• No results found

This report contains all 91 results selected by the filtering described above. Before filtering there were 91 results.

N/A
N/A
Protected

Academic year: 2021

Share "This report contains all 91 results selected by the filtering described above. Before filtering there were 91 results."

Copied!
22
0
0

Loading.... (view fulltext now)

Full text

(1)

http (80/tcp)

Results:

This document reports on the results of the Yarubo vulnerability scan. The report first summarises the results found. Then, for each host, the report describes every issue found. Please consider the advice given in each description, in order to rectify the issue.

Vendor security updates are not trusted.

Overrides are on. When a result has an override, this report uses the threat of the override. Notes are included in the report.

This report might not show details of all issues that were found. It only lists hosts that produced issues. Issues with the threat level "Debug" are not shown.

This report contains all 91 results selected by the filtering described above. Before filtering there were 91 results. Scan started:Thu Aug 29 03:00:57 2013

Scan ended: Thu Aug 29 03:12:02 2013

Host Summary

Host Start End High Medium Low Log False Positive

192.168.23.38Aug 29, 03:01:02 Aug 29, 03:12:02 17 29 4 41 0

Total: 1 17 29 4 41 0

Results per Host

Host 192.168.23.38

Scanning of this host started at: 2013-08-29T03:01:02Z Number of results: 91

Port Summary for Host 192.168.23.38

Service (Port) Threat Level

http (80/tcp) High https (443/tcp) High general/tcp Medium daap (3689/tcp) Low http-alt (8080/tcp) Low mysql (3306/tcp) Low ntp (123/udp) Low general/CPE-T Log general/HOST-T Log netbios-ns (137/udp) Log ssh (22/tcp) Log

Security Issues for Host 192.168.23.38

High (CVSS: 10.0)

(2)

http (80/tcp)

http (80/tcp)

http (80/tcp)

Summary:

OpenSSL is prone to an unspecified vulnerability in bn_wexpend().

According to its banner, Yarubo has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8m which is vulnerable.

Solution:

The vendor has released updates. Please see the references for more information.

References

CVE: CVE-2009-3245 BID: 38562

High (CVSS: 9.3)

NVT: PHP version smaller than 5.3.3 (OID: 1.3.6.1.4.1.25623.1.0.110182)

PHP version smaller than 5.3.3 suffers vulnerability. Solution:

Update PHP to version 5.3.3 or later.

References

CVE: CVE-2007-1581, 0397, 1860, 1862, 1864, 1917, 2010-2097, 2010-2100, 2010-2101, 2010-2190, 2010-2191, 2010-2225, 2010-2484, CVE-2010-2531, CVE-2010-3062, CVE-2010-3063, CVE-2010-3064, CVE-2010-3065

BID: 38708, 40461, 40948, 41991

High (CVSS: 7.5)

NVT: OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.100668)

Summary:

OpenSSL is prone to a remote memory-corruption vulnerability. According to its banner, Yarubo has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8o/1.0.0a which is vulnerable

An attacker can exploit this issue by supplying specially crafted structures to a vulnerable application that uses the affected library. Successfully exploiting this issue can allow the attacker to execute arbitrary code. Failed exploit attempts will result in a denial-of-service condition.

Versions of OpenSSL 0.9.h through 0.9.8n and OpenSSL 1.0.x prior to 1.0.0a are affected. Note that Cryptographic Message Syntax (CMS) functionality is only enabled by default in OpenSSL versions 1.0.x. Solution:

Updates are available. Please see the references for more information.

References

CVE: CVE-2010-0742 BID: 40502

High (CVSS: 7.5)

NVT: MacOS X Finder reveals contents of Apache Web directories (OID: 1.3.6.1.4.1.25623.1.0.10756)

MacOS X creates a hidden file, '.DS_Store' in each directory that has been viewed with the↵

'Finder'. This file contains a list of the contents of the directory, giving an attacker ↵

information on the structure and contents of your website. Solution:

Use a <FilesMatch> directive in httpd.conf to forbid retrieval of this file: <FilesMatch '^\.[Dd][Ss]_[Ss]'>

Order allow, deny Deny from all </FilesMatch> and restart Apache.

References

CVE: CVE-2001-1446 BID: 3316, 3325

(3)

http (80/tcp) http (80/tcp) http (80/tcp) http (80/tcp) http (80/tcp) High (CVSS: 7.5) NVT: PHP version 5.3< 5.3.6 (OID: 1.3.6.1.4.1.25623.1.0.110013)

PHP version < 5.3.6 suffers multiple vulnerabilities such as integer overflow vulnerabilit↵

y, buffer overflow error and several casting errors. Recommendation:

Upgrade PHP to 5.3.6 or later versions.

References

CVE: 0421, 0708, 1092, 1153, 1464, 1466, CVE-2011-1467, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470

BID: 46354, 46365, 46786, 46854

High (CVSS: 7.5)

NVT: phpinfo.php (OID: 1.3.6.1.4.1.25623.1.0.11229)

The following files are calling the function phpinfo() which

disclose potentially sensitive information to the remote attacker : /xampp/phpinfo.php

Solution: Delete them or restrict access to them

High (CVSS: 6.8)

NVT: PHP version smaller than 5.3.4 (OID: 1.3.6.1.4.1.25623.1.0.110181)

PHP version smaller than 5.3.4 suffers vulnerability. Solution:

Update PHP to version 5.3.4 or later.

References

CVE: CVE-2006-7243, 2094, 2950, 3436, 3709, 3710, 2010-3870, 2010-4150, 2010-4156, 2010-4409, 2010-4697, 2010-4698, 2010-4699, CVE-2010-4700, CVE-2011-0753, CVE-2011-0754, CVE-2011-0755

BID: 40173, 43926, 44605, 44718, 44723, 44951, 44980, 45119, 45335, 45338, 45339, 45952, 45954, 46056, 46168

High (CVSS: 6.5)

NVT: phpMyAdmin Bookmark Security Bypass Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.103076) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)

Summary:

phpMyAdmin is prone to a security-bypass vulnerability that affects bookmarks.

