD FTP Server May Allow Local Users to Execute Code on the Server
2707| [1002354] ProFTPD Reverse DNS Feature Fails to Check Forward-to-Reverse DNS Mappings
2708| [1002148] ProFTPD Site and Quote Commands May Allow Remote Users to Execute Arbitrary Commands on the Server
2709|
2710| OSVDB - http://www.osvdb.org:
2711| [89051] ProFTPD Multiple FTP Command Handling Symlink Arbitrary File Overwrite
2712| [77004] ProFTPD Use-After-Free Response Pool Allocation List Parsing Remote Memory Corruption
2713| [70868] ProFTPD mod_sftp Component SSH Payload DoS
2714| [70782] ProFTPD contrib/mod_sql.c sql_prepare_where Function Crafted Username Handling Remote Overflow
2715| [69562] ProFTPD on ftp.proftpd.org Compromised Source Packages Trojaned Distribution
2716| [69200] ProFTPD pr_data_xfer Function ABOR Command Remote DoS
2717| [68988] ProFTPD mod_site_misc Module Multiple Command Traversal Arbitrary File Manipulation
2718| [68985] ProFTPD netio.c pr_netio_telnet_gets Function TELNET_IAC Escape Sequence Remote Overflow
2719| [59292] ProFTPD mod_tls Module Certificate Authority (CA) subjectAltName Field Null Byte Handling SSL MiTM Weakness
2720| [57311] ProFTPD contrib/mod_ratio.c Multiple Unspecified Buffer Handling Issues
2721| [57310] ProFTPD Multiple Unspecified Overflows
2722| [57309] ProFTPD src/support.c Unspecified Buffer Handling Issue
2723| [57308] ProFTPD modules/mod_core.c Multiple Unspecified Overflows
2724| [57307] ProFTPD Multiple Modules Unspecified Overflows
2725| [57306] ProFTPD contrib/mod_pam.c Multiple Unspecified Buffer Handling Issues
2726| [57305] ProFTPD src/main.c Unspecified Overflow
2727| [57304] ProFTPD src/log.c Logfile Handling Unspecified Race Condition
2728| [57303] ProFTPD modules/mod_auth.c Unspecified Issue
2729| [51954] ProFTPD Server NLS Support mod_sql_* Encoded Multibyte Character SQL Injection Protection Bypass
2730| [51953] ProFTPD Server mod_sql username % Character Handling SQL Injection
2731| [51849] ProFTPD Character Encoding SQL Injection
2732| [51720] ProFTPD NLST Command Argument Handling Remote Overflow
2733| [51719] ProFTPD MKDIR Command Directory Name Handling Remote Overflow
2734| [48411] ProFTPD FTP Command Truncation CSRF
2735| [34602] ProFTPD Auth API Multiple Auth Module Authentication Bypass
2736| [31509] ProFTPD mod_ctrls Module pr_ctrls_recv_request Function Local Overflow
2737| [30719] mod_tls Module for ProFTPD tls_x509_name_oneline Function Remote Overflow
2738| [30660] ProFTPD CommandBufferSize Option cmd_loop() Function DoS
2739| [30267] ProFTPD src/support.c sreplace() Function Remote Overflow
2740| [23063] ProFTPD mod_radius Password Overflow DoS
2741| [20212] ProFTPD Host Reverse Resolution Failure ACL Bypass
2742| [18271] ProFTPD mod_sql SQLShowInfo Directive Format String
2743| [18270] ProFTPD ftpshut Shutdown Message Format String
2744| [14012] GProftpd gprostats Utility Log Parser Remote Format String
2745| [10769] ProFTPD File Transfer Newline Character Overflow
2746| [10768] ProFTPD STAT Command Remote DoS
2747| [10758] ProFTPD Login Timing Account Name Enumeration
2748| [10173] ProFTPD mod_sqlpw wtmp Authentication Credential Disclosure
2749| [9507] PostgreSQL Authentication Module (mod_sql) for ProFTPD USER Name Parameter SQL Injection
2750| [9163] ProFTPD MKDIR Directory Creation / Change Remote Overflow (palmetto)
2751| [7166] ProFTPD SIZE Command Memory Leak Remote DoS
2752| [7165] ProFTPD USER Command Memory Leak DoS
2753| [5744] ProFTPD CIDR IP Subnet ACL Bypass
2754| [5705] ProFTPD Malformed cwd Command Format String
2755| [5638] ProFTPD on Debian Linux postinst Installation Privilege Escalation
2756| [4134] ProFTPD in_xlate_ascii_write() Function RETR Command Remote Overflow
2757| [144] ProFTPD src/log.c log_xfer() Function Remote Overflow
2758|_
275922/tcp open ssh OpenSSH 5.8p2_hpn13v11 (FreeBSD 20110503; protocol 2.0)
2760| vulscan: VulDB - https://vuldb.com:
2761| [80267] OpenSSH up to 5.x/6.x/7.1p1 Forward Option roaming_common.c roaming_read/roaming_write memory corruption
2762| [80266] OpenSSH up to 5.x/6.x/7.1p1 roaming_common.c resend_bytes information disclosure
2763| [4584] OpenSSH up to 5.7 auth-options.c information disclosure
2764| [4282] OpenSSH 5.6/5.7 Legacy Certificate memory corruption
2765|
2766| MITRE CVE - https://cve.mitre.org:
2767| [CVE-2011-5000] The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
2768| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
2769| [CVE-2012-0814] The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
2770| [CVE-2011-0539] The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
2771| [CVE-2010-4478] OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
2772| [CVE-2009-2904] A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
2773| [CVE-2008-3844] Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.
2774| [CVE-2008-3259] OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
2775| [CVE-2006-0883] OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.
2776|
2777| SecurityFocus - https://www.securityfocus.com/bid/:
2778| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
2779| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
2780| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
2781| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
2782| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
2783| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
2784| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
2785| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
2786| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
2787| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
2788| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
2789| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
2790| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
2791| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
2792| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
2793| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
2794| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
2795| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
2796| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
2797| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
2798| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
2799| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
2800| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
2801| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
2802| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
2803| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
2804| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
2805| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
2806| [75990] OpenSSH Login Handling Security Bypass Weakness
2807| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
2808| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
2809| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
2810| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
2811| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
2812| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
2813| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
2814| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
2815| [61286] OpenSSH Remote Denial of Service Vulnerability
2816| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
2817| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
2818| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
2819| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
2820| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
2821| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
2822| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
2823| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
2824| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
2825| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
2826| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
2827| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
2828| [30794] Red Hat OpenSSH Backdoor Vulnerability
2829| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
2830| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
2831| [28531] OpenSSH ForceCommand Command Execution Weakness
2832| [28444] OpenSSH X Connections Session Hijacking Vulnerability
2833| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
2834| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
2835| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
2836| [20956] OpenSSH Privilege Separation Key Signature Weakness
2837| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
2838| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
2839| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
2840| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
2841| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
2842| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
2843| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
2844| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
2845| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
2846| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
2847| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
2848| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
2849| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
2850| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
2851| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
2852| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
2853| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
2854| [6168] OpenSSH Visible Password Vulnerability
2855| [5374] OpenSSH Trojan Horse Vulnerability
2856| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
2857| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
2858| [4241] OpenSSH Channel Code Off-By-One Vulnerability
2859| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
2860| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
2861| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
2862| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
2863| [2917] OpenSSH PAM Session Evasion Vulnerability
2864| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
2865| [2356] OpenSSH Private Key Authentication Check Vulnerability
2866| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
2867| [1334] OpenSSH UseLogin Vulnerability
2868|
2869| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2870| [83258] GSI-OpenSSH auth-pam.c security bypass
2871| [82781] OpenSSH time limit denial of service
2872| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
2873| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
2874| [72756] Debian openssh-server commands information disclosure
2875| [68339] OpenSSH pam_thread buffer overflow
2876| [67264] OpenSSH ssh-keysign unauthorized access
2877| [65910] OpenSSH remote_glob function denial of service
2878| [65163] OpenSSH certificate information disclosure
2879| [64387] OpenSSH J-PAKE security bypass
2880| [63337] Cisco Unified Videoconferencing OpenSSH weak security
2881| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
2882| [45202] OpenSSH signal handler denial of service
2883| [44747] RHEL OpenSSH backdoor
2884| [44280] OpenSSH PermitRootLogin information disclosure
2885| [44279] OpenSSH sshd weak security
2886| [44037] OpenSSH sshd SELinux role unauthorized access
2887| [43940] OpenSSH X11 forwarding information disclosure
2888| [41549] OpenSSH ForceCommand directive security bypass
2889| [41438] OpenSSH sshd session hijacking
2890| [40897] OpenSSH known_hosts weak security
2891| [40587] OpenSSH username weak security
2892| [37371] OpenSSH username data manipulation
2893| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
2894| [37112] RHSA update for OpenSSH signal handler race condition not installed
2895| [37107] RHSA update for OpenSSH identical block denial of service not installed
2896| [36637] OpenSSH X11 cookie privilege escalation
2897| [35167] OpenSSH packet.c newkeys[mode] denial of service
2898| [34490] OpenSSH OPIE information disclosure
2899| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
2900| [32975] Apple Mac OS X OpenSSH denial of service
2901| [32387] RHSA-2006:0738 updates for openssh not installed
2902| [32359] RHSA-2006:0697 updates for openssh not installed
2903| [32230] RHSA-2006:0298 updates for openssh not installed
2904| [32132] RHSA-2006:0044 updates for openssh not installed
2905| [30120] OpenSSH privilege separation monitor authentication verification weakness
2906| [29255] OpenSSH GSSAPI user enumeration
2907| [29254] OpenSSH signal handler race condition
2908| [29158] OpenSSH identical block denial of service
2909| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
2910| [25116] OpenSSH OpenPAM denial of service
2911| [24305] OpenSSH SCP shell expansion command execution
2912| [22665] RHSA-2005:106 updates for openssh not installed
2913| [22117] OpenSSH GSSAPI allows elevated privileges
2914| [22115] OpenSSH GatewayPorts security bypass
2915| [20930] OpenSSH sshd.c LoginGraceTime denial of service
2916| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
2917| [17213] OpenSSH allows port bouncing attacks
2918| [16323] OpenSSH scp file overwrite
2919| [13797] OpenSSH PAM information leak
2920| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
2921| [13264] OpenSSH PAM code could allow an attacker to gain access
2922| [13215] OpenSSH buffer management errors could allow an attacker to execute code
2923| [13214] OpenSSH memory vulnerabilities
2924| [13191] OpenSSH large packet buffer overflow
2925| [12196] OpenSSH could allow an attacker to bypass login restrictions
2926| [11970] OpenSSH could allow an attacker to obtain valid administrative account
2927| [11902] OpenSSH PAM support enabled information leak
2928| [9803] OpenSSH "
2929| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
2930| [9307] OpenSSH is running on the system
2931| [9169] OpenSSH "
2932| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
2933| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
2934| [8383] OpenSSH off-by-one error in channel code
2935| [7647] OpenSSH UseLogin option arbitrary code execution
2936| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
2937| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
2938| [7179] OpenSSH source IP access control bypass
2939| [6757] OpenSSH "
2940| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
2941| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
2942| [5517] OpenSSH allows unauthorized access to resources
2943| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
2944|
2945| Exploit-DB - https://www.exploit-db.com:
2946| [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
2947| [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
2948| [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
2949| [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability
2950| [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability
2951| [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
2952| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
2953| [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)
2954| [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
2955| [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit
2956| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
2957| [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x
2958| [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
2959| [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool
2960|
2961| OpenVAS (Nessus) - http://www.openvas.org:
2962| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
2963| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
2964| [881183] CentOS Update for openssh CESA-2012:0884 centos6
2965| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
2966| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
2967| [870763] RedHat Update for openssh RHSA-2012:0884-04
2968| [870129] RedHat Update for openssh RHSA-2008:0855-01
2969| [861813] Fedora Update for openssh FEDORA-2010-5429
2970| [861319] Fedora Update for openssh FEDORA-2007-395
2971| [861170] Fedora Update for openssh FEDORA-2007-394
2972| [861012] Fedora Update for openssh FEDORA-2007-715
2973| [840345] Ubuntu Update for openssh vulnerability USN-597-1
2974| [840300] Ubuntu Update for openssh update USN-612-5
2975| [840271] Ubuntu Update for openssh vulnerability USN-612-2
2976| [840268] Ubuntu Update for openssh update USN-612-7
2977| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
2978| [840214] Ubuntu Update for openssh vulnerability USN-566-1
2979| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
2980| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
2981| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
2982| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
2983| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
2984| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
2985| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
2986| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
2987| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
2988| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
2989| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
2990| [100584] OpenSSH X Connections Session Hijacking Vulnerability
2991| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
2992| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
2993| [65987] SLES10: Security update for OpenSSH
2994| [65819] SLES10: Security update for OpenSSH
2995| [65514] SLES9: Security update for OpenSSH
2996| [65513] SLES9: Security update for OpenSSH
2997| [65334] SLES9: Security update for OpenSSH
2998| [65248] SLES9: Security update for OpenSSH
2999| [65218] SLES9: Security update for OpenSSH
3000| [65169] SLES9: Security update for openssh,openssh-askpass
3001| [65126] SLES9: Security update for OpenSSH
3002| [65019] SLES9: Security update for OpenSSH
3003| [65015] SLES9: Security update for OpenSSH
3004| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
3005| [61639] Debian Security Advisory DSA 1638-1 (openssh)
3006| [61030] Debian Security Advisory DSA 1576-2 (openssh)
3007| [61029] Debian Security Advisory DSA 1576-1 (openssh)
3008| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
3009| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
3010| [60667] Slackware Advisory SSA:2008-095-01 openssh
3011| [59014] Slackware Advisory SSA:2007-255-01 openssh
3012| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
3013| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
3014| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
3015| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
3016| [57492] Slackware Advisory SSA:2006-272-02 openssh
3017| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
3018| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
3019| [57470] FreeBSD Ports: openssh
3020| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
3021| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
3022| [56294] Slackware Advisory SSA:2006-045-06 openssh
3023| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
3024| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
3025| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
3026| [53788] Debian Security Advisory DSA 025-1 (openssh)
3027| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
3028| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
3029| [11343] OpenSSH Client Unauthorized Remote Forwarding
3030| [10954] OpenSSH AFS/Kerberos ticket/token passing
3031| [10883] OpenSSH Channel Code Off by 1
3032| [10823] OpenSSH UseLogin Environment Variables
3033|
3034| SecurityTracker - https://www.securitytracker.com:
3035| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
3036| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
3037| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
3038| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
3039| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
3040| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
3041| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
3042| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