Successfully exploiting this issue allows a remote attacker to bypass certain security restrictions and perform unauthorized actions. Versions prior to phpMyAdmin 3.3.9.2 and 2.11.11.3 are vulnerable. Solution:

Updates are available. Please see the references for details.

References

CVE: CVE-2011-0987 BID: 46359

High (CVSS: 5.8)

NVT: http TRACE XSS attack (OID: 1.3.6.1.4.1.25623.1.0.11213)

Summary:

Debugging functions are enabled on the remote HTTP server. Description :

The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections.

It has been shown that servers supporting this method are subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when used in conjunction with various weaknesses in browsers.

(4)

https (443/tcp)

https (443/tcp)

https (443/tcp)

An attacker may use this flaw to trick your legitimate web users to give him their credentials.

Solution:

Disable these methods. Plugin output :

Solution:

Add the following lines for each virtual host in your configuration file : RewriteEngine on

RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F]

References

CVE: CVE-2004-2320, CVE-2003-1567 BID: 9506, 9561, 11604

High (CVSS: 10.0)

NVT: OpenSSL 'bn_wexpend()' Error Handling Unspecified Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.100527)

Summary:

OpenSSL is prone to an unspecified vulnerability in bn_wexpend().

According to its banner, Yarubo has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8m which is vulnerable.

Solution:

The vendor has released updates. Please see the references for more information.

References

CVE: CVE-2009-3245 BID: 38562

High (CVSS: 9.3)

NVT: PHP version smaller than 5.3.3 (OID: 1.3.6.1.4.1.25623.1.0.110182)

PHP version smaller than 5.3.3 suffers vulnerability. Solution:

Update PHP to version 5.3.3 or later.

References

CVE: CVE-2007-1581, 0397, 1860, 1862, 1864, 1917, 2010-2097, 2010-2100, 2010-2101, 2010-2190, 2010-2191, 2010-2225, 2010-2484, CVE-2010-2531, CVE-2010-3062, CVE-2010-3063, CVE-2010-3064, CVE-2010-3065

BID: 38708, 40461, 40948, 41991

High (CVSS: 7.5)

NVT: OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.100668)

Summary:

OpenSSL is prone to a remote memory-corruption vulnerability. According to its banner, Yarubo has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8o/1.0.0a which is vulnerable

An attacker can exploit this issue by supplying specially crafted structures to a vulnerable application that uses the affected library. Successfully exploiting this issue can allow the attacker to execute arbitrary code. Failed exploit attempts will result in a denial-of-service condition.

Versions of OpenSSL 0.9.h through 0.9.8n and OpenSSL 1.0.x prior to 1.0.0a are affected. Note that Cryptographic Message Syntax (CMS) functionality is only enabled by default in OpenSSL versions 1.0.x. Solution:

Updates are available. Please see the references for more information.

References

CVE: CVE-2010-0742 BID: 40502

(5)

https (443/tcp) https (443/tcp) https (443/tcp) https (443/tcp) https (443/tcp) High (CVSS: 7.5)

NVT: MacOS X Finder reveals contents of Apache Web directories (OID: 1.3.6.1.4.1.25623.1.0.10756)

MacOS X creates a hidden file, '.DS_Store' in each directory that has been viewed with the↵

'Finder'. This file contains a list of the contents of the directory, giving an attacker ↵

information on the structure and contents of your website. Solution:

Use a <FilesMatch> directive in httpd.conf to forbid retrieval of this file: <FilesMatch '^\.[Dd][Ss]_[Ss]'>

Order allow, deny Deny from all </FilesMatch> and restart Apache.

References

CVE: CVE-2001-1446 BID: 3316, 3325

High (CVSS: 7.5)

NVT: PHP version 5.3< 5.3.6 (OID: 1.3.6.1.4.1.25623.1.0.110013)

PHP version < 5.3.6 suffers multiple vulnerabilities such as integer overflow vulnerabilit↵

y, buffer overflow error and several casting errors. Recommendation:

Upgrade PHP to 5.3.6 or later versions.

References

CVE: 0421, 0708, 1092, 1153, 1464, 1466, CVE-2011-1467, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470

BID: 46354, 46365, 46786, 46854

High (CVSS: 6.8)

NVT: PHP version smaller than 5.3.4 (OID: 1.3.6.1.4.1.25623.1.0.110181)

PHP version smaller than 5.3.4 suffers vulnerability. Solution:

Update PHP to version 5.3.4 or later.

References

CVE: CVE-2006-7243, 2094, 2950, 3436, 3709, 3710, 2010-3870, 2010-4150, 2010-4156, 2010-4409, 2010-4697, 2010-4698, 2010-4699, CVE-2010-4700, CVE-2011-0753, CVE-2011-0754, CVE-2011-0755

BID: 40173, 43926, 44605, 44718, 44723, 44951, 44980, 45119, 45335, 45338, 45339, 45952, 45954, 46056, 46168

High (CVSS: 6.5)

NVT: phpMyAdmin Bookmark Security Bypass Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.103076) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)

Summary:

phpMyAdmin is prone to a security-bypass vulnerability that affects bookmarks.

Successfully exploiting this issue allows a remote attacker to bypass certain security restrictions and perform unauthorized actions. Versions prior to phpMyAdmin 3.3.9.2 and 2.11.11.3 are vulnerable. Solution:

Updates are available. Please see the references for details.

References

CVE: CVE-2011-0987 BID: 46359

(6)

general/tcp

http (80/tcp)

http (80/tcp) NVT: http TRACE XSS attack (OID: 1.3.6.1.4.1.25623.1.0.11213)

Summary:

Debugging functions are enabled on the remote HTTP server. Description :

The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections.

It has been shown that servers supporting this method are subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when used in conjunction with various weaknesses in browsers.

An attacker may use this flaw to trick your legitimate web users to give him their credentials.

Solution:

Disable these methods. Plugin output :

Solution:

Add the following lines for each virtual host in your configuration file : RewriteEngine on

RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F]

References

CVE: CVE-2004-2320, CVE-2003-1567 BID: 9506, 9561, 11604

Medium (CVSS: 2.6)

NVT: TCP timestamps (OID: 1.3.6.1.4.1.25623.1.0.80091)

It was detected that the host implements RFC1323.