3043| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
3044| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
3045| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
3046| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
3047| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
3048| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
3049| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
3050| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
3051| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
3052| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
3053| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
3054| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
3055| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
3056| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
3057| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
3058| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
3059| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
3060| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
3061| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
3062| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
3063| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
3064| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
3065| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
3066| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
3067| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
3068| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
3069| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
3070| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
3071| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
3072| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
3073|
3074| OSVDB - http://www.osvdb.org:
3075| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
3076| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
3077| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
3078| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
3079| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
3080| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
3081| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
3082| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
3083| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
3084| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
3085| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
3086| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
3087| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
3088| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
3089| [56921] OpenSSH Unspecified Remote Compromise
3090| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
3091| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
3092| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
3093| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
3094| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
3095| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
3096| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
3097| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
3098| [43745] OpenSSH X11 Forwarding Local Session Hijacking
3099| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
3100| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
3101| [37315] pam_usb OpenSSH Authentication Unspecified Issue
3102| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
3103| [34601] OPIE w/ OpenSSH Account Enumeration
3104| [34600] OpenSSH S/KEY Authentication Account Enumeration
3105| [32721] OpenSSH Username Password Complexity Account Enumeration
3106| [30232] OpenSSH Privilege Separation Monitor Weakness
3107| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
3108| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
3109| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
3110| [29152] OpenSSH Identical Block Packet DoS
3111| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
3112| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
3113| [22692] OpenSSH scp Command Line Filename Processing Command Injection
3114| [20216] OpenSSH with KerberosV Remote Authentication Bypass
3115| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
3116| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
3117| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
3118| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
3119| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
3120| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
3121| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
3122| [6601] OpenSSH *realloc() Unspecified Memory Errors
3123| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
3124| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
3125| [6072] OpenSSH PAM Conversation Function Stack Modification
3126| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
3127| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
3128| [5408] OpenSSH echo simulation Information Disclosure
3129| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
3130| [4536] OpenSSH Portable AIX linker Privilege Escalation
3131| [3938] OpenSSL and OpenSSH /dev/random Check Failure
3132| [3456] OpenSSH buffer_append_space() Heap Corruption
3133| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
3134| [2140] OpenSSH w/ PAM Username Validity Timing Attack
3135| [2112] OpenSSH Reverse DNS Lookup Bypass
3136| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
3137| [1853] OpenSSH Symbolic Link 'cookies' File Removal
3138| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
3139| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
3140| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
3141| [688] OpenSSH UseLogin Environment Variable Local Command Execution
3142| [642] OpenSSH Multiple Key Type ACL Bypass
3143| [504] OpenSSH SSHv2 Public Key Authentication Bypass
3144| [341] OpenSSH UseLogin Local Privilege Escalation
3145|_
314623/tcp filtered telnet
314779/tcp filtered finger
314880/tcp open http nginx
3149| vulscan: VulDB - https://vuldb.com:
3150| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
3151| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
3152| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
3153| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
3154| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
3155| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
3156| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
3157| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
3158| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
3159| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
3160| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
3161| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
3162| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
3163| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
3164| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
3165| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
3166| [67677] nginx up to 1.7.3 SSL weak authentication
3167| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
3168| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
3169| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
3170| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
3171| [65364] nginx up to 1.1.13 Default Configuration information disclosure
3172| [8671] nginx up to 1.4 proxy_pass denial of service
3173| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
3174| [7247] nginx 1.2.6 Proxy Function spoofing
3175| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
3176| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
3177| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
3178| [59645] nginx up to 0.8.9 Heap-based memory corruption
3179| [53592] nginx 0.8.36 memory corruption
3180| [53590] nginx up to 0.8.9 unknown vulnerability
3181| [51533] nginx 0.7.64 Terminal privilege escalation
3182| [50905] nginx up to 0.8.9 directory traversal
3183| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
3184| [50043] nginx up to 0.8.10 memory corruption
3185|
3186| MITRE CVE - https://cve.mitre.org:
3187| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
3188| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
3189| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
3190| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
3191| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
3192| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
3193| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
3194| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
3195| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
3196| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
3197| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
3198| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
3199| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
3200|
3201| SecurityFocus - https://www.securityfocus.com/bid/:
3202| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
3203| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
3204| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
3205| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
3206| [82230] nginx Multiple Denial of Service Vulnerabilities
3207| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
3208| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
3209| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
3210| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
3211| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
3212| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
3213| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
3214| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
3215| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
3216| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
3217| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
3218| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
3219| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
3220| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
3221| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3222| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3223| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3224| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3225| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
3226| [40420] nginx Directory Traversal Vulnerability
3227| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3228| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3229| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3230| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3231| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
3232|
3233| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3234| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
3235| [84172] nginx denial of service
3236| [84048] nginx buffer overflow
3237| [83923] nginx ngx_http_close_connection() integer overflow
3238| [83688] nginx null byte code execution
3239| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
3240| [82319] nginx access.log information disclosure
3241| [80952] nginx SSL spoofing
3242| [77244] nginx and Microsoft Windows request security bypass
3243| [76778] Naxsi module for Nginx nx_extract.py directory traversal
3244| [74831] nginx ngx_http_mp4_module.c buffer overflow
3245| [74191] nginx ngx_cpystrn() information disclosure
3246| [74045] nginx header response information disclosure
3247| [71355] nginx ngx_resolver_copy() buffer overflow
3248| [59370] nginx characters denial of service
3249| [59369] nginx DATA source code disclosure
3250| [59047] nginx space source code disclosure
3251| [58966] nginx unspecified directory traversal
3252| [54025] nginx ngx_http_parse.c denial of service
3253| [53431] nginx WebDAV component directory traversal
3254| [53328] Nginx CRC-32 cached domain name spoofing
3255| [53250] Nginx ngx_http_parse_complex_uri() function code execution
3256|
3257| Exploit-DB - https://www.exploit-db.com:
3258| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
3259| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
3260| [25499] nginx 1.3.9-1.4.0 DoS PoC
3261| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
3262| [14830] nginx 0.6.38 - Heap Corruption Exploit
3263| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
3264| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
3265| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
3266| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
3267| [9829] nginx 0.7.61 WebDAV directory traversal
3268|
3269| OpenVAS (Nessus) - http://www.openvas.org:
3270| [864418] Fedora Update for nginx FEDORA-2012-3846
3271| [864310] Fedora Update for nginx FEDORA-2012-6238
3272| [864209] Fedora Update for nginx FEDORA-2012-6411
3273| [864204] Fedora Update for nginx FEDORA-2012-6371
3274| [864121] Fedora Update for nginx FEDORA-2012-4006
3275| [864115] Fedora Update for nginx FEDORA-2012-3991
3276| [864065] Fedora Update for nginx FEDORA-2011-16075
3277| [863654] Fedora Update for nginx FEDORA-2011-16110
3278| [861232] Fedora Update for nginx FEDORA-2007-1158
3279| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
3280| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
3281| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
3282| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
3283| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3284| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3285| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3286| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3287| [100659] nginx Directory Traversal Vulnerability
3288| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
3289| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3290| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3291| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3292| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
3293| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3294| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
3295| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
3296| [71297] FreeBSD Ports: nginx
3297| [71276] FreeBSD Ports: nginx
3298| [71239] Debian Security Advisory DSA 2434-1 (nginx)
3299| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
3300| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
3301| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
3302| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
3303| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
3304| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
3305| [64894] FreeBSD Ports: nginx
3306| [64869] Debian Security Advisory DSA 1884-1 (nginx)
3307|
3308| SecurityTracker - https://www.securitytracker.com:
3309| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
3310| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
3311| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
3312| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
3313|
3314| OSVDB - http://www.osvdb.org:
3315| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
3316| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
3317| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
3318| [92796] nginx ngx_http_close_connection Function Crafted r->
3319| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
3320| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
3321| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
3322| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
3323| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
3324| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
3325| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
3326| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
3327| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
3328| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
3329| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
3330| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
3331| [62617] nginx Internal DNS Cache Poisoning Weakness
3332| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
3333| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
3334| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
3335| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
3336| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
3337| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
3338| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
3339| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
3340| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
3341| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
3342|_
3343110/tcp open pop3 Courier pop3d
3344| vulscan: VulDB - https://vuldb.com:
3345| [100906] Accellion FTA WAF Filter courier/1000@/index.html cross site scripting
3346| [11638] Courier MTA Webmail Server 0.73 External File System denial of service
3347| [50729] e-Courier CMS wizard_oe2.asp Wizard_tracking.asp cross site scripting
3348| [50725] e-Courier CMS cross site scripting
3349| [46287] Pre Courier and Cargo Business unknown vulnerability
3350| [45619] Courier-mta Courtier-authlib up to 0.61.1 authpgsqllib.c sql injection
3351| [36320] Double Precision Incorporated courier-imap up to 4.1.1 Login privilege escalation
3352|
3353| MITRE CVE - https://cve.mitre.org:
3354| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
3355| [CVE-2010-1328] Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section.
3356| [CVE-2010-1327] Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
3357| [CVE-2009-3905] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to (1) Wizard_tracking.asp, (2) wizard_oe2.asp, (3) your-register.asp, (4) main-whyregister.asp, and (5) your.asp in home/, and other unspecified vectors. NOTE: the provenance of this information is unknown
3358| [CVE-2009-3901] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified vectors.
3359| [CVE-2008-7012] courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters.
3360| [CVE-2008-6984] Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.
3361| [CVE-2008-6054] PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
3362| [CVE-2008-3850] Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html.
3363| [CVE-2008-2667] SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.
3364| [CVE-2008-2380] SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.
3365| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
3366| [CVE-2006-6390] Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/
3367| [CVE-2006-2659] libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
3368| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
3369| [CVE-2005-3532] authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
3370| [CVE-2005-2151] spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
3371| [CVE-2004-0777] Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.
3372| [CVE-2004-0224] Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
3373| [CVE-2003-0040] SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
3374| [CVE-2002-1311] Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
3375| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
3376| [CVE-2002-0914] Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.
3377| [CVE-2002-0436] sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.
3378| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
3379| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
3380| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
3381|
3382| SecurityFocus - https://www.securityfocus.com/bid/:
3383| [84605] Pre Courier And Cargo Business CVE-2008-6054 Remote Security Vulnerability
3384| [75469] Courier Mail Server Multiple Memory Corruption Vulnerabilities
3385| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
3386| [41970] e-Courier CMS 'UserGUID' Parameter Multiple Cross Site Scripting Vulnerabilities
3387| [39838] tpop3d Remote Denial of Service Vulnerability
3388| [32926] Courier-Authlib Non-Latin Character Handling Postgres SQL Injection Vulnerability
3389| [29605] Courier-Authlib Non-Latin Character Handling SQL Injection Vulnerability
3390| [23589] Courier-IMAP XMAILDIR Shell Command Injection Vulnerability
3391| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
3392| [18345] Courier Mail Server Username Encoding Remote Denial Of Service Vulnerability
3393| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
3394| [15771] Courier Mail Server Unauthorized Access Vulnerability
3395| [14135] Courier Mail Server Remote Denial Of Service Vulnerability
3396| [10976] Courier-IMAP Remote Format String Vulnerability
3397| [9845] Courier Multiple Remote Buffer Overflow Vulnerabilities
3398| [8495] akpop3d User Name SQL Injection Vulnerability
3399| [8473] Vpop3d Remote Denial Of Service Vulnerability
3400| [6738] Courier-IMAP Username SQL Injection Vulnerability
3401| [6189] Courier SqWebMail File Disclosure Vulnerability
3402| [4908] Courier MTA Long Year Remote Resource Consumption Vulnerability
3403| [4269] Sun Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
3404| [3990] ZPop3D Bad Login Logging Failure Vulnerability
3405| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
3406|
3407| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3408| [54180] e-Courier CMS multiple scripts cross-site scripting
3409| [54143] e-Courier CMS index.asp cross-site scripting
3410| [47494] Courier Authentication Library Postgres SQL injection
3411| [47436] PRE COURIER &
3412| [43628] Novell OpenSUSE courier-authlib SQL injection
3413| [42950] Courier authentication library username SQL injection
3414| [33805] Gentoo Courier-IMAP command execution
3415| [26998] Courier Mail Server libs/comverp.c usernames denial of service
3416| [26578] Cyrus IMAP pop3d buffer overflow
3417| [23532] Courier Mail Server authentication daemon allows deactivated account access
3418| [21565] Courier Mail Server rfc1035/spf.c denial of service
3419| [17034] Courier-IMAP auth_debug format string attack
3420| [15434] Courier Japanese codeset converter buffer overflow
3421| [13018] akpop3d authentication code SQL injection
3422| [11213] Courier-IMAP authpgsqllib username SQL injection
3423| [10643] Courier sqwebmail mail transport agent (MTA) fails to properly enforce permissions
3424| [9228] Courier MTA long year denial of service
3425| [7345] Slackware Linux imapd and ipop3d core dump
3426| [6269] imap, ipop2d and ipop3d buffer overflows
3427| [5923] Linuxconf vpop3d symbolic link
3428| [4918] IPOP3D, Buffer overflow attack
3429| [1560] IPOP3D, user login successful
3430| [1559] IPOP3D user login to remote host successful
3431| [1525] IPOP3D, user logout
3432| [1524] IPOP3D, user auto-logout
3433| [1523] IPOP3D, user login failure
3434| [1522] IPOP3D, brute force attack
3435| [1521] IPOP3D, user kiss of death logout
3436| [418] pop3d mktemp creates insecure temporary files
3437|
3438| Exploit-DB - https://www.exploit-db.com:
3439| [23053] Vpop3d Remote Denial of Service Vulnerability
3440| [21340] Solaris 7.0/8 Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
3441| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
3442| [11893] tPop3d 1.5.3 DoS
3443| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
3444| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
3445| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
3446| [432] Courier-IMAP <= 3.0.2-r1 auth_debug() Remote Format String Exploit
3447|
3448| OpenVAS (Nessus) - http://www.openvas.org:
3449| [63556] Gentoo Security Advisory GLSA 200903-25 (courier-authlib)
3450| [63063] Debian Security Advisory DSA 1688-2 (courier-authlib)
3451| [63031] Debian Security Advisory DSA 1688-1 (courier-authlib)
3452| [61600] Gentoo Security Advisory GLSA 200809-05 (courier-authlib)
3453| [61192] FreeBSD Ports: courier-authlib
3454| [58224] Gentoo Security Advisory GLSA 200704-18 (courier-imap)
3455| [57856] Gentoo Security Advisory GLSA 200608-06 (Courier)
3456| [57001] Debian Security Advisory DSA 1101-1 (courier)
3457| [55972] Debian Security Advisory DSA 917-1 (courier)
3458| [55421] Debian Security Advisory DSA 820-1 (courier)
3459| [55204] Debian Security Advisory DSA 793-1 (courier)
3460| [55165] Debian Security Advisory DSA 784-1 (courier)
3461| [54649] Gentoo Security Advisory GLSA 200408-19 (courier-imap)
3462| [54632] Gentoo Security Advisory GLSA 200408-02 (Courier)
3463| [54531] Gentoo Security Advisory GLSA 200403-06 (Courier)
3464| [53589] Debian Security Advisory DSA 247-1 (courier)
3465| [53441] Debian Security Advisory DSA 197-1 (courier)
3466| [53222] Debian Security Advisory DSA 533-1 (courier)
3467| [52431] FreeBSD Ports: courier
3468| [52418] FreeBSD Ports: courier-imap
3469|
3470| SecurityTracker - https://www.securitytracker.com:
3471| [1016248] Courier Mailing List Manager Lets Remote Users Deny Service
3472| [1014798] Courier Mail Server Error in Processing SPF Responses May Let Remote Users Deny Service
3473| [1010982] Courier-IMAP Format String Flaw in auth_debug() Lets Remote Users Execute Arbitrary Code
3474| [1009455] Courier Mail Server 'iso2022jp' and 'shiftjis' Buffer Overflows May Let Remote Users Execute Arbitrary Code
3475| [1006101] Courier Mail Transfer Agent May Let Remote Users Inject and Execute SQL Statements
3476| [1005639] Courier SqWebMail Privilege Dropping Bug Lets Local Users View Files on the System
3477| [1004433] Courier Mail Server Input Validation Bug Lets Remote Users Send Mail Containing Bogus Dates to Cause the Server to Consume Available CPU Resources
3478|
3479| OSVDB - http://www.osvdb.org:
3480| [86050] Courier Authentication Library (courier-authlib) Multiple Unspecified Issues
3481| [63879] Courier MTA localmailfilter Error Message Handling Remote DoS
3482| [59669] e-Courier CMS home/your.asp UserGUID Parameter XSS
3483| [59668] e-Courier CMS home/main-whyregister.asp UserGUID Parameter XSS
3484| [59667] e-Courier CMS home/your-register.asp UserGUID Parameter XSS
3485| [59666] e-Courier CMS home/wizard_oe2.asp UserGUID Parameter XSS
3486| [59665] e-Courier CMS home/Wizard_tracking.asp UserGUID Parameter XSS
3487| [59662] e-Courier CMS home/index.asp UserGUID Parameter XSS
3488| [50872] Pre Courier and Cargo Business dbcourior.mdb Direct Request Database Disclosure
3489| [50811] Courier Authentication Library authpgsqllib.c Unspecified SQL Injection
3490| [48242] Accellion File Transfer Appliance courier/1000@/api_error_email.html Arbitrary Mail Relay
3491| [47516] openSUSE courier-authlib Unspecified SQL Injection
3492| [46049] Courier Authentication Library Username SQL Injection
3493| [35274] Gentoo courier-imap XMAILDIR Variable Remote Command Injection
3494| [31746] Quick.Cart couriers.php config[db_type] Parameter Traversal Local File Inclusion
3495| [26232] Courier Mail Server Crafted Username Encoding DoS
3496| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
3497| [21541] Courier Mail Server courier-authdaemon Deactivated Account Authentication Bypass
3498| [17718] Courier Mail Server DNS SPF Record Lookup Failure Memory Corruption DoS
3499| [14521] Courier sqwebmail Startup Sequence Arbitrary File Access
3500| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
3501| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
3502| [10598] Sun Sunsolve CD Pack sscd_suncourier.pl email Parameter Arbitrary Command Execution
3503| [9506] PostgreSQL Auth Module For Courier User Name Parameter SQL Injection
3504| [9013] Courier-IMAP debug.c auth_debug() Function Remote Format String
3505| [6927] Courier Japanese Codeset shiftjis.c Conversion Overflow
3506| [5857] Linux pop3d Arbitrary Mail File Access
3507| [5052] Double Precision Courier MTA Invalid Year DoS
3508| [4194] Courier Japanese Codeset iso2022jp.c Conversion Overflow
3509| [2471] akpop3d username SQL Injection
3510|_
3511111/tcp filtered rpcbind
3512143/tcp open imap Courier Imapd (released 2015)
3513| vulscan: VulDB - https://vuldb.com:
3514| [100906] Accellion FTA WAF Filter courier/1000@/index.html cross site scripting
3515| [11638] Courier MTA Webmail Server 0.73 External File System denial of service
3516| [59792] Cyrus IMAPd 2.4.11 weak authentication
3517| [50729] e-Courier CMS wizard_oe2.asp Wizard_tracking.asp cross site scripting
3518| [50725] e-Courier CMS cross site scripting
3519| [46287] Pre Courier and Cargo Business unknown vulnerability
3520| [45619] Courier-mta Courtier-authlib up to 0.61.1 authpgsqllib.c sql injection
3521| [37927] Ipswitch Ipswitch Collaboration Suite up to 2006.1 IMAP Service imapd32.exe memory corruption
3522| [35759] Atrium MERCUR IMAPD IMAP4 mcrimap4.exe memory corruption
3523| [36320] Double Precision Incorporated courier-imap up to 4.1.1 Login privilege escalation
3524|
3525| MITRE CVE - https://cve.mitre.org:
3526| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
3527| [CVE-2011-3481] The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
3528| [CVE-2011-3372] imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
3529| [CVE-2010-1328] Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section.
3530| [CVE-2010-1327] Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
3531| [CVE-2009-3905] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to (1) Wizard_tracking.asp, (2) wizard_oe2.asp, (3) your-register.asp, (4) main-whyregister.asp, and (5) your.asp in home/, and other unspecified vectors. NOTE: the provenance of this information is unknown
3532| [CVE-2009-3901] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified vectors.
3533| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
3534| [CVE-2008-7012] courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters.
3535| [CVE-2008-6984] Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.
3536| [CVE-2008-6054] PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
3537| [CVE-2008-3850] Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html.
3538| [CVE-2008-2667] SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.
3539| [CVE-2008-2380] SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.
3540| [CVE-2007-5740] The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
3541| [CVE-2007-5018] Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.
3542| [CVE-2007-3925] Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
3543| [CVE-2007-1579] Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
3544| [CVE-2007-1578] Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
3545| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
3546| [CVE-2006-6762] The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
3547| [CVE-2006-6761] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
3548| [CVE-2006-6425] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
3549| [CVE-2006-6424] Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow
3550| [CVE-2006-6390] Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/
3551| [CVE-2006-2659] libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
3552| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
3553| [CVE-2005-3532] authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
3554| [CVE-2005-2278] Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
3555| [CVE-2005-2151] spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
3556| [CVE-2005-1256] Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
3557| [CVE-2005-1249] The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
3558| [CVE-2005-1015] Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
3559| [CVE-2005-0546] Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
3560| [CVE-2004-0777] Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.
3561| [CVE-2004-0224] Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
3562| [CVE-2003-1322] Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
3563| [CVE-2003-0040] SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
3564| [CVE-2002-1782] The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.
3565| [CVE-2002-1604] Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
3566| [CVE-2002-1311] Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
3567| [CVE-2002-0997] Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
3568| [CVE-2002-0914] Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.
3569| [CVE-2002-0436] sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.
3570| [CVE-2002-0379] Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
3571| [CVE-2001-0691] Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
3572| [CVE-2000-0284] Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
3573| [CVE-1999-1557] Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
3574| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
3575| [CVE-1999-1224] IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
3576|
3577| SecurityFocus - https://www.securityfocus.com/bid/:
3578| [84605] Pre Courier And Cargo Business CVE-2008-6054 Remote Security Vulnerability
3579| [84478] imapd CVE-1999-1224 Denial-Of-Service Vulnerability
3580| [75469] Courier Mail Server Multiple Memory Corruption Vulnerabilities
3581| [65650] Eudora WorldMail imapd 'UID' Command Buffer Overflow Vulnerability
3582| [51403] Eudora WorldMail imapd 'LIST' Command Buffer Overflow Vulnerability
3583| [49949] Cyrus IMAPd NTTP Logic Error Authentication Bypass Vulnerability
3584| [41970] e-Courier CMS 'UserGUID' Parameter Multiple Cross Site Scripting Vulnerabilities
3585| [32926] Courier-Authlib Non-Latin Character Handling Postgres SQL Injection Vulnerability
3586| [29605] Courier-Authlib Non-Latin Character Handling SQL Injection Vulnerability
3587| [26270] Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
3588| [25733] Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
3589| [23589] Courier-IMAP XMAILDIR Shell Command Injection Vulnerability
3590| [23058] Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
3591| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
3592| [18345] Courier Mail Server Username Encoding Remote Denial Of Service Vulnerability
3593| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
3594| [15980] Qualcomm WorldMail IMAPD Buffer Overflow Vulnerability
3595| [15771] Courier Mail Server Unauthorized Access Vulnerability
3596| [15753] Ipswitch Collaboration Suite and IMail Server IMAPD LIST Command Denial Of Service Vulnerability
3597| [14135] Courier Mail Server Remote Denial Of Service Vulnerability
3598| [12636] Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities
3599| [11738] Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities
3600| [11729] Cyrus IMAPD Multiple Remote Vulnerabilities
3601| [10976] Courier-IMAP Remote Format String Vulnerability
3602| [9845] Courier Multiple Remote Buffer Overflow Vulnerabilities
3603| [6738] Courier-IMAP Username SQL Injection Vulnerability
3604| [6298] Cyrus IMAPD Pre-Login Heap Corruption Vulnerability
3605| [6189] Courier SqWebMail File Disclosure Vulnerability
3606| [4908] Courier MTA Long Year Remote Resource Consumption Vulnerability
3607| [4713] Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability
3608| [4269] Sun Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
3609| [2856] Imapd 'Local' Buffer Overflow Vulnerabilities
3610| [1110] Univ. Of Washington imapd Buffer Overflow Vulnerabilities
3611| [502] NT IMail Imapd Buffer Overflow DoS Vulnerability
3612| [130] imapd Buffer Overflow Vulnerability
3613|
3614| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3615| [70325] Cyrus IMAPd NNTP security bypass
3616| [54180] e-Courier CMS multiple scripts cross-site scripting
3617| [54143] e-Courier CMS index.asp cross-site scripting
3618| [47526] UW-imapd rfc822_output_char() denial of service
3619| [47494] Courier Authentication Library Postgres SQL injection
3620| [47436] PRE COURIER &
3621| [43628] Novell OpenSUSE courier-authlib SQL injection
3622| [42950] Courier authentication library username SQL injection
3623| [33805] Gentoo Courier-IMAP command execution
3624| [26998] Courier Mail Server libs/comverp.c usernames denial of service
3625| [23532] Courier Mail Server authentication daemon allows deactivated account access
3626| [22629] RHSA-2005:408 updates for cyrus-imapd not installed
3627| [21565] Courier Mail Server rfc1035/spf.c denial of service
3628| [19460] Cyrus IMAP imapd buffer overflow
3629| [19455] Cyrus IMAP imapd extension off-by-one buffer overflow
3630| [18492] Novell NetMail IMAPD 101_mEna buffer overflow
3631| [17034] Courier-IMAP auth_debug format string attack
3632| [15434] Courier Japanese codeset converter buffer overflow
3633| [11213] Courier-IMAP authpgsqllib username SQL injection
3634| [10803] UW IMAP (wu-imapd) authenticated user buffer overflow
3635| [10643] Courier sqwebmail mail transport agent (MTA) fails to properly enforce permissions
3636| [9238] UW IMAP (wu-imapd) could allow a remote attacker to access arbitrary files
3637| [9228] Courier MTA long year denial of service
3638| [9055] UW IMAP (wu-imapd) partial mailbox attributes to request buffer overflow
3639| [7345] Slackware Linux imapd and ipop3d core dump
3640| [573] Imapd denial of service
3641|
3642| Exploit-DB - https://www.exploit-db.com:
3643| [30724] Perdition 1.17 IMAPD __STR_VWRITE Remote Format String Vulnerability
3644| [22061] Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 Pre-Login Heap Corruption Vulnerability
3645| [21443] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (2)
3646| [21442] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (1)
3647| [21340] Solaris 7.0/8 Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
3648| [19849] UoW imapd 10.234/12.264 COPY Buffer Overflow (meta)
3649| [19848] UoW imapd 10.234/12.264 LSUB Buffer Overflow (meta)
3650| [19847] UoW imapd 10.234/12.264 Buffer Overflow Vulnerabilities
3651| [19377] Ipswitch IMail 5.0 Imapd Buffer Overflow DoS Vulnerability
3652| [19107] Netscape Messaging Server 3.55,University of Washington imapd 10.234 Buffer Overflow Vulnerability
3653| [18354] WorldMail imapd 3.0 SEH overflow (egg hunter)
3654| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
3655| [16485] MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow
3656| [16482] MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
3657| [16480] MailEnable IMAPD W3C Logging Buffer Overflow
3658| [16477] Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow
3659| [16475] MailEnable IMAPD (2.35) Login Request Buffer Overflow
3660| [16474] Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow
3661| [4429] Mercury/32 4.52 IMAPD SEARCH command Post-Auth Overflow Exploit
3662| [3627] IPSwitch IMail Server <= 8.20 IMAPD Remote Buffer Overflow Exploit
3663| [3527] Mercur IMAPD 5.00.14 Remote Denial of Service Exploit (win32)
3664| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
3665| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
3666| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
3667| [1380] Eudora Qualcomm WorldMail 3.0 (IMAPd) Remote Overflow Exploit
3668| [1332] MailEnable 1.54 Pro Universal IMAPD W3C Logging BoF Exploit
3669| [1327] FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
3670| [1151] MDaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow Exploit
3671| [1124] IPSwitch IMail Server <= 8.15 IMAPD Remote Root Exploit
3672| [915] MailEnable Enterprise 1.x Imapd Remote Exploit
3673| [903] Cyrus imapd 2.2.4 - 2.2.8 (imapmagicplus) Remote Exploit
3674| [432] Courier-IMAP <= 3.0.2-r1 auth_debug() Remote Format String Exploit
3675| [340] Linux imapd Remote Overflow File Retrieve Exploit
3676|
3677| OpenVAS (Nessus) - http://www.openvas.org:
3678| [881425] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 x86_64
3679| [881403] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 x86_64
3680| [881397] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 x86_64
3681| [881370] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 x86_64
3682| [881318] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 x86_64
3683| [881255] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 x86_64
3684| [881050] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 i386
3685| [881049] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 i386
3686| [881007] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 i386
3687| [880978] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 i386
3688| [880958] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 i386
3689| [880905] CentOS Update for cyrus-imapd CESA-2009:1459 centos4 i386