The following timestamps were retrieved with a delay of 1 seconds in-between: Paket 1: 1348979171

Paket 2: 1348980125

Medium (CVSS: 5.0)

NVT: OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.100587)

Summary:

OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference.

According to its banner, Yarubo has discovered that the remote

Webserver is using a version prior to OpenSSL 0.9.8n which is vulnerable. An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

OpenSSL versions 0.9.8f through 0.9.8m are vulnerable. Solution:

Updates are available. Please see the references for more information.

References

CVE: CVE-2010-0740 BID: 39013

Medium (CVSS: 5.0)

NVT: Apache UserDir Sensitive Information Disclosure (OID: 1.3.6.1.4.1.25623.1.0.10766)

An information leak occurs on Apache based web servers

whenever the UserDir module is enabled. The vulnerability allows an external attacker to enumerate existing accounts by requesting access to their home directory and monitoring the response.

Solution:

1) Disable this feature by changing 'UserDir public_html' (or whatever) to 'UserDir disabled'.

Or

2) Use a RedirectMatch rewrite rule under Apache -- this works even if there is no such entry in the password file, e.g.:

RedirectMatch ^/~(.*)$ http://my-target-webserver.somewhere.org/$1 Or

(7)

http (80/tcp)

http (80/tcp)

http (80/tcp)

ErrorDocument 404 http://localhost/sample.html ErrorDocument 403 http://localhost/sample.html

(NOTE: You need to use a FQDN inside the URL for it to work properly). Additional Information: http://www.securiteam.com/unixfocus/5WP0C1F5FI.html References CVE: CVE-2001-1013 BID: 3335 Medium (CVSS: 4.3)

NVT: OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerabi... (OID: 1.3.6.1.4.1.25623.1.0.100588)

Summary:

OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference.

According to its banner, Yarubo has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8n which is vulnerable.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

OpenSSL versions 0.9.8m and prior are vulnerable. Solution:

Updates are available. Please see the references for more information.

References

CVE: CVE-2010-0433 BID: 38533

Medium (CVSS: 4.3)

NVT: phpMyAdmin Multiple Cross Site Scripting Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.100761) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)

Summary:

phpMyAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

The following versions are vulnerable:

phpMyAdmin 2.11.x prior to 2.11.10.1 phpMyAdmin 3.x prior to 3.3.5.1 Solution:

Updates are available. Please see the references for details.

References

CVE: CVE-2010-3056 BID: 42584

Medium (CVSS: 4.3)

NVT: phpMyAdmin Debug Backtrace Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.100775) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID:

1.3.6.1.4.1.25623.1.0.900129)

Summary:

phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to phpMyAdmin 3.3.6 are vulnerable; other versions may also be affected.

(8)

http (80/tcp)

http (80/tcp)

http (80/tcp)

Vendor updates are available. Please see the references for more information.

References

CVE: CVE-2010-2958 BID: 42874

Medium (CVSS: 4.3)

NVT: phpMyAdmin Database Search Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.100939) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID:

1.3.6.1.4.1.25623.1.0.900129)

Summary:

phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to phpMyAdmin 3.3.8.1 and 2.11.11.1 are vulnerable. Solution:

Vendor updates are available. Please see the references for more information.

References

CVE: CVE-2010-4329 BID: 45100

Medium (CVSS: 4.3)

NVT: phpMyAdmin Setup Script Request Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.801286) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID:

1.3.6.1.4.1.25623.1.0.900129)

Summary:

The host is running phpMyAdmin and is prone to Cross-Site Scripting Vulnerability.

Vulnerability Insight:

The flaw is caused by an unspecified input validation error when processing spoofed requests sent to setup script, which could be exploited by attackers to cause arbitrary scripting code to be executed on the user's browser session in the security context of an affected site.

Impact:

Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site.

Impact Level: Application Affected Software/OS:

phpMyAdmin versions 3.x before 3.3.7 Solution:

Upgrade to phpMyAdmin version 3.3.7 or later,

For updates refer to http://www.phpmyadmin.net/home_page/downloads.php

References

CVE: CVE-2010-3263

Medium (CVSS: 4.3)

NVT: phpMyAdmin 'error.php' Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.801660) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)

Summary:

The host is running phpMyAdmin and is prone to Cross-Site Scripting Vulnerability.

Vulnerability Insight:

(9)

http (80/tcp)

http (80/tcp)

http (80/tcp)

processing crafted BBcode tags containing '@' characters, which could allow attackers to inject arbitrary HTML code within the error page and conduct phishing attacks.

Impact:

Successful exploitation will allow attackers to inject arbitrary HTML code within the error page and conduct phishing attacks.

Impact Level: Application Affected Software/OS:

phpMyAdmin version 3.3.8.1 and prior. Solution:

No solution or patch is available as of 10th December, 2010. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.phpmyadmin.net/home_page/downloads.php

References

CVE: CVE-2010-4480

Medium (CVSS: 4.3)

NVT: phpMyAdmin 'db' Parameter Stored Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.801851) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID:

1.3.6.1.4.1.25623.1.0.900129)

Summary:

The host is running phpMyAdmin and is prone to Cross-Site Scripting vulnerability.

Vulnerability Insight:

The flaw is caused by improper validation of user-supplied input passed in the 'db' parameter to 'index.php', which allows attackers to execute arbitrary HTML and script code on the web server.

Impact:

Successful exploitation will allow attackers to plant XSS backdoors and inject arbitrary SQL statements via crafted XSS payloads.

Impact Level: Application Affected Software/OS:

phpMyAdmin versions 3.4.x before 3.4.0 beta 3 Solution:

Upgrade to phpMyAdmin version 3.4.0 beta 3 or later.

For updates refer to http://www.phpmyadmin.net/home_page/downloads.php

Medium (CVSS: 4.3)

NVT: XAMPP Web Server Multiple Cross Site Scripting Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.802261)

Summary:

This host is running XAMPP and is prone to multiple cross site scripting vulnerabilities.

Vulnerability Insight:

Multiple flaws are due to improper validation of user-supplied input to the 'text' parameter in 'ming.php' and input appended to the URL in cds.php, that allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

Impact:

Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site.

Impact Level: Application Affected Software/OS:

XAMPP version 1.7.4 and prior Solution:

Upgrade to XAMPP version 1.7.7 or later.

For updates refer to http://www.apachefriends.org/en/xampp.html

Medium (CVSS: 4.3)

NVT: phpMyAdmin Setup Interface Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.902585) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)

(10)

http (80/tcp)

http (80/tcp)

The host is running phpMyAdmin and is prone to cross-site scripting vulnerability.

Vulnerability Insight:

The flaw is due to improper validation of user-supplied input

via the 'Servers-0-verbose' parameter to setup/index.php, which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

Impact:

Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site.

Impact Level: Application Affected Software/OS:

phpMyAdmin versions 3.4.x before 3.4.6 Solution:

Upgrade to phpMyAdmin version 3.4.6 or later,

For updates refer to http://www.phpmyadmin.net/home_page/downloads.php

References

CVE: CVE-2011-4064 BID: 50175

Medium (CVSS: 4.3)

NVT: phpMyAdmin Setup '$host' Variable Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.902802) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID:

1.3.6.1.4.1.25623.1.0.900129)

Summary:

The host is running phpMyAdmin and is prone to cross site scripting vulnerability.

Vulnerability Insight:

The flaw is due to improper validation of user-supplied input via

the '$host' variable within the setup, which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

Impact:

Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site.

Impact Level: Application Affected Software/OS:

phpMyAdmin versions 3.4.x before 3.4.9 Solution:

Upgrade to phpMyAdmin version 3.4.9 or later,

For updates refer to http://www.phpmyadmin.net/home_page/downloads.php

References

CVE: CVE-2011-4780, CVE-2011-4782 BID: 51166

Medium (CVSS: 4.3)

NVT: Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.902830)

Summary:

This host is running Apache HTTP Server and is prone to cookie information disclosure vulnerability.

Vulnerability Insight:

The flaw is due to an error within the default error response for

status code 400 when no custom ErrorDocument is configured, which can be exploited to expose 'httpOnly' cookies.

Impact:

Successful exploitation will allow attackers to obtain sensitive information that may aid in further attacks.

Impact Level: Application Affected Software/OS:

Apache HTTP Server versions 2.2.0 through 2.2.21 Solution:

(11)

http (80/tcp)

http (80/tcp)

https (443/tcp)

For updates refer to http://httpd.apache.org/

References

CVE: CVE-2012-0053 BID: 51706

Medium (CVSS: 2.6)

NVT: Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vul... (OID: 1.3.6.1.4.1.25623.1.0.100130)

Summary:

According to its version number, the remote version of the Apache mod_perl module is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the

affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Solution:

The vendor has released a fix through the SVN repository.

References

CVE: CVE-2009-0796 BID: 34383

Medium (CVSS: 2.6)

NVT: phpMyAdmin pmd_pdf.php Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.800301) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)

Summary:

This host is running phpMyAdmin and is prone to cross site scripting vulnerability.

Vulnerability Insight:

Input passed to the 'db' parameter in pmd_pdf.php file is not properly sanitised before returning to the user.

Impact:

Allows execution of arbitrary HTML and script code, and steal cookie-based authentication credentials.

Impact Level: System Affected Software/OS:

phpMyAdmin phpMyAdmin versions 3.0.1 and prior on all running platform. Solution:

Upgrade to phpMyAdmin 3.0.1.1 or later

References

CVE: CVE-2008-4775 BID: 31928

Medium (CVSS: 5.0)

NVT: OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.100587)

Summary:

OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference.

According to its banner, Yarubo has discovered that the remote

Webserver is using a version prior to OpenSSL 0.9.8n which is vulnerable. An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

OpenSSL versions 0.9.8f through 0.9.8m are vulnerable. Solution:

Updates are available. Please see the references for more information.

References

CVE: CVE-2010-0740 BID: 39013

(12)

https (443/tcp)

https (443/tcp)

https (443/tcp)

Medium (CVSS: 5.0)

NVT: Apache UserDir Sensitive Information Disclosure (OID: 1.3.6.1.4.1.25623.1.0.10766)

An information leak occurs on Apache based web servers

whenever the UserDir module is enabled. The vulnerability allows an external attacker to enumerate existing accounts by requesting access to their home directory and monitoring the response.

Solution:

1) Disable this feature by changing 'UserDir public_html' (or whatever) to 'UserDir disabled'.

Or

2) Use a RedirectMatch rewrite rule under Apache -- this works even if there is no such entry in the password file, e.g.:

RedirectMatch ^/~(.*)$ http://my-target-webserver.somewhere.org/$1 Or

3) Add into httpd.conf:

ErrorDocument 404 http://localhost/sample.html ErrorDocument 403 http://localhost/sample.html

(NOTE: You need to use a FQDN inside the URL for it to work properly). Additional Information: http://www.securiteam.com/unixfocus/5WP0C1F5FI.html References CVE: CVE-2001-1013 BID: 3335 Medium (CVSS: 4.3)

NVT: OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerabi... (OID: 1.3.6.1.4.1.25623.1.0.100588)

Summary:

OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference.

According to its banner, Yarubo has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8n which is vulnerable.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

OpenSSL versions 0.9.8m and prior are vulnerable. Solution:

Updates are available. Please see the references for more information.

References

CVE: CVE-2010-0433 BID: 38533

Medium (CVSS: 4.3)

NVT: phpMyAdmin Multiple Cross Site Scripting Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.100761) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)

Summary:

phpMyAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

The following versions are vulnerable:

phpMyAdmin 2.11.x prior to 2.11.10.1 phpMyAdmin 3.x prior to 3.3.5.1 Solution:

Updates are available. Please see the references for details.

References

CVE: CVE-2010-3056 BID: 42584

(13)

https (443/tcp)

https (443/tcp)

https (443/tcp)

Medium (CVSS: 4.3)

NVT: phpMyAdmin Debug Backtrace Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.100775) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID:

1.3.6.1.4.1.25623.1.0.900129)

Summary:

phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to phpMyAdmin 3.3.6 are vulnerable; other versions may also be affected.