3690| [880864] CentOS Update for cyrus-imapd CESA-2009:1459 centos5 i386
3691| [880826] CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386
3692| [880536] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 i386
3693| [870520] RedHat Update for cyrus-imapd RHSA-2011:1508-01
3694| [870489] RedHat Update for cyrus-imapd RHSA-2011:1317-01
3695| [870443] RedHat Update for cyrus-imapd RHSA-2011:0859-01
3696| [864075] Fedora Update for cyrus-imapd FEDORA-2011-13832
3697| [863585] Fedora Update for cyrus-imapd FEDORA-2011-13869
3698| [863579] Fedora Update for cyrus-imapd FEDORA-2011-13860
3699| [863281] Fedora Update for cyrus-imapd FEDORA-2011-7193
3700| [863273] Fedora Update for cyrus-imapd FEDORA-2011-7217
3701| [831590] Mandriva Update for cyrus-imapd MDVSA-2012:037 (cyrus-imapd)
3702| [831468] Mandriva Update for cyrus-imapd MDVSA-2011:149 (cyrus-imapd)
3703| [831410] Mandriva Update for cyrus-imapd MDVSA-2011:100 (cyrus-imapd)
3704| [831207] Mandriva Update for cyrus-imapd MDVA-2010:208 (cyrus-imapd)
3705| [800149] UW-imapd tmail and dmail BOF Vulnerabilities (Linux)
3706| [70696] Debian Security Advisory DSA 2377-1 (cyrus-imapd-2.2)
3707| [70407] Debian Security Advisory DSA 2318-1 (cyrus-imapd-2.2)
3708| [69965] Debian Security Advisory DSA 2258-1 (kolab-cyrus-imapd)
3709| [69740] Debian Security Advisory DSA 2242-1 (cyrus-imapd-2.2)
3710| [66416] Mandriva Security Advisory MDVSA-2009:229-1 (cyrus-imapd)
3711| [66233] SLES10: Security update for Cyrus IMAPD
3712| [66226] SLES11: Security update for Cyrus IMAPD
3713| [66222] SLES9: Security update for Cyrus IMAPD
3714| [65938] SLES10: Security update for Cyrus IMAPD
3715| [65723] SLES11: Security update for Cyrus IMAPD
3716| [65523] SLES9: Security update for Cyrus IMAPD
3717| [65479] SLES9: Security update for cyrus-imapd
3718| [65094] SLES9: Security update for cyrus-imapd
3719| [64989] CentOS Security Advisory CESA-2009:1459 (cyrus-imapd)
3720| [64977] Debian Security Advisory DSA 1893-1 (cyrus-imapd-2.2 kolab-cyrus-imapd)
3721| [64965] Fedora Core 11 FEDORA-2009-9901 (cyrus-imapd)
3722| [64963] Fedora Core 10 FEDORA-2009-9869 (cyrus-imapd)
3723| [64898] FreeBSD Ports: cyrus-imapd
3724| [64864] Debian Security Advisory DSA 1881-1 (cyrus-imapd-2.2)
3725| [64847] Fedora Core 10 FEDORA-2009-9428 (cyrus-imapd)
3726| [64846] Fedora Core 11 FEDORA-2009-9417 (cyrus-imapd)
3727| [64838] Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd)
3728| [64271] CentOS Security Advisory CESA-2009:1116 (cyrus-imapd)
3729| [63556] Gentoo Security Advisory GLSA 200903-25 (courier-authlib)
3730| [63063] Debian Security Advisory DSA 1688-2 (courier-authlib)
3731| [63031] Debian Security Advisory DSA 1688-1 (courier-authlib)
3732| [61600] Gentoo Security Advisory GLSA 200809-05 (courier-authlib)
3733| [61192] FreeBSD Ports: courier-authlib
3734| [58224] Gentoo Security Advisory GLSA 200704-18 (courier-imap)
3735| [57856] Gentoo Security Advisory GLSA 200608-06 (Courier)
3736| [57001] Debian Security Advisory DSA 1101-1 (courier)
3737| [55972] Debian Security Advisory DSA 917-1 (courier)
3738| [55807] Slackware Advisory SSA:2005-310-06 imapd
3739| [55421] Debian Security Advisory DSA 820-1 (courier)
3740| [55204] Debian Security Advisory DSA 793-1 (courier)
3741| [55165] Debian Security Advisory DSA 784-1 (courier)
3742| [54861] Gentoo Security Advisory GLSA 200502-29 (cyrus-imapd)
3743| [54755] Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd)
3744| [54649] Gentoo Security Advisory GLSA 200408-19 (courier-imap)
3745| [54632] Gentoo Security Advisory GLSA 200408-02 (Courier)
3746| [54531] Gentoo Security Advisory GLSA 200403-06 (Courier)
3747| [53739] Debian Security Advisory DSA 215-1 (cyrus-imapd)
3748| [53589] Debian Security Advisory DSA 247-1 (courier)
3749| [53441] Debian Security Advisory DSA 197-1 (courier)
3750| [53288] Debian Security Advisory DSA 597-1 (cyrus-imapd)
3751| [53222] Debian Security Advisory DSA 533-1 (courier)
3752| [52431] FreeBSD Ports: courier
3753| [52418] FreeBSD Ports: courier-imap
3754| [52297] FreeBSD Ports: cyrus-imapd
3755| [52296] FreeBSD Ports: cyrus-imapd
3756| [52295] FreeBSD Ports: cyrus-imapd
3757| [52294] FreeBSD Ports: cyrus-imapd
3758| [52172] FreeBSD Ports: cyrus-imapd
3759|
3760| SecurityTracker - https://www.securitytracker.com:
3761| [1016248] Courier Mailing List Manager Lets Remote Users Deny Service
3762| [1014798] Courier Mail Server Error in Processing SPF Responses May Let Remote Users Deny Service
3763| [1013278] Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
3764| [1010982] Courier-IMAP Format String Flaw in auth_debug() Lets Remote Users Execute Arbitrary Code
3765| [1009455] Courier Mail Server 'iso2022jp' and 'shiftjis' Buffer Overflows May Let Remote Users Execute Arbitrary Code
3766| [1006101] Courier Mail Transfer Agent May Let Remote Users Inject and Execute SQL Statements
3767| [1005639] Courier SqWebMail Privilege Dropping Bug Lets Local Users View Files on the System
3768| [1004433] Courier Mail Server Input Validation Bug Lets Remote Users Send Mail Containing Bogus Dates to Cause the Server to Consume Available CPU Resources
3769|
3770| OSVDB - http://www.osvdb.org:
3771| [86050] Courier Authentication Library (courier-authlib) Multiple Unspecified Issues
3772| [78304] Eudora WorldMail imapd SEH LIST Command Parsing Remote Overflow
3773| [75445] Cyrus IMAP Server imapd index.c index_get_ids Function References Header NULL Dereference Remote DoS
3774| [63879] Courier MTA localmailfilter Error Message Handling Remote DoS
3775| [59669] e-Courier CMS home/your.asp UserGUID Parameter XSS
3776| [59668] e-Courier CMS home/main-whyregister.asp UserGUID Parameter XSS
3777| [59667] e-Courier CMS home/your-register.asp UserGUID Parameter XSS
3778| [59666] e-Courier CMS home/wizard_oe2.asp UserGUID Parameter XSS
3779| [59665] e-Courier CMS home/Wizard_tracking.asp UserGUID Parameter XSS
3780| [59662] e-Courier CMS home/index.asp UserGUID Parameter XSS
3781| [57843] Cyrus IMAP Server (cyrus-imapd) SIEVE Script Component (sieve/script.c) Crafted Script Handling Overflow
3782| [57681] UoW imap Server (uw-imapd) Arbitrary Remote File Access
3783| [52906] UW-imapd c-client Initial Request Remote Format String
3784| [52905] UW-imapd c-client Library RFC822BUFFER Routines rfc822_output_char Function Off-by-one
3785| [52456] UW-imapd on Debian Linux LOGIN Command Remote DoS
3786| [50872] Pre Courier and Cargo Business dbcourior.mdb Direct Request Database Disclosure
3787| [50811] Courier Authentication Library authpgsqllib.c Unspecified SQL Injection
3788| [49485] UW-imapd dmail Utility Mailbox Name Handling Overflow
3789| [49484] UW-imapd tmail Utility Mailbox Name Handling Overflow
3790| [48242] Accellion File Transfer Appliance courier/1000@/api_error_email.html Arbitrary Mail Relay
3791| [47516] openSUSE courier-authlib Unspecified SQL Injection
3792| [46049] Courier Authentication Library Username SQL Injection
3793| [42004] Perdition Mail Retrieval Proxy IMAPD IMAP Tag Remote Format String Arbitrary Code Execution
3794| [39670] Mercury Mail Transport System IMAPD SEARCH Command Remote Overflow
3795| [35274] Gentoo courier-imap XMAILDIR Variable Remote Command Injection
3796| [31746] Quick.Cart couriers.php config[db_type] Parameter Traversal Local File Inclusion
3797| [31362] Novell NetMail IMAP Daemon (IMAPD) APPEND Command Remote Overflow
3798| [31361] Novell NetMail IMAP Daemon (IMAPD) APPEND Command DoS
3799| [31360] Novell NetMail IMAP Daemon (IMAPD) SUBSCRIBE Command Remote Overflow
3800| [26232] Courier Mail Server Crafted Username Encoding DoS
3801| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
3802| [21541] Courier Mail Server courier-authdaemon Deactivated Account Authentication Bypass
3803| [18179] HP Tru64 UNIX imapd NLSPATH Environment Variable Local Overflow
3804| [17718] Courier Mail Server DNS SPF Record Lookup Failure Memory Corruption DoS
3805| [14521] Courier sqwebmail Startup Sequence Arbitrary File Access
3806| [13242] UW-imapd CRAM-MD5 Authentication Bypass
3807| [12385] Novell NetMail IMAPD 101_mEna Script Remote Overflow
3808| [12042] UoW imapd Multiple Unspecified Overflows
3809| [12037] UoW imapd (UW-IMAP) Multiple Command Remote Overflows
3810| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
3811| [10598] Sun Sunsolve CD Pack sscd_suncourier.pl email Parameter Arbitrary Command Execution
3812| [9506] PostgreSQL Auth Module For Courier User Name Parameter SQL Injection
3813| [9013] Courier-IMAP debug.c auth_debug() Function Remote Format String
3814| [6927] Courier Japanese Codeset shiftjis.c Conversion Overflow
3815| [5052] Double Precision Courier MTA Invalid Year DoS
3816| [4194] Courier Japanese Codeset iso2022jp.c Conversion Overflow
3817| [911] UoW imapd AUTHENTICATE Command Remote Overflow
3818| [790] UoW imap Server (uw-imapd) BODY Request Remote Overflow
3819| [519] UoW imapd SIGABRT Signal Forced Crash Information Disclosure
3820|_
3821443/tcp open ssl/http nginx
3822| vulscan: VulDB - https://vuldb.com:
3823| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
3824| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
3825| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
3826| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
3827| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
3828| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
3829| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
3830| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
3831| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
3832| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
3833| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
3834| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
3835| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
3836| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
3837| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
3838| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
3839| [67677] nginx up to 1.7.3 SSL weak authentication
3840| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
3841| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
3842| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
3843| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
3844| [65364] nginx up to 1.1.13 Default Configuration information disclosure
3845| [8671] nginx up to 1.4 proxy_pass denial of service
3846| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
3847| [7247] nginx 1.2.6 Proxy Function spoofing
3848| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
3849| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
3850| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
3851| [59645] nginx up to 0.8.9 Heap-based memory corruption
3852| [53592] nginx 0.8.36 memory corruption
3853| [53590] nginx up to 0.8.9 unknown vulnerability
3854| [51533] nginx 0.7.64 Terminal privilege escalation
3855| [50905] nginx up to 0.8.9 directory traversal
3856| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
3857| [50043] nginx up to 0.8.10 memory corruption
3858|
3859| MITRE CVE - https://cve.mitre.org:
3860| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
3861| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
3862| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
3863| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
3864| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
3865| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
3866| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
3867| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
3868| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
3869| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
3870| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
3871| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
3872| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
3873|
3874| SecurityFocus - https://www.securityfocus.com/bid/:
3875| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
3876| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
3877| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
3878| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
3879| [82230] nginx Multiple Denial of Service Vulnerabilities
3880| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
3881| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
3882| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
3883| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
3884| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
3885| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
3886| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
3887| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
3888| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
3889| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
3890| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
3891| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
3892| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
3893| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
3894| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3895| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3896| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3897| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3898| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
3899| [40420] nginx Directory Traversal Vulnerability
3900| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3901| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3902| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3903| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3904| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
3905|
3906| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3907| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
3908| [84172] nginx denial of service
3909| [84048] nginx buffer overflow
3910| [83923] nginx ngx_http_close_connection() integer overflow
3911| [83688] nginx null byte code execution
3912| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
3913| [82319] nginx access.log information disclosure
3914| [80952] nginx SSL spoofing
3915| [77244] nginx and Microsoft Windows request security bypass
3916| [76778] Naxsi module for Nginx nx_extract.py directory traversal
3917| [74831] nginx ngx_http_mp4_module.c buffer overflow
3918| [74191] nginx ngx_cpystrn() information disclosure
3919| [74045] nginx header response information disclosure
3920| [71355] nginx ngx_resolver_copy() buffer overflow
3921| [59370] nginx characters denial of service
3922| [59369] nginx DATA source code disclosure
3923| [59047] nginx space source code disclosure
3924| [58966] nginx unspecified directory traversal
3925| [54025] nginx ngx_http_parse.c denial of service
3926| [53431] nginx WebDAV component directory traversal
3927| [53328] Nginx CRC-32 cached domain name spoofing
3928| [53250] Nginx ngx_http_parse_complex_uri() function code execution
3929|
3930| Exploit-DB - https://www.exploit-db.com:
3931| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
3932| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
3933| [25499] nginx 1.3.9-1.4.0 DoS PoC
3934| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
3935| [14830] nginx 0.6.38 - Heap Corruption Exploit
3936| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
3937| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
3938| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
3939| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
3940| [9829] nginx 0.7.61 WebDAV directory traversal
3941|
3942| OpenVAS (Nessus) - http://www.openvas.org:
3943| [864418] Fedora Update for nginx FEDORA-2012-3846
3944| [864310] Fedora Update for nginx FEDORA-2012-6238
3945| [864209] Fedora Update for nginx FEDORA-2012-6411
3946| [864204] Fedora Update for nginx FEDORA-2012-6371
3947| [864121] Fedora Update for nginx FEDORA-2012-4006
3948| [864115] Fedora Update for nginx FEDORA-2012-3991
3949| [864065] Fedora Update for nginx FEDORA-2011-16075
3950| [863654] Fedora Update for nginx FEDORA-2011-16110
3951| [861232] Fedora Update for nginx FEDORA-2007-1158
3952| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
3953| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
3954| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
3955| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
3956| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3957| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3958| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3959| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3960| [100659] nginx Directory Traversal Vulnerability
3961| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
3962| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3963| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3964| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3965| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
3966| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3967| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
3968| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
3969| [71297] FreeBSD Ports: nginx
3970| [71276] FreeBSD Ports: nginx
3971| [71239] Debian Security Advisory DSA 2434-1 (nginx)
3972| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
3973| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
3974| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
3975| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
3976| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
3977| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
3978| [64894] FreeBSD Ports: nginx
3979| [64869] Debian Security Advisory DSA 1884-1 (nginx)
3980|
3981| SecurityTracker - https://www.securitytracker.com:
3982| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
3983| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
3984| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
3985| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
3986|
3987| OSVDB - http://www.osvdb.org:
3988| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
3989| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
3990| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
3991| [92796] nginx ngx_http_close_connection Function Crafted r->
3992| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
3993| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
3994| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
3995| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
3996| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
3997| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
3998| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
3999| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
4000| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
4001| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
4002| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
4003| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
4004| [62617] nginx Internal DNS Cache Poisoning Weakness
4005| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
4006| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
4007| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
4008| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
4009| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
4010| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
4011| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
4012| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
4013| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
4014| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
4015|_
4016587/tcp open smtp Sendmail 8.15.2/8.15.2
4017| vulscan: VulDB - https://vuldb.com:
4018| [51427] Sendmail up to 8.14.3 Access Restriction spoofing
4019| [35870] Sendmail 8.13.1.2 spoofing
4020| [35869] Sendmail 8.13.1.2 on Red Hat Encryption weak encryption
4021| [122672] zzcms 8.3 dl/dl_sendmail.php Parameter sql injection
4022|
4023| MITRE CVE - https://cve.mitre.org:
4024| [CVE-2009-4565] sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
4025| [CVE-2009-1490] Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.