Solution:

Vendor updates are available. Please see the references for more information.

References

CVE: CVE-2010-2958 BID: 42874

Medium (CVSS: 4.3)

NVT: phpMyAdmin Database Search Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.100939) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID:

1.3.6.1.4.1.25623.1.0.900129)

Summary:

phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to phpMyAdmin 3.3.8.1 and 2.11.11.1 are vulnerable. Solution:

Vendor updates are available. Please see the references for more information.

References

CVE: CVE-2010-4329 BID: 45100

Medium (CVSS: 4.3)

NVT: phpMyAdmin Setup Script Request Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.801286) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID:

1.3.6.1.4.1.25623.1.0.900129)

Summary:

The host is running phpMyAdmin and is prone to Cross-Site Scripting Vulnerability.

Vulnerability Insight:

The flaw is caused by an unspecified input validation error when processing spoofed requests sent to setup script, which could be exploited by attackers to cause arbitrary scripting code to be executed on the user's browser session in the security context of an affected site.

Impact:

Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site.

Impact Level: Application Affected Software/OS:

phpMyAdmin versions 3.x before 3.3.7 Solution:

(14)

https (443/tcp)

https (443/tcp)

https (443/tcp)

For updates refer to http://www.phpmyadmin.net/home_page/downloads.php

References

CVE: CVE-2010-3263

Medium (CVSS: 4.3)

NVT: phpMyAdmin 'error.php' Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.801660) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)

Summary:

The host is running phpMyAdmin and is prone to Cross-Site Scripting Vulnerability.

Vulnerability Insight:

The flaw is caused by input validation errors in the 'error.php' script when processing crafted BBcode tags containing '@' characters, which could allow attackers to inject arbitrary HTML code within the error page and conduct phishing attacks.

Impact:

Successful exploitation will allow attackers to inject arbitrary HTML code within the error page and conduct phishing attacks.

Impact Level: Application Affected Software/OS:

phpMyAdmin version 3.3.8.1 and prior. Solution:

No solution or patch is available as of 10th December, 2010. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.phpmyadmin.net/home_page/downloads.php

References

CVE: CVE-2010-4480

Medium (CVSS: 4.3)

NVT: phpMyAdmin 'db' Parameter Stored Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.801851) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID:

1.3.6.1.4.1.25623.1.0.900129)

Summary:

The host is running phpMyAdmin and is prone to Cross-Site Scripting vulnerability.

Vulnerability Insight:

The flaw is caused by improper validation of user-supplied input passed in the 'db' parameter to 'index.php', which allows attackers to execute arbitrary HTML and script code on the web server.

Impact:

Successful exploitation will allow attackers to plant XSS backdoors and inject arbitrary SQL statements via crafted XSS payloads.

Impact Level: Application Affected Software/OS:

phpMyAdmin versions 3.4.x before 3.4.0 beta 3 Solution:

Upgrade to phpMyAdmin version 3.4.0 beta 3 or later.

For updates refer to http://www.phpmyadmin.net/home_page/downloads.php

Medium (CVSS: 4.3)

NVT: XAMPP Web Server Multiple Cross Site Scripting Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.802261)

Summary:

This host is running XAMPP and is prone to multiple cross site scripting vulnerabilities.

Vulnerability Insight:

Multiple flaws are due to improper validation of user-supplied input to the 'text' parameter in 'ming.php' and input appended to the URL in cds.php, that allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

Impact:

(15)

https (443/tcp)

https (443/tcp)

https (443/tcp)

daap (3689/tcp)

and script code, which will be executed in a user's browser session in the context of an affected site.

Impact Level: Application Affected Software/OS:

XAMPP version 1.7.4 and prior Solution:

Upgrade to XAMPP version 1.7.7 or later.

For updates refer to http://www.apachefriends.org/en/xampp.html

Medium (CVSS: 2.6)

NVT: Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vul... (OID: 1.3.6.1.4.1.25623.1.0.100130)

Summary:

According to its version number, the remote version of the Apache mod_perl module is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the

affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Solution:

The vendor has released a fix through the SVN repository.

References

CVE: CVE-2009-0796 BID: 34383

Medium (CVSS: 2.6)

NVT: phpMyAdmin pmd_pdf.php Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.800301) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)

Summary:

This host is running phpMyAdmin and is prone to cross site scripting vulnerability.

Vulnerability Insight:

Input passed to the 'db' parameter in pmd_pdf.php file is not properly sanitised before returning to the user.

Impact:

Allows execution of arbitrary HTML and script code, and steal cookie-based authentication credentials.

Impact Level: System Affected Software/OS:

phpMyAdmin phpMyAdmin versions 3.0.1 and prior on all running platform. Solution:

Upgrade to phpMyAdmin 3.0.1.1 or later

References

CVE: CVE-2008-4775 BID: 31928

Medium (CVSS: 0.0)

NVT: SSL Certificate Expiry (OID: 1.3.6.1.4.1.25623.1.0.15901)

The SSL certificate of the remote service expired on 2010-09-30 09:10:30 UTC!

Low (CVSS: 0.0)

NVT: No 404 check (OID: 1.3.6.1.4.1.25623.1.0.10386)

Synopsis :

Remote web server does not reply with 404 error code. Description :

This web server is [mis]configured in that it does not return '404 Not Found' error codes when a non-existent file is requested, perhaps returning a site map, search page or authentication page

(16)

http-alt (8080/tcp) mysql (3306/tcp) ntp (123/udp) daap (3689/tcp) daap (3689/tcp) daap (3689/tcp) general/CPE-T general/HOST-T instead.

Yarubo enabled some counter measures for that, however they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate

Low (CVSS: 0.0)

NVT: No 404 check (OID: 1.3.6.1.4.1.25623.1.0.10386)

Synopsis :

Remote web server does not reply with 404 error code. Description :

This web server is [mis]configured in that it does not return '404 Not Found' error codes when a non-existent file is requested, perhaps returning a site map, search page or authentication page instead.

Yarubo enabled some counter measures for that, however they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate

Low (CVSS: 0.0)

NVT: Identify unknown services with GET (OID: 1.3.6.1.4.1.25623.1.0.17975)

A MySQL server seems to be running on this port but it rejects connection from the Yarubo scanner.