4026| [CVE-2007-2246] Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1
4027| [CVE-2006-7176] The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.
4028| [CVE-2006-7175] The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired.
4029| [CVE-2006-4434] Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."
4030| [CVE-2006-1173] Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
4031| [CVE-2006-0058] Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.
4032| [CVE-2004-0833] Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages.
4033| [CVE-2003-0694] The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
4034| [CVE-2003-0688] The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.
4035| [CVE-2003-0681] A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
4036| [CVE-2003-0308] The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.
4037| [CVE-2003-0161] The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
4038| [CVE-2002-2423] Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response.
4039| [CVE-2002-2261] Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname.
4040| [CVE-2002-1827] Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the (1) alias, (2) map, (3) statistics, and (4) pid files.
4041| [CVE-2002-1337] Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
4042| [CVE-2002-1165] Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.
4043| [CVE-2002-0906] Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server.
4044| [CVE-2001-1349] Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.
4045| [CVE-2001-0715] Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode.
4046| [CVE-2001-0714] Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to cause a denial of service (data loss) by (1) setting a high initial message hop count option (-h), which causes Sendmail to drop queue entries, (2) via the -qR option, or (3) via the -qS option.
4047| [CVE-2001-0713] Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1) macro names that are one character long, (2) a variable setting which is processed by the setoption function, or (3) a Modifiers setting which is processed by the getmodifiers function.
4048| [CVE-2001-0653] Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.
4049| [CVE-2000-0319] mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n.
4050| [CVE-1999-1109] Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.
4051| [CVE-1999-0661] A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.
4052| [CVE-2003-1076] Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local users to cause a denial of service (unknown impact) and possibly gain privileges via certain constructs in a .forward file.
4053| [CVE-2002-1278] The mailconf module in Linuxconf 1.24, and other versions before 1.28, on Conectiva Linux 6.0 through 8, and possibly other distributions, generates the Sendmail configuration file (sendmail.cf) in a way that configures Sendmail to run as an open mail relay, which allows remote attackers to send Spam email.
4054| [CVE-2001-0588] sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO OpenServer 5.0.6, can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.
4055| [CVE-1999-1309] Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option.
4056| [CVE-1999-0684] Denial of service in Sendmail 8.8.6 in HPUX.
4057| [CVE-1999-0478] Denial of service in HP-UX sendmail 8.8.6 related to accepting connections.
4058| [CVE-1999-0393] Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers.
4059| [CVE-1999-0206] MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access.
4060| [CVE-1999-0205] Denial of service in Sendmail 8.6.11 and 8.6.12.
4061| [CVE-1999-0204] Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.
4062| [CVE-1999-0131] Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.
4063| [CVE-1999-0047] MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.
4064|
4065| SecurityFocus - https://www.securityfocus.com/bid/:
4066| [98787] Sendmail Remote Code Execution Vulnerability
4067| [88042] Sendmail CVE-1999-0684 Denial-Of-Service Vulnerability
4068| [87124] Sendmail CVE-2003-0308 Local Security Vulnerability
4069| [86815] Sendmail CVE-2006-7175 Remote Security Vulnerability
4070| [86048] Sendmail CVE-1999-0565 Remote Security Vulnerability
4071| [83087] Sendmail CVE-1999-0206 Remote Security Vulnerability
4072| [82811] Sendmail CVE-1999-0478 Denial-Of-Service Vulnerability
4073| [82467] Sendmail CVE-1999-0418 Denial-Of-Service Vulnerability
4074| [80905] Sendmail CVE-1999-0205 Denial-Of-Service Vulnerability
4075| [80398] Sendmail CVE-1999-0163 Local Security Vulnerability
4076| [67791] Sendmail File Descriptor Security Vulnerability
4077| [54206] IBM AIX Sendmail Local Privilege Escalation Vulnerability
4078| [49431] Sendmail SMTP HELO Argument Buffer Overflow Vulnerability
4079| [37543] Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
4080| [37395] PEAR Sendmail 'Recipient' Parameter Arbitrary Argument Injection Vulnerability
4081| [37081] PEAR Sendmail 'From' Parameter Arbitrary Argument Injection Vulnerability
4082| [34944] Sendmail 'X-header' Remote Heap Buffer Overflow Vulnerability
4083| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
4084| [23742] Red Hat Sendmail Localhost.Localdomain Email Spoofing Vulnerability
4085| [23606] Sendmail Unspecified Denial Of Service Vulnerability
4086| [19714] Sendmail Long Header Denial Of Service Vulnerability
4087| [18433] Sendmail Malformed MIME Message Denial Of Service Vulnerability
4088| [17207] Retired: Sendmail SM_SysLog Remote Memory Leak Denial Of Service Vulnerability
4089| [17192] Sendmail Asynchronous Signal Handling Remote Code Execution Vulnerability
4090| [14047] Sendmail Milter Remote Denial Of Service Weakness
4091| [11262] Debian GNU/Linux Sendmail Package Default SASL Password Vulnerability
4092| [8674] Sendmail Headers Prescan Denial Of Service Vulnerability
4093| [8649] Sendmail Ruleset Parsing Buffer Overflow Vulnerability
4094| [8641] Sendmail Prescan() Variant Remote Buffer Overrun Vulnerability
4095| [8485] Sendmail DNS Maps Remote Denial of Service Vulnerability
4096| [7829] Sendmail V.5 -oR Privilege Escalation Vulnerability
4097| [7614] Sendmail Insecure Temporary File Privilege Escalation Vulnerability
4098| [7580] AIX Sendmail Open Relay Default Configuration Weakness
4099| [7230] Sendmail Address Prescan Memory Corruption Vulnerability
4100| [7033] Sun Sendmail Forward File Privilege Escalation Vulnerability
4101| [6991] Sendmail Header Processing Buffer Overflow Vulnerability
4102| [6878] HP-UX Bastille sendmail.cf Information Disclosure Weakness
4103| [6548] Sendmail check_relay Access Bypassing Vulnerability
4104| [5921] Sendmail Trojan Horse Vulnerability
4105| [5845] Sendmail SMRSH Double Pipe Access Validation Vulnerability
4106| [5770] Sendmail Long Ident Logging Circumvention Weakness
4107| [5122] Sendmail DNS Map TXT Record Buffer Overflow Vulnerability
4108| [4822] Sendmail File Locking Denial Of Service Vulnerability
4109| [3898] HP Sendmail Diagnostic Code Information Leakage Vulnerability
4110| [3378] Sendmail Queue Processing Data Loss/DoS Vulnerability
4111| [3377] Sendmail Inadequate Privilege Lowering Vulnerability
4112| [3163] Sendmail Debugger Arbitrary Code Execution Vulnerability
4113| [2900] Kaspersky Anti-Virus for Sendmail Remote Format String Vulnerability
4114| [2897] Sendmail WIZ Default Configuration Vulnerability
4115| [2794] Sendmail Unsafe Signal Handling Race Condition Vulnerability
4116| [2593] SCO OpenServer sendmail Buffer Overflow Vulnerability
4117| [2311] Sendmail IDENT Remote root Vulnerability
4118| [2308] Sendmail Invalid MAIL/RCPT Vulnerability
4119| [2077] WEBgais websendmail Remote Command Execution Vulnerability
4120| [1696] Horde IMP Remote Command Execution via Sendmail Vulnerability
4121| [1146] Sendmail mail.local Vulnerabilities
4122| [904] Sendmail ETRN Denial of Service Vulnerability
4123| [857] Sendmail Aliases Database Regeneration Vulnerability
4124| [774] Sendmail Socket Hijack Vulnerability
4125| [717] Berkeley Sendmail Starvation and Overflow Vulnerabilities
4126| [716] Berkeley Sendmail Daemon Mode Vulnerability
4127| [715] Berkeley Sendmail Group Permissions Vulnerability
4128| [685] Berkeley Sendmail MIME Vulnerability
4129| [611] Vixie Cron MAILTO Sendmail Vulnerability
4130| [363] Linux Sendmail Denial of Service Vulnerability
4131| [243] SunOS V8 Sendmail Vulnerability
4132| [110] Metainfo MetaIP and Sendmail Vulnerabilities
4133| [6] SunOS SMI Sendmail Vulnerability
4134| [1] Berkeley Sendmail DEBUG Vulnerability
4135|
4136| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4137| [1838] Sendmail 8.6.11 and 8.6.12 can be tricked into destroying alias database
4138| [1837] Sendmail 8.7 through 8.8.2 could allow local users to gain root privileges
4139| [1836] Sendmail 8.8.0/8.8.1 contains an overflow that could allow remote root access
4140| [1835] Sendmail 8.8.3/8.8.4 contains an overflow that could allow remote root access
4141| [428] Sendmail 8.7.5 stack buffer overflow
4142|
4143| Exploit-DB - https://www.exploit-db.com:
4144| [23154] Sendmail 8.12.9 Prescan() Variant Remote Buffer Overrun Vulnerability
4145| [22442] sendmail 8.11.6 Address Prescan Memory Corruption Vulnerability
4146| [22314] Sendmail 8.12.x Header Processing Buffer Overflow Vulnerability (2)
4147| [22313] Sendmail 8.12.x Header Processing Buffer Overflow Vulnerability (1)
4148| [21919] Sendmail 8.12.6 Trojan Horse Vulnerability
4149| [21884] Sendmail 8.12.x SMRSH Double Pipe Access Validation Vulnerability
4150| [21063] Sendmail 8.11/8.12 Debugger Arbitrary Code Execution Vulnerability (4)
4151| [21062] Sendmail 8.11/8.12 Debugger Arbitrary Code Execution Vulnerability (3)
4152| [21061] Sendmail 8.11/8.12 Debugger Arbitrary Code Execution Vulnerability (2)
4153| [21060] Sendmail 8.11/8.12 Debugger Arbitrary Code Execution Vulnerability (1)
4154| [2051] Sendmail <= 8.13.5 - Remote Signal Handling Exploit PoC
4155| [411] Sendmail 8.11.x Exploit (i386-Linux)
4156| [24] Sendmail <= 8.12.8 prescan() BSD Remote Root Exploit
4157| [23167] Sendmail 8.9.2 Headers Prescan Denial of Service Vulnerability
4158| [21477] Sendmail 8.9.x/8.10.x/8.11.x/8.12.x File Locking Denial of Service Vulnerability (2)
4159| [21476] Sendmail 8.9.x/8.10.x/8.11.x/8.12.x File Locking Denial of Service Vulnerability (1)
4160| [20599] Sendmail 8.6.9 IDENT Remote root Vulnerability
4161| [19701] Eric Allman Sendmail 8.9.1/8.9.3 ETRN Denial of Service Vulnerability
4162| [19602] Eric Allman Sendmail 8.8 .x Socket Hijack Vulnerability
4163| [19556] BSD 2,CND 1,Sendmail 8.x,FreeBSD 2.1.x,HP-UX 10.x,AIX 4,RedHat 4 Sendmail Daemon Vuln
4164|
4165| OpenVAS (Nessus) - http://www.openvas.org:
4166| [11321] Sendmail 8.8.8 to 8.12.7 Double Pipe Access Validation Vulnerability
4167| [11346] Sendmail 8.7.*/8.8.* local overflow
4168|
4169| SecurityTracker - https://www.securitytracker.com:
4170| [1027207] IBM AIX Sendmail Default Configuration Lets Local Users Gain Root Privileges
4171| [1023393] Sendmail NULL Character Flaw in Common Name Field Lets Remote Users Spoof Certficiates
4172| [1018610] Clam AntiVirus clamav-milter for sendmail Unsafe popen() Call Lets Remote Users Execute Arbitrary Code
4173| [1017966] HP-UX Sendmail Lets Remote Users Deny Service
4174| [1016753] Sendmail May Crash When Processing Mail with a Long Header
4175| [1016295] Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service
4176| [1015801] Sendmail Race Condition in Signal Handler May Let Remote Users Trigger a Buffer Overflow to Execute Arbitrary Code
4177| [1011430] Sendmail 'sasl-bin' on Debian Linux Lets Remote Users Relay E-mail
4178| [1007737] Sendmail Ruleset Buffer Overflow Has Unspecified Impact
4179| [1007734] Sendmail Prescan Flaw May Let Remote Users Execute Arbitrary Code With Root Privileges
4180| [1007564] Sendmail DNS Map Initialization Flaw May Let Remote Users Crash the System
4181| [1006794] Sendmail Temporary File Flaw May Let Local Users Gain Elevated Privileges
4182| [1006409] Sendmail Buffer Overflow in Parsing Addresses May Let Remote or Local Users Execute Arbitrary Code With Root Privileges
4183| [1006234] Sun Solaris sendmail '.forward' Bug May Let Local Users Deny Service or Gain Root Privileges
4184| [1006199] Sendmail Buffer Overflow in Parsing Certain Header Comments May Let Remote Users Execute Arbitrary Code with Root Privileges
4185| [1006126] HP-UX Bastille Configuration Error Lets Remote Users Query Sendmail With EXPN and VRFY Commands to Obtain Information About Operating System Users
4186| [1005748] Sendmail 'check_relay' E-mail Access Control Features Can Be Bypassed By Remote Users
4187| [1005329] Sendmail Restricted Shell (smrsh) May Let Local Users Bypass Restrictions to Execute Code
4188| [1004633] Sendmail Mail Server 'Theoretical' Buffer Overflow May Allow Remote Users to Execute Arbitrary Code
4189| [1004368] Sendmail Default File Permissions and Configuration Allows Local Users to Deny Service to Sendmail
4190| [1003523] Sun Solaris mail(1) Utility Lets Programs Pass Command Line Options to Sendmail that Could Give a Local or Remote User Elevated Privileges on the System
4191| [1003258] HP/UX Release of Sendmail May Disclose Unauthorized Information to E-mail Users Under Certain Conditions
4192| [1002474] Sendmail Security Holes Let Local Users Obtain Elevated Privileges on the System, Access the E-mail Queue, and Cause Information Loss
4193| [1002224] Sendmail Command Line Debugging Validation Flaw Lets Local Users Execute Arbitrary Code and Gain Root Privileges