Low (CVSS: 0.0)

NVT: NTP read variables (OID: 1.3.6.1.4.1.25623.1.0.10884)

A NTP (Network Time Protocol) server is listening on this port.

Log

NVT: (OID: 0)

Open port.

Log (CVSS: 0.0)

NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

A web server is running on this port

Log (CVSS: 0.0)

NVT: wapiti (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.80110)

wapiti could not be found in your system path.

Yarubo was unable to execute wapiti and to perform the scan you requested.

Please make sure that wapiti is installed and that wapiti is available in the PATH variable defined for your environment.

Log (CVSS: 0.0)

NVT: CPE Inventory (OID: 1.3.6.1.4.1.25623.1.0.810002)

192.168.23.38|cpe:/a:apache:http_server:2.2.14 192.168.23.38|cpe:/a:php:php:5.3.1 192.168.23.38|cpe:/a:openbsd:openssh:5.9 192.168.23.38|cpe:/a:phpmyadmin:phpmyadmin:3.2.4 192.168.23.38|cpe:/a:apache:mod_perl:2.0.4 192.168.23.38|cpe:/o:apple:mac_os_x Log (CVSS: 0.0)

(17)

general/tcp general/tcp general/tcp general/tcp general/tcp general/tcp general/tcp http (80/tcp) http (80/tcp) traceroute:192.168.23.39,192.168.23.38 TCP ports:443,22,8080,3306,3689,80 UDP ports: Log (CVSS: 0.0) NVT: OS fingerprinting (OID: 1.3.6.1.4.1.25623.1.0.102002)

ICMP based OS fingerprint results: (90% confidence) FreeBSD

Apple Mac OS X

Log (CVSS: 0.0)

NVT: DIRB (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.103079)

DIRB could not be found in your system path.

Yarubo was unable to execute DIRB and to perform the scan you requested.

Please make sure that DIRB is installed and is

available in the PATH variable defined for your environment.

Log (CVSS: 0.0)

NVT: Checks for open udp ports (OID: 1.3.6.1.4.1.25623.1.0.103978)

Open UDP ports: [None found]

Log (CVSS: 0.0)

NVT: arachni (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.110001)

Arachni could not be found in your system path.

Yarubo was unable to execute Arachni and to perform the scan you requested.

Please make sure that Arachni is installed and that arachni is available in the PATH variable defined for your environment.

Log (CVSS: 0.0)

NVT: Nikto (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.14260)

Nikto could not be found in your system path.

Yarubo was unable to execute Nikto and to perform the scan you requested.

Please make sure that Nikto is installed and that nikto.pl or nikto is available in the PATH variable defined for your environment.

Log (CVSS: 0.0)

NVT: Traceroute (OID: 1.3.6.1.4.1.25623.1.0.51662)

Here is the route from 192.168.23.39 to 192.168.23.38: 192.168.23.39

192.168.23.38

Log (CVSS: 0.0)

NVT: Checks for open tcp ports (OID: 1.3.6.1.4.1.25623.1.0.900239)

Open TCP ports: 443, 22, 8080, 3306, 3689, 80

Log

NVT: (OID: 0)

Open port.

(18)

http (80/tcp)

http (80/tcp) NVT: HTTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10107)

The remote web server type is :

Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_perl/2.0.4 Perl/v5.↵

10.1

Solution : You can set the directive 'ServerTokens Prod' to limit the information emanating from the server in its response headers.

Log (CVSS: 0.0)

NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

A web server is running on this port

Log (CVSS: 0.0)

NVT: Web mirroring (OID: 1.3.6.1.4.1.25623.1.0.10662)

The following CGI have been discovered : Syntax : cginame (arguments [default value])

/phpmyadmin/phpmyadmin.css.php (token [85daf7cf6507a0b0a7b90745ff4c45d3] convcharset [utf-↵

8] collation_connection [utf8_general_ci] lang [en-utf-8] js_frame [left] nocache [3801892↵

133] )

/phpmyadmin/server_processlist.php (kill [51] token [986807e535fcb0a05fcc3587d1ab4d0d] con↵

vcharset [utf-8] collation_connection [utf8_general_ci] full [1] lang [en-utf-8] phpMyAdmi↵

n [2b5d602ada86c61288ca8a443865c62477d734ab] ) /xampp/biorhythm.php (showcode [1] )

/phpmyadmin/server_collations.php (token [986807e535fcb0a05fcc3587d1ab4d0d] convcharset [u↵

tf-8] collation_connection [utf8_general_ci] lang [en-utf-8] phpMyAdmin [2b5d602ada86c6128↵

8ca8a443865c62477d734ab] )

/xampp/lang.php (en [] de [] pl [] nl [] it [] no [] es [] jp [] zh [] pt_br [] fr [] ) /phpmyadmin/Documentation.html (phpMyAdmin [b49316dec728e593cb19ac17bf31ab43067e31ba] ) /phpmyadmin/server_databases.php (token [986807e535fcb0a05fcc3587d1ab4d0d] sort_order [des↵

c] convcharset [utf-8] collation_connection [utf8_general_ci] pos [0] sort_by [SCHEMA_NAME↵

] lang [en-utf-8] phpMyAdmin [2b5d602ada86c61288ca8a443865c62477d734ab] dbstats [0] ) /phpmyadmin/server_engines.php (token [986807e535fcb0a05fcc3587d1ab4d0d] engine [InnoDB] c↵

onvcharset [utf-8] collation_connection [utf8_general_ci] lang [en-utf-8] phpMyAdmin [2b5d↵

602ada86c61288ca8a443865c62477d734ab] )

/phpmyadmin/index.php (kill [51] token [85daf7cf6507a0b0a7b90745ff4c45d3] target [server_s↵

ql.php] convcharset [utf-8] collation_connection [utf8_general_ci] lang [en-utf-8] server ↵

[1] db [555-555-0199%40example.com] phpMyAdmin [b49316dec728e593cb19ac17bf31ab43067e31ba] ↵

)

/xampp/cds.php (interpret [] titel [] showcode [1] jahr [] )