4194| [1001632] Sendmail Signal Handling Race Conditions May Allow Local Users to Modify the Heap and Cause Denial of Service
4195|
4196| OSVDB - http://www.osvdb.org:
4197| [86403] Symphony CMS symphony/system/preferences settings[email_sendmail][from_name] Parameter XSS
4198| [84105] Diary/Notebook Theme for WordPress wp-content/themes/diary/sendmail.php Email Spoofing
4199| [83789] Sendmail accept() Function Local Socket Hijacking Privileged Process Spoofing
4200| [83788] Sendmail on Linux Spoofed Packet Handling Remote DoS
4201| [83267] IBM AIX Sendmail $HOME/.forward Construct Handling Local Privilege Escalation
4202| [74952] WP Forum sendmail.php Arbitrary Mail Relay
4203| [74951] WP Forum sendmail.php Arbitrary User E-mail Address Disclosure
4204| [74746] Cronie Sendmail Invocation cron Job Local Privilege Escalation
4205| [71357] WP Forum Plugin for WordPress wp-content/plugins/wp-forum/sendmail.php id Parameter SQL Injection
4206| [70667] Mail Gem for Ruby lib/mail/network/delivery_methods/sendmail.rb Email From: Address Arbitrary Shell Command Injection
4207| [68761] PHP-Fusion includes/class.phpmailer.php sendmail Parameter Remote Command Execution
4208| [62373] Sendmail X.509 Certificate Null Character MiTM Spoofing Weakness
4209| [60563] PEAR Mail Mail/sendmail.php recipients Parameter Arbitrary File Creation
4210| [60335] HP-UX Bastille Sendmail Misconfiguration NOVRFY / NOEXPN Enablement
4211| [60322] PEAR Mail Sendmail Mail::Send() Function from Parameter Arbitrary Argument Command Injection
4212| [60141] Sendmail Macro Multiple Connection Session Persistence STARTTLS Requirement Bypass
4213| [60140] Sendmail Spoofed DNS Hostname check_relay Function Bypass
4214| [59769] Sendmail Multiple Configuration File Lock Local DoS
4215| [58100] Sendmail Controlling User Queue File Resource Starvation DoS
4216| [56374] Phlatline's Personal Information Manager (pPIM) sendmail.php Arbitrary Email Relay
4217| [54669] Sendmail Mail X-Header Handling Remote Overflow
4218| [53074] Sambar Server /session/sendmail Arbitrary Mail Relay
4219| [43595] Sendmail on Red Hat Enterprise Linux SSLv2 Configuration Persistence Weakness
4220| [39595] Sendmail on SunOS Multiple Unspecified Issues
4221| [39164] @Mail sendmail.php Unspecified XSS
4222| [39142] Sendmail Header Processing Multiple Unspecified Overflows
4223| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
4224| [37206] PHPMailer class.phpmailer.php SendmailSend Function Arbitrary Command Execution
4225| [37203] Bugzilla email_in.pl Email::Send::Sendmail Function Arbitrary Command Execution
4226| [36909] ClamAV clamav-milter black-hole-mode Sendmail Recipient Field Arbitrary Command Execution
4227| [36249] Mini Web Shop sendmail.php PATH_INFO Parameter XSS
4228| [35693] Sendmail on Red Hat Enterprise Linux localhost.localdomain Mail Spoofing
4229| [35301] Sendmail on HP-UX Unspecified DoS
4230| [32843] Indexu sendmail.php Multiple Parameter XSS
4231| [32173] Blue Magic Board sendmail.php Direct Request Path Disclosure
4232| [28423] Indexu sendmail.php theme_path Parameter Remote File Inclusion
4233| [28254] VBZooM sendmail.php UserID Parameter SQL Injection
4234| [28193] Sendmail Header Processing Overflow DoS
4235| [26197] Sendmail Multi-Part MIME Message Handling DoS
4236| [25270] PHP w/ Sendmail Mail Function additional_parameters Argument Arbitrary File Creation
4237| [24951] Manila sendMail referer Parameter XSS
4238| [24037] Sendmail Signal Handler Race Condition Remote Overflow
4239| [23721] bMail sendmail.php SQL Injection
4240| [18310] BMForum sendmail.php Path Disclosure
4241| [17005] Sendmail Forward/Include File Parent Directory Permission Issue
4242| [17004] Sendmail NFS Mount safechown Bypass
4243| [17003] Sendmail Alias Rebuild Symlink Issue
4244| [17002] Sendmail lstat Symlink Race Arbitrary Privileged File Creation
4245| [17001] Sendmail initgroups() Privilege Drop Failure Issue
4246| [16983] Sendmail -B Parameter Malformed Body Type Issue
4247| [16982] Sendmail Long Parameter syslog() Function Overflow
4248| [16862] Oracle Application Server sendmail.jsp Sample Script Arbitrary Mail Relay
4249| [16788] Sendmail .forward Symlink Arbitrary File Access
4250| [16745] Sendmail Terminal Connection Unspecified Issue
4251| [16744] Sendmail on SysV include File Privilege Escalation
4252| [16743] Sendmail Written File Symlink Issue
4253| [16742] Sendmail -odq Custom Queue Injection Privilege Escalation
4254| [16741] Sendmail Unspecified Traversal Arbitrary File Access
4255| [16740] Sendmail Restricted Shell NFS Mount .forward Arbitrary Command Execution
4256| [16739] Sendmail Arbitrary User .forward Ownership Modification
4257| [16738] Sendmail -oL Unprivileged Logging Disable
4258| [16737] Sendmail Unspecified Arbitrary Local File Access
4259| [16647] Sendmail .forward Arbitrary Non-root Command Execution
4260| [16627] Sendmail Unspecified Arbitrary File Write
4261| [16454] Sendmail mail from: Piped Command Execution
4262| [16128] Sendmail Unspecified Command Line Argument Issue
4263| [16076] Sendmail Unspecified Security Issue
4264| [16018] Mailreader with Sendmail compose.cgi Arbitrary Command Execution
4265| [15962] Sendmail wiz Command Remote Authentication Bypass
4266| [15961] Sendmail uucp Account .forward Arbitrary File Access
4267| [15901] Sendmail Configuration Freeze .fc File Ownership Issue
4268| [15872] Sendmail dead.letter Symlink Arbitrary File Modification
4269| [15824] PMDF Sendmail Debug Mode Symlink Arbitrary File Overwrite
4270| [15760] Sendmail Group Privilege Retention Privilege Escalation
4271| [15726] Sendmail -C Arbitrary Privilege File Disclosure
4272| [15617] Sendmail smtpmessage Unspecified Overflow
4273| [15454] Sendmail Double rcpt to: Arbitrary Remote File Modification
4274| [15265] Sendmail Unspecified Multiple Security Issues
4275| [15147] Solaris sendmail .forward Local Privilege Escalation
4276| [15042] Sendmail HUP Signal Arbitrary Privileged Command Execution
4277| [14880] SunOS Sendmail -oR Option IFS Variable Privilege Escalation
4278| [14702] Sendmail on ftp.sendmail.org Trojaned Distribution
4279| [12265] Sendmail Arbitrary File Append Privilege Escalation
4280| [11995] SunOS SMI Sendmail Unspecified Remote Issue
4281| [10374] Sendmail 'sasl-bin' on Debian Linux Arbitrary Mail Relay
4282| [9352] Sendmail Alias Piped Input Issue
4283| [9312] HP-UX Sendmail Unspecified Connection DoS
4284| [9311] Sendmail Parsing Policy Weakness Arbitrary Mail Relay
4285| [9310] Sendmail Header Prescan Function Message Header DoS
4286| [9309] Sendmail MIME Conversion Malformed Header Overflow
4287| [9308] Debian Sendmail doublebounce.pl Script Insecure Temp File Privilege Escalation
4288| [9307] Debian Sendmail checksendmail Script Insecure Temp File Privilege Escalation
4289| [9306] Debian Sendmail expn Script Insecure Temp File Privilege Escalation
4290| [9305] Sendmail Consortium smrsh Special Character Restriction Bypass
4291| [9303] Sendmail RestrictQueueRun Option Debug Mode Local Information Disclosure
4292| [9302] Sendmail RestrictQueueRun Option Multiple Argument Local DoS
4293| [9301] Sendmail -C Malformed Configuration Local Privilege Escalation
4294| [8745] SunOS SMI Sendmail Remote bin Access
4295| [8294] Sendmail NOCHAR Control Value prescan Remote Overflow
4296| [7993] IBM AIX sendmail.cf Configuration Unauthorized Mail Relay
4297| [7649] SCO OpenServer MMDF sendmail First Argument Local Overflow
4298| [7626] SCO UnixWare sendmail.cf Config File Privilege Escalation
4299| [7530] Sendmail -debug Local Privilege Escalation
4300| [6480] Sendmail DNS Map Code Remote DoS
4301| [6066] Linuxconf mailconf Improper Sendmail Relay Configuration
4302| [5935] Sendmail SMTP RCPT TO Saturation DoS
4303| [5853] Sendmail Alias Database Deletion DoS
4304| [5815] Sambar Server sendmail.stm Multiple Parameter XSS
4305| [5574] Sendmail DNS Response MIME QF Command Injection
4306| [5429] Sendmail Insecure Signal Handling Local DoS
4307| [5056] Sendmail Custom DNS Map TXT Query Overflow
4308| [4747] Sendmail IDENT Overflow Logging Bypass
4309| [4502] Sendmail headers.c crackaddr Function Address Field Handling Remote Overflow
4310| [3241] AUSCERT sendmail_wrapper.c Local Overflow
4311| [2577] Sendmail prescan() Function Remote Overflow
4312| [2129] Sendmail -oE Option Arbitrary Local File Access
4313| [1877] Sendmail Control File Descriptor Race Condition
4314| [1299] Sendmail mail.local Newline Handling Remote DoS
4315| [1182] Sendmail Crafted ETRN Commands Remote DoS
4316| [1154] Sendmail Aliases Database Unprivileged Regeneration DoS
4317| [1115] Sendmail GECOS Field Local Overflow
4318| [1114] Sendmail Daemon Mode Local Privilege Escalation
4319| [1113] Sendmail Group Write File Hardlink Privilege Escalation
4320| [1061] Vixie Cron MAILTO Sendmail Variable Manipulation
4321| [903] Sendmail -oQ Arbitrary Privileged File Local Access
4322| [676] Sendmail -bt Option Local Overflow
4323| [605] Sendmail -d category Value Local Overflow
4324| [485] Sendmail mime7to8() Function Remote Overflow
4325| [317] Sambar sendmail CGI Arbitrary Mail Relay
4326| [237] WebGais websendmail CGI Arbitrary Command Execution
4327| [219] Sendmail IDENT Function Remote Overflow
4328| [205] Sendmail HELO Command Mail Identity Concealment
4329| [203] SunOS Sendmail mail from/rcpt to Pipe Arbitrary Command Execution
4330| [198] Sendmail Multiple Method E-mail Relay
4331| [196] Sendmail decode Alias Arbitrary File Overwrite
4332| [195] Sendmail DEBUG Arbitrary Remote Command Execution
4333| [110] MetaInfo Sendmail Traversal Arbitrary Command Execution
4334|_
4335993/tcp open ssl/imap Courier Imapd (released 2015)
4336| vulscan: VulDB - https://vuldb.com:
4337| [100906] Accellion FTA WAF Filter courier/1000@/index.html cross site scripting
4338| [11638] Courier MTA Webmail Server 0.73 External File System denial of service
4339| [59792] Cyrus IMAPd 2.4.11 weak authentication
4340| [50729] e-Courier CMS wizard_oe2.asp Wizard_tracking.asp cross site scripting
4341| [50725] e-Courier CMS cross site scripting
4342| [46287] Pre Courier and Cargo Business unknown vulnerability
4343| [45619] Courier-mta Courtier-authlib up to 0.61.1 authpgsqllib.c sql injection
4344| [37927] Ipswitch Ipswitch Collaboration Suite up to 2006.1 IMAP Service imapd32.exe memory corruption
4345| [35759] Atrium MERCUR IMAPD IMAP4 mcrimap4.exe memory corruption
4346| [36320] Double Precision Incorporated courier-imap up to 4.1.1 Login privilege escalation
4347|
4348| MITRE CVE - https://cve.mitre.org:
4349| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
4350| [CVE-2011-3481] The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
4351| [CVE-2011-3372] imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
4352| [CVE-2010-1328] Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section.
4353| [CVE-2010-1327] Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
4354| [CVE-2009-3905] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to (1) Wizard_tracking.asp, (2) wizard_oe2.asp, (3) your-register.asp, (4) main-whyregister.asp, and (5) your.asp in home/, and other unspecified vectors. NOTE: the provenance of this information is unknown
4355| [CVE-2009-3901] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified vectors.
4356| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
4357| [CVE-2008-7012] courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters.
4358| [CVE-2008-6984] Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.
4359| [CVE-2008-6054] PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
4360| [CVE-2008-3850] Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html.
4361| [CVE-2008-2667] SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.
4362| [CVE-2008-2380] SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.
4363| [CVE-2007-5740] The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
4364| [CVE-2007-5018] Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.
4365| [CVE-2007-3925] Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
4366| [CVE-2007-1579] Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
4367| [CVE-2007-1578] Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
4368| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
4369| [CVE-2006-6762] The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
4370| [CVE-2006-6761] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
4371| [CVE-2006-6425] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
4372| [CVE-2006-6424] Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow
4373| [CVE-2006-6390] Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/
4374| [CVE-2006-2659] libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
4375| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
4376| [CVE-2005-3532] authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
4377| [CVE-2005-2278] Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
4378| [CVE-2005-2151] spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
4379| [CVE-2005-1256] Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
4380| [CVE-2005-1249] The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
4381| [CVE-2005-1015] Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
4382| [CVE-2005-0546] Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
4383| [CVE-2004-0777] Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.
4384| [CVE-2004-0224] Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
4385| [CVE-2003-1322] Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
4386| [CVE-2003-0040] SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
4387| [CVE-2002-1782] The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.