/phpmyadmin/db_create.php (phpMyAdmin [2b5d602ada86c61288ca8a443865c62477d734ab] lang [en-↵

utf-8] convcharset [utf-8] collation_connection [utf8_general_ci] token [986807e535fcb0a05↵

fcc3587d1ab4d0d] reload [1] new_db [] db_collation [] )

/xampp/phonebook.php (showcode [1] phone [] lastname [] firstname [] )

/phpmyadmin/server_sql.php (token [986807e535fcb0a05fcc3587d1ab4d0d] convcharset [utf-8] c↵

ollation_connection [utf8_general_ci] lang [en-utf-8] phpMyAdmin [2b5d602ada86c61288ca8a44↵

3865c62477d734ab] )

/phpmyadmin/server_variables.php (token [986807e535fcb0a05fcc3587d1ab4d0d] convcharset [ut↵

f-8] collation_connection [utf8_general_ci] lang [en-utf-8] phpMyAdmin [2b5d602ada86c61288↵

ca8a443865c62477d734ab] )

/phpmyadmin/querywindow.php (token [85daf7cf6507a0b0a7b90745ff4c45d3] convcharset [utf-8] ↵

sql_query [] table [] collation_connection [utf8_general_ci] lang [en-utf-8] querydisplay_↵

tab [sql] db [] phpMyAdmin [b49316dec728e593cb19ac17bf31ab43067e31ba] no_js [true] )

/phpmyadmin/server_status.php (token [986807e535fcb0a05fcc3587d1ab4d0d] convcharset [utf-8↵

] flush [STATUS] collation_connection [utf8_general_ci] lang [en-utf-8] phpMyAdmin [2b5d60↵

2ada86c61288ca8a443865c62477d734ab] )

/phpmyadmin/navigation.php (token [2e9dceccc31aa3cc40f97c651729a237] convcharset [utf-8] c↵

ollation_connection [utf8_general_ci] lang [en-utf-8] phpMyAdmin [3edabf212cfb41ad6f26d291↵

54019298bac5a344] )

/phpmyadmin/server_privileges.php (checkprivs [555-555-0199%40example.com] tablename [] to↵

ken [986807e535fcb0a05fcc3587d1ab4d0d] convcharset [utf-8] hostname [%25] username [] coll↵

ation_connection [utf8_general_ci] dbname [] lang [en-utf-8] initial [] phpMyAdmin [2b5d60↵

2ada86c61288ca8a443865c62477d734ab] showall [1] )

/phpmyadmin/server_export.php (token [986807e535fcb0a05fcc3587d1ab4d0d] goto [db_export.ph↵

p] convcharset [utf-8] collation_connection [utf8_general_ci] lang [en-utf-8] phpMyAdmin [↵

2b5d602ada86c61288ca8a443865c62477d734ab] selectall [1] ) /xampp/ (action [getpdf] )

(19)

http (80/tcp)

http (80/tcp)

http (80/tcp)

http (80/tcp)

on_connection [utf8_general_ci] lang [en-utf-8] phpMyAdmin [3edabf212cfb41ad6f26d291540192↵

98bac5a344] )

/phpmyadmin/setup/index.php (check_page_refresh [] token [80ab04c9900a1b916abc9062a2c031f8↵

] submit [New server] convcharset [utf-8] collation_connection [utf8_general_ci] lang [en-↵

utf-8] mode [add] page [servers] phpMyAdmin [97535046e2c5d81269f3fe0d3a480f618adc411a] ) /xampp/iart.php (text [ceci+n+est+pas+un+ami+d+apache] showcode [1] img [1] )

/xampp/ming.php (text [ceci n est pas un ami d apache] showcode [1] )

/xampp/phpinfo.php (0 [PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000] 0 [PHPE9568F34-D428-11d2-A↵

769-00AA001ACF42] )

/phpmyadmin/server_import.php (token [986807e535fcb0a05fcc3587d1ab4d0d] convcharset [utf-8↵

] collation_connection [utf8_general_ci] lang [en-utf-8] phpMyAdmin [2b5d602ada86c61288ca8↵

a443865c62477d734ab] )

/phpmyadmin/import.php (SQL [Go] token [4bcaf704bf89d02bea9b81f09f2f9c2c] focus_querywindo↵

w [true] goto [server_sql.php] convcharset [utf-8] show_query [1] prev_sql_query [] zero_r↵

ows [Your SQL query has been executed successfully] sql_delimiter [;] collation_connection↵

[utf8_general_ci] is_js_confirmed [0] pos [0] lang [en-utf-8] phpMyAdmin [2d935b61aacd656↵

a23c0f1e6a5dd9982268ceff1] )

/phpmyadmin/setup/ (D [A] token [80ab04c9900a1b916abc9062a2c031f8] formset [features] conv↵

charset [utf-8] collation_connection [utf8_general_ci] lang [] page [form] phpMyAdmin [975↵

35046e2c5d81269f3fe0d3a480f618adc411a] )

PHP script discloses physical path at /xampp/ (/Applications/XAMPP/xamppfiles/htdocs/xampp↵

/index.php)

PHP script discloses physical path at /xampp/biorhythm.php (/Applications/XAMPP/xamppfiles↵

/htdocs/xampp/biorhythm.php)

Extraneous phpinfo() script found at /xampp/phpinfo.php Directory index found at /xampp/img/

Log (CVSS: 0.0)

NVT: Directory Scanner (OID: 1.3.6.1.4.1.25623.1.0.11032)

The following directories were discovered: /cgi-bin, /demo, /webalizer, /error

While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards

References Other:

OWASP:OWASP-CM-006

Log (CVSS: 0.0)

NVT: PHP Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800109)

Detected PHP version: 5.3.1 Location: tcp/80

CPE: cpe:/a:php:php:5.3.1

Concluded from version identification result:

Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_perl/2.0.4 ↵

Perl/v5.10.1

Log (CVSS: 0.0)

NVT: wapiti (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.80110)

wapiti could not be found in your system path.

Yarubo was unable to execute wapiti and to perform the scan you requested.

Please make sure that wapiti is installed and that wapiti is available in the PATH variable defined for your environment.