4388| [CVE-2002-1604] Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
4389| [CVE-2002-1311] Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
4390| [CVE-2002-0997] Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
4391| [CVE-2002-0914] Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.
4392| [CVE-2002-0436] sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.
4393| [CVE-2002-0379] Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
4394| [CVE-2001-0691] Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
4395| [CVE-2000-0284] Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
4396| [CVE-1999-1557] Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
4397| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
4398| [CVE-1999-1224] IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
4399|
4400| SecurityFocus - https://www.securityfocus.com/bid/:
4401| [84605] Pre Courier And Cargo Business CVE-2008-6054 Remote Security Vulnerability
4402| [84478] imapd CVE-1999-1224 Denial-Of-Service Vulnerability
4403| [75469] Courier Mail Server Multiple Memory Corruption Vulnerabilities
4404| [65650] Eudora WorldMail imapd 'UID' Command Buffer Overflow Vulnerability
4405| [51403] Eudora WorldMail imapd 'LIST' Command Buffer Overflow Vulnerability
4406| [49949] Cyrus IMAPd NTTP Logic Error Authentication Bypass Vulnerability
4407| [41970] e-Courier CMS 'UserGUID' Parameter Multiple Cross Site Scripting Vulnerabilities
4408| [32926] Courier-Authlib Non-Latin Character Handling Postgres SQL Injection Vulnerability
4409| [29605] Courier-Authlib Non-Latin Character Handling SQL Injection Vulnerability
4410| [26270] Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
4411| [25733] Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
4412| [23589] Courier-IMAP XMAILDIR Shell Command Injection Vulnerability
4413| [23058] Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
4414| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
4415| [18345] Courier Mail Server Username Encoding Remote Denial Of Service Vulnerability
4416| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
4417| [15980] Qualcomm WorldMail IMAPD Buffer Overflow Vulnerability
4418| [15771] Courier Mail Server Unauthorized Access Vulnerability
4419| [15753] Ipswitch Collaboration Suite and IMail Server IMAPD LIST Command Denial Of Service Vulnerability
4420| [14135] Courier Mail Server Remote Denial Of Service Vulnerability
4421| [12636] Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities
4422| [11738] Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities
4423| [11729] Cyrus IMAPD Multiple Remote Vulnerabilities
4424| [10976] Courier-IMAP Remote Format String Vulnerability
4425| [9845] Courier Multiple Remote Buffer Overflow Vulnerabilities
4426| [6738] Courier-IMAP Username SQL Injection Vulnerability
4427| [6298] Cyrus IMAPD Pre-Login Heap Corruption Vulnerability
4428| [6189] Courier SqWebMail File Disclosure Vulnerability
4429| [4908] Courier MTA Long Year Remote Resource Consumption Vulnerability
4430| [4713] Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability
4431| [4269] Sun Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
4432| [2856] Imapd 'Local' Buffer Overflow Vulnerabilities
4433| [1110] Univ. Of Washington imapd Buffer Overflow Vulnerabilities
4434| [502] NT IMail Imapd Buffer Overflow DoS Vulnerability
4435| [130] imapd Buffer Overflow Vulnerability
4436|
4437| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4438| [70325] Cyrus IMAPd NNTP security bypass
4439| [54180] e-Courier CMS multiple scripts cross-site scripting
4440| [54143] e-Courier CMS index.asp cross-site scripting
4441| [47526] UW-imapd rfc822_output_char() denial of service
4442| [47494] Courier Authentication Library Postgres SQL injection
4443| [47436] PRE COURIER &
4444| [43628] Novell OpenSUSE courier-authlib SQL injection
4445| [42950] Courier authentication library username SQL injection
4446| [33805] Gentoo Courier-IMAP command execution
4447| [26998] Courier Mail Server libs/comverp.c usernames denial of service
4448| [23532] Courier Mail Server authentication daemon allows deactivated account access
4449| [22629] RHSA-2005:408 updates for cyrus-imapd not installed
4450| [21565] Courier Mail Server rfc1035/spf.c denial of service
4451| [19460] Cyrus IMAP imapd buffer overflow
4452| [19455] Cyrus IMAP imapd extension off-by-one buffer overflow
4453| [18492] Novell NetMail IMAPD 101_mEna buffer overflow
4454| [17034] Courier-IMAP auth_debug format string attack
4455| [15434] Courier Japanese codeset converter buffer overflow
4456| [11213] Courier-IMAP authpgsqllib username SQL injection
4457| [10803] UW IMAP (wu-imapd) authenticated user buffer overflow
4458| [10643] Courier sqwebmail mail transport agent (MTA) fails to properly enforce permissions
4459| [9238] UW IMAP (wu-imapd) could allow a remote attacker to access arbitrary files
4460| [9228] Courier MTA long year denial of service
4461| [9055] UW IMAP (wu-imapd) partial mailbox attributes to request buffer overflow
4462| [7345] Slackware Linux imapd and ipop3d core dump
4463| [573] Imapd denial of service
4464|
4465| Exploit-DB - https://www.exploit-db.com:
4466| [30724] Perdition 1.17 IMAPD __STR_VWRITE Remote Format String Vulnerability
4467| [22061] Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 Pre-Login Heap Corruption Vulnerability
4468| [21443] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (2)
4469| [21442] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (1)
4470| [21340] Solaris 7.0/8 Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
4471| [19849] UoW imapd 10.234/12.264 COPY Buffer Overflow (meta)
4472| [19848] UoW imapd 10.234/12.264 LSUB Buffer Overflow (meta)
4473| [19847] UoW imapd 10.234/12.264 Buffer Overflow Vulnerabilities
4474| [19377] Ipswitch IMail 5.0 Imapd Buffer Overflow DoS Vulnerability
4475| [19107] Netscape Messaging Server 3.55,University of Washington imapd 10.234 Buffer Overflow Vulnerability
4476| [18354] WorldMail imapd 3.0 SEH overflow (egg hunter)
4477| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
4478| [16485] MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow
4479| [16482] MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
4480| [16480] MailEnable IMAPD W3C Logging Buffer Overflow
4481| [16477] Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow
4482| [16475] MailEnable IMAPD (2.35) Login Request Buffer Overflow
4483| [16474] Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow
4484| [4429] Mercury/32 4.52 IMAPD SEARCH command Post-Auth Overflow Exploit
4485| [3627] IPSwitch IMail Server <= 8.20 IMAPD Remote Buffer Overflow Exploit
4486| [3527] Mercur IMAPD 5.00.14 Remote Denial of Service Exploit (win32)
4487| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
4488| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
4489| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
4490| [1380] Eudora Qualcomm WorldMail 3.0 (IMAPd) Remote Overflow Exploit
4491| [1332] MailEnable 1.54 Pro Universal IMAPD W3C Logging BoF Exploit
4492| [1327] FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
4493| [1151] MDaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow Exploit
4494| [1124] IPSwitch IMail Server <= 8.15 IMAPD Remote Root Exploit
4495| [915] MailEnable Enterprise 1.x Imapd Remote Exploit
4496| [903] Cyrus imapd 2.2.4 - 2.2.8 (imapmagicplus) Remote Exploit
4497| [432] Courier-IMAP <= 3.0.2-r1 auth_debug() Remote Format String Exploit
4498| [340] Linux imapd Remote Overflow File Retrieve Exploit
4499|
4500| OpenVAS (Nessus) - http://www.openvas.org:
4501| [881425] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 x86_64
4502| [881403] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 x86_64
4503| [881397] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 x86_64
4504| [881370] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 x86_64
4505| [881318] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 x86_64
4506| [881255] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 x86_64
4507| [881050] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 i386
4508| [881049] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 i386
4509| [881007] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 i386
4510| [880978] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 i386
4511| [880958] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 i386
4512| [880905] CentOS Update for cyrus-imapd CESA-2009:1459 centos4 i386
4513| [880864] CentOS Update for cyrus-imapd CESA-2009:1459 centos5 i386
4514| [880826] CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386
4515| [880536] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 i386
4516| [870520] RedHat Update for cyrus-imapd RHSA-2011:1508-01
4517| [870489] RedHat Update for cyrus-imapd RHSA-2011:1317-01
4518| [870443] RedHat Update for cyrus-imapd RHSA-2011:0859-01
4519| [864075] Fedora Update for cyrus-imapd FEDORA-2011-13832
4520| [863585] Fedora Update for cyrus-imapd FEDORA-2011-13869
4521| [863579] Fedora Update for cyrus-imapd FEDORA-2011-13860
4522| [863281] Fedora Update for cyrus-imapd FEDORA-2011-7193
4523| [863273] Fedora Update for cyrus-imapd FEDORA-2011-7217
4524| [831590] Mandriva Update for cyrus-imapd MDVSA-2012:037 (cyrus-imapd)
4525| [831468] Mandriva Update for cyrus-imapd MDVSA-2011:149 (cyrus-imapd)
4526| [831410] Mandriva Update for cyrus-imapd MDVSA-2011:100 (cyrus-imapd)
4527| [831207] Mandriva Update for cyrus-imapd MDVA-2010:208 (cyrus-imapd)
4528| [800149] UW-imapd tmail and dmail BOF Vulnerabilities (Linux)
4529| [70696] Debian Security Advisory DSA 2377-1 (cyrus-imapd-2.2)
4530| [70407] Debian Security Advisory DSA 2318-1 (cyrus-imapd-2.2)
4531| [69965] Debian Security Advisory DSA 2258-1 (kolab-cyrus-imapd)
4532| [69740] Debian Security Advisory DSA 2242-1 (cyrus-imapd-2.2)
4533| [66416] Mandriva Security Advisory MDVSA-2009:229-1 (cyrus-imapd)
4534| [66233] SLES10: Security update for Cyrus IMAPD
4535| [66226] SLES11: Security update for Cyrus IMAPD
4536| [66222] SLES9: Security update for Cyrus IMAPD
4537| [65938] SLES10: Security update for Cyrus IMAPD
4538| [65723] SLES11: Security update for Cyrus IMAPD
4539| [65523] SLES9: Security update for Cyrus IMAPD
4540| [65479] SLES9: Security update for cyrus-imapd
4541| [65094] SLES9: Security update for cyrus-imapd
4542| [64989] CentOS Security Advisory CESA-2009:1459 (cyrus-imapd)
4543| [64977] Debian Security Advisory DSA 1893-1 (cyrus-imapd-2.2 kolab-cyrus-imapd)
4544| [64965] Fedora Core 11 FEDORA-2009-9901 (cyrus-imapd)
4545| [64963] Fedora Core 10 FEDORA-2009-9869 (cyrus-imapd)
4546| [64898] FreeBSD Ports: cyrus-imapd
4547| [64864] Debian Security Advisory DSA 1881-1 (cyrus-imapd-2.2)
4548| [64847] Fedora Core 10 FEDORA-2009-9428 (cyrus-imapd)
4549| [64846] Fedora Core 11 FEDORA-2009-9417 (cyrus-imapd)
4550| [64838] Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd)
4551| [64271] CentOS Security Advisory CESA-2009:1116 (cyrus-imapd)
4552| [63556] Gentoo Security Advisory GLSA 200903-25 (courier-authlib)
4553| [63063] Debian Security Advisory DSA 1688-2 (courier-authlib)
4554| [63031] Debian Security Advisory DSA 1688-1 (courier-authlib)
4555| [61600] Gentoo Security Advisory GLSA 200809-05 (courier-authlib)
4556| [61192] FreeBSD Ports: courier-authlib
4557| [58224] Gentoo Security Advisory GLSA 200704-18 (courier-imap)
4558| [57856] Gentoo Security Advisory GLSA 200608-06 (Courier)
4559| [57001] Debian Security Advisory DSA 1101-1 (courier)
4560| [55972] Debian Security Advisory DSA 917-1 (courier)
4561| [55807] Slackware Advisory SSA:2005-310-06 imapd
4562| [55421] Debian Security Advisory DSA 820-1 (courier)
4563| [55204] Debian Security Advisory DSA 793-1 (courier)
4564| [55165] Debian Security Advisory DSA 784-1 (courier)
4565| [54861] Gentoo Security Advisory GLSA 200502-29 (cyrus-imapd)
4566| [54755] Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd)
4567| [54649] Gentoo Security Advisory GLSA 200408-19 (courier-imap)
4568| [54632] Gentoo Security Advisory GLSA 200408-02 (Courier)
4569| [54531] Gentoo Security Advisory GLSA 200403-06 (Courier)
4570| [53739] Debian Security Advisory DSA 215-1 (cyrus-imapd)
4571| [53589] Debian Security Advisory DSA 247-1 (courier)
4572| [53441] Debian Security Advisory DSA 197-1 (courier)
4573| [53288] Debian Security Advisory DSA 597-1 (cyrus-imapd)
4574| [53222] Debian Security Advisory DSA 533-1 (courier)
4575| [52431] FreeBSD Ports: courier
4576| [52418] FreeBSD Ports: courier-imap
4577| [52297] FreeBSD Ports: cyrus-imapd
4578| [52296] FreeBSD Ports: cyrus-imapd
4579| [52295] FreeBSD Ports: cyrus-imapd
4580| [52294] FreeBSD Ports: cyrus-imapd
4581| [52172] FreeBSD Ports: cyrus-imapd
4582|
4583| SecurityTracker - https://www.securitytracker.com:
4584| [1016248] Courier Mailing List Manager Lets Remote Users Deny Service
4585| [1014798] Courier Mail Server Error in Processing SPF Responses May Let Remote Users Deny Service
4586| [1013278] Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
4587| [1010982] Courier-IMAP Format String Flaw in auth_debug() Lets Remote Users Execute Arbitrary Code
4588| [1009455] Courier Mail Server 'iso2022jp' and 'shiftjis' Buffer Overflows May Let Remote Users Execute Arbitrary Code
4589| [1006101] Courier Mail Transfer Agent May Let Remote Users Inject and Execute SQL Statements
4590| [1005639] Courier SqWebMail Privilege Dropping Bug Lets Local Users View Files on the System
4591| [1004433] Courier Mail Server Input Validation Bug Lets Remote Users Send Mail Containing Bogus Dates to Cause the Server to Consume Available CPU Resources
4592|
4593| OSVDB - http://www.osvdb.org:
4594| [86050] Courier Authentication Library (courier-authlib) Multiple Unspecified Issues
4595| [78304] Eudora WorldMail imapd SEH LIST Command Parsing Remote Overflow
4596| [75445] Cyrus IMAP Server imapd index.c index_get_ids Function References Header NULL Dereference Remote DoS
4597| [63879] Courier MTA localmailfilter Error Message Handling Remote DoS
4598| [59669] e-Courier CMS home/your.asp UserGUID Parameter XSS
4599| [59668] e-Courier CMS home/main-whyregister.asp UserGUID Parameter XSS
4600| [59667] e-Courier CMS home/your-register.asp UserGUID Parameter XSS
4601| [59666] e-Courier CMS home/wizard_oe2.asp UserGUID Parameter XSS
4602| [59665] e-Courier CMS home/Wizard_tracking.asp UserGUID Parameter XSS
4603| [59662] e-Courier CMS home/index.asp UserGUID Parameter XSS