Log (CVSS: 0.0)

NVT: phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)

Detected phpMyAdmin version: 3.2.4 Location: /phpmyadmin

CPE: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 Concluded from version identification result: 3.2.4

(20)

http (80/tcp) http-alt (8080/tcp) http-alt (8080/tcp) http-alt (8080/tcp) https (443/tcp) https (443/tcp) https (443/tcp) https (443/tcp) https (443/tcp)

(Not protected by Username/Password)

Log (CVSS: 0.0)

NVT: Apache Web ServerVersion Detection (OID: 1.3.6.1.4.1.25623.1.0.900498)

Detected Apache Tomcat version: 2.2.14 Location: 80/tcp

CPE: cpe:/a:apache:http_server:2.2.14

Concluded from version identification result: Server: Apache/2.2.14 Log NVT: (OID: 0) Open port. Log (CVSS: 0.0) NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

A web server is running on this port

Log (CVSS: 0.0)

NVT: wapiti (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.80110)

wapiti could not be found in your system path.

Yarubo was unable to execute wapiti and to perform the scan you requested.

Please make sure that wapiti is installed and that wapiti is available in the PATH variable defined for your environment.

Log

NVT: (OID: 0)

Open port.

Log (CVSS: 0.0)

NVT: HTTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10107)

The remote web server type is :

Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_perl/2.0.4 Perl/v5.↵

10.1

Solution : You can set the directive 'ServerTokens Prod' to limit the information emanating from the server in its response headers.

Log (CVSS: 0.0)

NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

A TLSv1 server answered on this port

Log (CVSS: 0.0)

NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

A web server is running on this port through SSL

Log (CVSS: 0.0)

NVT: Directory Scanner (OID: 1.3.6.1.4.1.25623.1.0.11032)

The following directories were discovered: /cgi-bin, /demo, /webalizer, /error

(21)

https (443/tcp) https (443/tcp) https (443/tcp) https (443/tcp) mysql (3306/tcp) mysql (3306/tcp) mysql (3306/tcp)

these directories to ensure that they are in compliance with company security standards

References Other:

OWASP:OWASP-CM-006

Log (CVSS: 0.0)

NVT: PHP Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800109)

Detected PHP version: 5.3.1 Location: tcp/443

CPE: cpe:/a:php:php:5.3.1

Concluded from version identification result:

Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_perl/2.0.4 ↵

Perl/v5.10.1

Log (CVSS: 0.0)

NVT: wapiti (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.80110)

wapiti could not be found in your system path.

Yarubo was unable to execute wapiti and to perform the scan you requested.

Please make sure that wapiti is installed and that wapiti is available in the PATH variable defined for your environment.

Log (CVSS: 0.0)

NVT: phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)

Detected phpMyAdmin version: 3.2.4 Location: /phpmyadmin

CPE: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 Concluded from version identification result: 3.2.4

(Not protected by Username/Password)

Log (CVSS: 0.0)

NVT: Apache Web ServerVersion Detection (OID: 1.3.6.1.4.1.25623.1.0.900498)

Detected Apache Tomcat version: 2.2.14 Location: 443/tcp

CPE: cpe:/a:apache:http_server:2.2.14

Concluded from version identification result: Server: Apache/2.2.14

Log

NVT: (OID: 0)

Open port.

Log (CVSS: 0.0)

NVT: MySQL/MariaDB Detection (OID: 1.3.6.1.4.1.25623.1.0.100152)

Scanner received a ER_HOST_NOT_PRIVILEGED error from the remote MySQL/MariaDB server. Some tests may fail. Allow the scanner to access the remote MySQL server for better result↵

s.

Log (CVSS: 0.0)

NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

An unknown service is running on this port. It is usually reserved for MySQL

(22)

netbios-ns (137/udp) ssh (22/tcp) ssh (22/tcp) ssh (22/tcp) ssh (22/tcp) Log (CVSS: 0.0)

NVT: Using NetBIOS to retrieve information from a Windows host (OID: 1.3.6.1.4.1.25623.1.0.10150)

The following 7 NetBIOS names have been gathered : 24 36 15 98 107 PETERSILIE 111

The remote host has the following MAC address on its adapter : 7c:d1:c3:87:c6:68

If you do not want to allow everyone to find the NetBios name of your computer, you should filter incoming traffic to this port.

Log

NVT: (OID: 0)

Open port.

Log (CVSS: 0.0)

NVT: SSH Protocol Versions Supported (OID: 1.3.6.1.4.1.25623.1.0.100259)

The remote SSH Server supports the following SSH Protocol Versions: 1.99

2.0

SSHv2 Fingerprint: 68:14:03:04:90:97:be:3d:0f:0b:38:a2:59:d0:5d:ec

Log (CVSS: 0.0)

NVT: SSH Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10267)

Detected SSH server version: SSH-2.0-OpenSSH_5.9

Remote SSH supported authentication: publickey,keyboard-interactive Remote SSH banner:

(not available)

CPE: cpe:/a:openbsd:openssh:5.9

Concluded from remote connection attempt with credentials: Login: Yarubo

Password: Yarubo

Log (CVSS: 0.0)

NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

An ssh server is running on this port

References

Related documents

Off eastern Newfoundland, the depth-averaged ocean temperature ranged from a record low during 1991 (high NAO index in preceding winter), a near record high in 1996 (following

Online community: A group of people using social media tools and sites on the Internet OpenID: Is a single sign-on system that allows Internet users to log on to many different.

effect of government spending on infrastructure, human resources, and routine expenditures and trade openness on economic growth where the types of government spending are

 Abu Dhabi Oil Fields: Continued development work to increase production capacity.  Exploration: Progress in Abu Dhabi, Iraq, Norway and Gulf of Mexico, etc.; continued studies

We implement LCC for regression on Amazon EC2 clusters, and empirically compare its performance with the conventional uncoded approaches, and two state-of- the-art straggler

To handle user requests in a dialog program, you must assign function codes to the relevant screen and window elements in the Screen Painter and menu Painter, mark the element

(1 Timothy 6:10 For the love of money is a root of all kinds of evil, for which some have strayed from the faith in their greediness, and pierced themselves through with many