4604| [57843] Cyrus IMAP Server (cyrus-imapd) SIEVE Script Component (sieve/script.c) Crafted Script Handling Overflow
4605| [57681] UoW imap Server (uw-imapd) Arbitrary Remote File Access
4606| [52906] UW-imapd c-client Initial Request Remote Format String
4607| [52905] UW-imapd c-client Library RFC822BUFFER Routines rfc822_output_char Function Off-by-one
4608| [52456] UW-imapd on Debian Linux LOGIN Command Remote DoS
4609| [50872] Pre Courier and Cargo Business dbcourior.mdb Direct Request Database Disclosure
4610| [50811] Courier Authentication Library authpgsqllib.c Unspecified SQL Injection
4611| [49485] UW-imapd dmail Utility Mailbox Name Handling Overflow
4612| [49484] UW-imapd tmail Utility Mailbox Name Handling Overflow
4613| [48242] Accellion File Transfer Appliance courier/1000@/api_error_email.html Arbitrary Mail Relay
4614| [47516] openSUSE courier-authlib Unspecified SQL Injection
4615| [46049] Courier Authentication Library Username SQL Injection
4616| [42004] Perdition Mail Retrieval Proxy IMAPD IMAP Tag Remote Format String Arbitrary Code Execution
4617| [39670] Mercury Mail Transport System IMAPD SEARCH Command Remote Overflow
4618| [35274] Gentoo courier-imap XMAILDIR Variable Remote Command Injection
4619| [31746] Quick.Cart couriers.php config[db_type] Parameter Traversal Local File Inclusion
4620| [31362] Novell NetMail IMAP Daemon (IMAPD) APPEND Command Remote Overflow
4621| [31361] Novell NetMail IMAP Daemon (IMAPD) APPEND Command DoS
4622| [31360] Novell NetMail IMAP Daemon (IMAPD) SUBSCRIBE Command Remote Overflow
4623| [26232] Courier Mail Server Crafted Username Encoding DoS
4624| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
4625| [21541] Courier Mail Server courier-authdaemon Deactivated Account Authentication Bypass
4626| [18179] HP Tru64 UNIX imapd NLSPATH Environment Variable Local Overflow
4627| [17718] Courier Mail Server DNS SPF Record Lookup Failure Memory Corruption DoS
4628| [14521] Courier sqwebmail Startup Sequence Arbitrary File Access
4629| [13242] UW-imapd CRAM-MD5 Authentication Bypass
4630| [12385] Novell NetMail IMAPD 101_mEna Script Remote Overflow
4631| [12042] UoW imapd Multiple Unspecified Overflows
4632| [12037] UoW imapd (UW-IMAP) Multiple Command Remote Overflows
4633| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
4634| [10598] Sun Sunsolve CD Pack sscd_suncourier.pl email Parameter Arbitrary Command Execution
4635| [9506] PostgreSQL Auth Module For Courier User Name Parameter SQL Injection
4636| [9013] Courier-IMAP debug.c auth_debug() Function Remote Format String
4637| [6927] Courier Japanese Codeset shiftjis.c Conversion Overflow
4638| [5052] Double Precision Courier MTA Invalid Year DoS
4639| [4194] Courier Japanese Codeset iso2022jp.c Conversion Overflow
4640| [911] UoW imapd AUTHENTICATE Command Remote Overflow
4641| [790] UoW imap Server (uw-imapd) BODY Request Remote Overflow
4642| [519] UoW imapd SIGABRT Signal Forced Crash Information Disclosure
4643|_
4644995/tcp open ssl/pop3 Courier pop3d
4645| vulscan: VulDB - https://vuldb.com:
4646| [100906] Accellion FTA WAF Filter courier/1000@/index.html cross site scripting
4647| [11638] Courier MTA Webmail Server 0.73 External File System denial of service
4648| [50729] e-Courier CMS wizard_oe2.asp Wizard_tracking.asp cross site scripting
4649| [50725] e-Courier CMS cross site scripting
4650| [46287] Pre Courier and Cargo Business unknown vulnerability
4651| [45619] Courier-mta Courtier-authlib up to 0.61.1 authpgsqllib.c sql injection
4652| [36320] Double Precision Incorporated courier-imap up to 4.1.1 Login privilege escalation
4653|
4654| MITRE CVE - https://cve.mitre.org:
4655| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
4656| [CVE-2010-1328] Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section.
4657| [CVE-2010-1327] Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
4658| [CVE-2009-3905] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to (1) Wizard_tracking.asp, (2) wizard_oe2.asp, (3) your-register.asp, (4) main-whyregister.asp, and (5) your.asp in home/, and other unspecified vectors. NOTE: the provenance of this information is unknown
4659| [CVE-2009-3901] Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified vectors.
4660| [CVE-2008-7012] courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters.
4661| [CVE-2008-6984] Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.
4662| [CVE-2008-6054] PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
4663| [CVE-2008-3850] Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html.
4664| [CVE-2008-2667] SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.
4665| [CVE-2008-2380] SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.
4666| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
4667| [CVE-2006-6390] Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/
4668| [CVE-2006-2659] libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
4669| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
4670| [CVE-2005-3532] authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
4671| [CVE-2005-2151] spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
4672| [CVE-2004-0777] Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.
4673| [CVE-2004-0224] Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
4674| [CVE-2003-0040] SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
4675| [CVE-2002-1311] Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
4676| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
4677| [CVE-2002-0914] Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.
4678| [CVE-2002-0436] sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.
4679| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
4680| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
4681| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
4682|
4683| SecurityFocus - https://www.securityfocus.com/bid/:
4684| [84605] Pre Courier And Cargo Business CVE-2008-6054 Remote Security Vulnerability
4685| [75469] Courier Mail Server Multiple Memory Corruption Vulnerabilities
4686| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
4687| [41970] e-Courier CMS 'UserGUID' Parameter Multiple Cross Site Scripting Vulnerabilities
4688| [39838] tpop3d Remote Denial of Service Vulnerability
4689| [32926] Courier-Authlib Non-Latin Character Handling Postgres SQL Injection Vulnerability
4690| [29605] Courier-Authlib Non-Latin Character Handling SQL Injection Vulnerability
4691| [23589] Courier-IMAP XMAILDIR Shell Command Injection Vulnerability
4692| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
4693| [18345] Courier Mail Server Username Encoding Remote Denial Of Service Vulnerability
4694| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
4695| [15771] Courier Mail Server Unauthorized Access Vulnerability
4696| [14135] Courier Mail Server Remote Denial Of Service Vulnerability
4697| [10976] Courier-IMAP Remote Format String Vulnerability
4698| [9845] Courier Multiple Remote Buffer Overflow Vulnerabilities
4699| [8495] akpop3d User Name SQL Injection Vulnerability
4700| [8473] Vpop3d Remote Denial Of Service Vulnerability
4701| [6738] Courier-IMAP Username SQL Injection Vulnerability
4702| [6189] Courier SqWebMail File Disclosure Vulnerability
4703| [4908] Courier MTA Long Year Remote Resource Consumption Vulnerability
4704| [4269] Sun Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
4705| [3990] ZPop3D Bad Login Logging Failure Vulnerability
4706| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
4707|
4708| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4709| [54180] e-Courier CMS multiple scripts cross-site scripting
4710| [54143] e-Courier CMS index.asp cross-site scripting
4711| [47494] Courier Authentication Library Postgres SQL injection
4712| [47436] PRE COURIER &
4713| [43628] Novell OpenSUSE courier-authlib SQL injection
4714| [42950] Courier authentication library username SQL injection
4715| [33805] Gentoo Courier-IMAP command execution
4716| [26998] Courier Mail Server libs/comverp.c usernames denial of service
4717| [26578] Cyrus IMAP pop3d buffer overflow
4718| [23532] Courier Mail Server authentication daemon allows deactivated account access
4719| [21565] Courier Mail Server rfc1035/spf.c denial of service
4720| [17034] Courier-IMAP auth_debug format string attack
4721| [15434] Courier Japanese codeset converter buffer overflow
4722| [13018] akpop3d authentication code SQL injection
4723| [11213] Courier-IMAP authpgsqllib username SQL injection
4724| [10643] Courier sqwebmail mail transport agent (MTA) fails to properly enforce permissions
4725| [9228] Courier MTA long year denial of service
4726| [7345] Slackware Linux imapd and ipop3d core dump
4727| [6269] imap, ipop2d and ipop3d buffer overflows
4728| [5923] Linuxconf vpop3d symbolic link
4729| [4918] IPOP3D, Buffer overflow attack
4730| [1560] IPOP3D, user login successful
4731| [1559] IPOP3D user login to remote host successful
4732| [1525] IPOP3D, user logout
4733| [1524] IPOP3D, user auto-logout
4734| [1523] IPOP3D, user login failure
4735| [1522] IPOP3D, brute force attack
4736| [1521] IPOP3D, user kiss of death logout
4737| [418] pop3d mktemp creates insecure temporary files
4738|
4739| Exploit-DB - https://www.exploit-db.com:
4740| [23053] Vpop3d Remote Denial of Service Vulnerability
4741| [21340] Solaris 7.0/8 Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability
4742| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
4743| [11893] tPop3d 1.5.3 DoS
4744| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
4745| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
4746| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
4747| [432] Courier-IMAP <= 3.0.2-r1 auth_debug() Remote Format String Exploit
4748|
4749| OpenVAS (Nessus) - http://www.openvas.org:
4750| [63556] Gentoo Security Advisory GLSA 200903-25 (courier-authlib)
4751| [63063] Debian Security Advisory DSA 1688-2 (courier-authlib)
4752| [63031] Debian Security Advisory DSA 1688-1 (courier-authlib)
4753| [61600] Gentoo Security Advisory GLSA 200809-05 (courier-authlib)
4754| [61192] FreeBSD Ports: courier-authlib
4755| [58224] Gentoo Security Advisory GLSA 200704-18 (courier-imap)
4756| [57856] Gentoo Security Advisory GLSA 200608-06 (Courier)
4757| [57001] Debian Security Advisory DSA 1101-1 (courier)
4758| [55972] Debian Security Advisory DSA 917-1 (courier)
4759| [55421] Debian Security Advisory DSA 820-1 (courier)
4760| [55204] Debian Security Advisory DSA 793-1 (courier)
4761| [55165] Debian Security Advisory DSA 784-1 (courier)
4762| [54649] Gentoo Security Advisory GLSA 200408-19 (courier-imap)
4763| [54632] Gentoo Security Advisory GLSA 200408-02 (Courier)
4764| [54531] Gentoo Security Advisory GLSA 200403-06 (Courier)
4765| [53589] Debian Security Advisory DSA 247-1 (courier)
4766| [53441] Debian Security Advisory DSA 197-1 (courier)
4767| [53222] Debian Security Advisory DSA 533-1 (courier)
4768| [52431] FreeBSD Ports: courier
4769| [52418] FreeBSD Ports: courier-imap
4770|
4771| SecurityTracker - https://www.securitytracker.com:
4772| [1016248] Courier Mailing List Manager Lets Remote Users Deny Service
4773| [1014798] Courier Mail Server Error in Processing SPF Responses May Let Remote Users Deny Service
4774| [1010982] Courier-IMAP Format String Flaw in auth_debug() Lets Remote Users Execute Arbitrary Code
4775| [1009455] Courier Mail Server 'iso2022jp' and 'shiftjis' Buffer Overflows May Let Remote Users Execute Arbitrary Code
4776| [1006101] Courier Mail Transfer Agent May Let Remote Users Inject and Execute SQL Statements
4777| [1005639] Courier SqWebMail Privilege Dropping Bug Lets Local Users View Files on the System
4778| [1004433] Courier Mail Server Input Validation Bug Lets Remote Users Send Mail Containing Bogus Dates to Cause the Server to Consume Available CPU Resources
4779|
4780| OSVDB - http://www.osvdb.org:
4781| [86050] Courier Authentication Library (courier-authlib) Multiple Unspecified Issues
4782| [63879] Courier MTA localmailfilter Error Message Handling Remote DoS
4783| [59669] e-Courier CMS home/your.asp UserGUID Parameter XSS
4784| [59668] e-Courier CMS home/main-whyregister.asp UserGUID Parameter XSS
4785| [59667] e-Courier CMS home/your-register.asp UserGUID Parameter XSS
4786| [59666] e-Courier CMS home/wizard_oe2.asp UserGUID Parameter XSS
4787| [59665] e-Courier CMS home/Wizard_tracking.asp UserGUID Parameter XSS
4788| [59662] e-Courier CMS home/index.asp UserGUID Parameter XSS
4789| [50872] Pre Courier and Cargo Business dbcourior.mdb Direct Request Database Disclosure
4790| [50811] Courier Authentication Library authpgsqllib.c Unspecified SQL Injection
4791| [48242] Accellion File Transfer Appliance courier/1000@/api_error_email.html Arbitrary Mail Relay
4792| [47516] openSUSE courier-authlib Unspecified SQL Injection
4793| [46049] Courier Authentication Library Username SQL Injection
4794| [35274] Gentoo courier-imap XMAILDIR Variable Remote Command Injection
4795| [31746] Quick.Cart couriers.php config[db_type] Parameter Traversal Local File Inclusion
4796| [26232] Courier Mail Server Crafted Username Encoding DoS
4797| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
4798| [21541] Courier Mail Server courier-authdaemon Deactivated Account Authentication Bypass
4799| [17718] Courier Mail Server DNS SPF Record Lookup Failure Memory Corruption DoS
4800| [14521] Courier sqwebmail Startup Sequence Arbitrary File Access
4801| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
4802| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
4803| [10598] Sun Sunsolve CD Pack sscd_suncourier.pl email Parameter Arbitrary Command Execution
4804| [9506] PostgreSQL Auth Module For Courier User Name Parameter SQL Injection
4805| [9013] Courier-IMAP debug.c auth_debug() Function Remote Format String
4806| [6927] Courier Japanese Codeset shiftjis.c Conversion Overflow
4807| [5857] Linux pop3d Arbitrary Mail File Access
4808| [5052] Double Precision Courier MTA Invalid Year DoS
4809| [4194] Courier Japanese Codeset iso2022jp.c Conversion Overflow
4810| [2471] akpop3d username SQL Injection
4811|_
4812Service Info: OSs: Unix, FreeBSD; CPE: cpe:/o:freebsd:freebsd
4813#######################################################################################################################################
4814 Anonymous JTSEC #OpWhales Full Recon #5