http (80/tcp)
Results:
This document reports on the results of the Yarubo vulnerability scan. The report first summarises the results found. Then, for each host, the report describes every issue found. Please consider the advice given in each description, in order to rectify the issue.
Vendor security updates are not trusted.
Overrides are on. When a result has an override, this report uses the threat of the override. Notes are included in the report.
This report might not show details of all issues that were found. It only lists hosts that produced issues. Issues with the threat level "Debug" are not shown.
This report contains all 91 results selected by the filtering described above. Before filtering there were 91 results. Scan started:Thu Aug 29 03:00:57 2013
Scan ended: Thu Aug 29 03:12:02 2013
Host Summary
Host Start End High Medium Low Log False Positive
192.168.23.38Aug 29, 03:01:02 Aug 29, 03:12:02 17 29 4 41 0
Total: 1 17 29 4 41 0
Results per Host
Host 192.168.23.38
Scanning of this host started at: 2013-08-29T03:01:02Z Number of results: 91
Port Summary for Host 192.168.23.38
Service (Port) Threat Levelhttp (80/tcp) High https (443/tcp) High general/tcp Medium daap (3689/tcp) Low http-alt (8080/tcp) Low mysql (3306/tcp) Low ntp (123/udp) Low general/CPE-T Log general/HOST-T Log netbios-ns (137/udp) Log ssh (22/tcp) Log
Security Issues for Host 192.168.23.38
High (CVSS: 10.0)
http (80/tcp)
http (80/tcp)
http (80/tcp)
Summary:
OpenSSL is prone to an unspecified vulnerability in bn_wexpend().
According to its banner, Yarubo has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8m which is vulnerable.
Solution:
The vendor has released updates. Please see the references for more information.
References
CVE: CVE-2009-3245 BID: 38562
High (CVSS: 9.3)
NVT: PHP version smaller than 5.3.3 (OID: 1.3.6.1.4.1.25623.1.0.110182)
PHP version smaller than 5.3.3 suffers vulnerability. Solution:
Update PHP to version 5.3.3 or later.
References
CVE: CVE-2007-1581, 0397, 1860, 1862, 1864, 1917, 2010-2097, 2010-2100, 2010-2101, 2010-2190, 2010-2191, 2010-2225, 2010-2484, CVE-2010-2531, CVE-2010-3062, CVE-2010-3063, CVE-2010-3064, CVE-2010-3065
BID: 38708, 40461, 40948, 41991
High (CVSS: 7.5)
NVT: OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.100668)
Summary:
OpenSSL is prone to a remote memory-corruption vulnerability. According to its banner, Yarubo has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8o/1.0.0a which is vulnerable
An attacker can exploit this issue by supplying specially crafted structures to a vulnerable application that uses the affected library. Successfully exploiting this issue can allow the attacker to execute arbitrary code. Failed exploit attempts will result in a denial-of-service condition.
Versions of OpenSSL 0.9.h through 0.9.8n and OpenSSL 1.0.x prior to 1.0.0a are affected. Note that Cryptographic Message Syntax (CMS) functionality is only enabled by default in OpenSSL versions 1.0.x. Solution:
Updates are available. Please see the references for more information.
References
CVE: CVE-2010-0742 BID: 40502
High (CVSS: 7.5)
NVT: MacOS X Finder reveals contents of Apache Web directories (OID: 1.3.6.1.4.1.25623.1.0.10756)
MacOS X creates a hidden file, '.DS_Store' in each directory that has been viewed with the↵
'Finder'. This file contains a list of the contents of the directory, giving an attacker ↵
information on the structure and contents of your website. Solution:
Use a <FilesMatch> directive in httpd.conf to forbid retrieval of this file: <FilesMatch '^\.[Dd][Ss]_[Ss]'>
Order allow, deny Deny from all </FilesMatch> and restart Apache.
References
CVE: CVE-2001-1446 BID: 3316, 3325
http (80/tcp) http (80/tcp) http (80/tcp) http (80/tcp) http (80/tcp) High (CVSS: 7.5) NVT: PHP version 5.3< 5.3.6 (OID: 1.3.6.1.4.1.25623.1.0.110013)
PHP version < 5.3.6 suffers multiple vulnerabilities such as integer overflow vulnerabilit↵
y, buffer overflow error and several casting errors. Recommendation:
Upgrade PHP to 5.3.6 or later versions.
References
CVE: 0421, 0708, 1092, 1153, 1464, 1466, CVE-2011-1467, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470
BID: 46354, 46365, 46786, 46854
High (CVSS: 7.5)
NVT: phpinfo.php (OID: 1.3.6.1.4.1.25623.1.0.11229)
The following files are calling the function phpinfo() which
disclose potentially sensitive information to the remote attacker : /xampp/phpinfo.php
Solution: Delete them or restrict access to them
High (CVSS: 6.8)
NVT: PHP version smaller than 5.3.4 (OID: 1.3.6.1.4.1.25623.1.0.110181)
PHP version smaller than 5.3.4 suffers vulnerability. Solution:
Update PHP to version 5.3.4 or later.
References
CVE: CVE-2006-7243, 2094, 2950, 3436, 3709, 3710, 2010-3870, 2010-4150, 2010-4156, 2010-4409, 2010-4697, 2010-4698, 2010-4699, CVE-2010-4700, CVE-2011-0753, CVE-2011-0754, CVE-2011-0755
BID: 40173, 43926, 44605, 44718, 44723, 44951, 44980, 45119, 45335, 45338, 45339, 45952, 45954, 46056, 46168
High (CVSS: 6.5)
NVT: phpMyAdmin Bookmark Security Bypass Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.103076) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)
Summary:
phpMyAdmin is prone to a security-bypass vulnerability that affects bookmarks.
Successfully exploiting this issue allows a remote attacker to bypass certain security restrictions and perform unauthorized actions. Versions prior to phpMyAdmin 3.3.9.2 and 2.11.11.3 are vulnerable. Solution:
Updates are available. Please see the references for details.
References
CVE: CVE-2011-0987 BID: 46359
High (CVSS: 5.8)
NVT: http TRACE XSS attack (OID: 1.3.6.1.4.1.25623.1.0.11213)
Summary:
Debugging functions are enabled on the remote HTTP server. Description :
The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections.
It has been shown that servers supporting this method are subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when used in conjunction with various weaknesses in browsers.
https (443/tcp)
https (443/tcp)
https (443/tcp)
An attacker may use this flaw to trick your legitimate web users to give him their credentials.
Solution:
Disable these methods. Plugin output :
Solution:
Add the following lines for each virtual host in your configuration file : RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F]
References
CVE: CVE-2004-2320, CVE-2003-1567 BID: 9506, 9561, 11604
High (CVSS: 10.0)
NVT: OpenSSL 'bn_wexpend()' Error Handling Unspecified Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.100527)
Summary:
OpenSSL is prone to an unspecified vulnerability in bn_wexpend().
According to its banner, Yarubo has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8m which is vulnerable.
Solution:
The vendor has released updates. Please see the references for more information.
References
CVE: CVE-2009-3245 BID: 38562
High (CVSS: 9.3)
NVT: PHP version smaller than 5.3.3 (OID: 1.3.6.1.4.1.25623.1.0.110182)
PHP version smaller than 5.3.3 suffers vulnerability. Solution:
Update PHP to version 5.3.3 or later.
References
CVE: CVE-2007-1581, 0397, 1860, 1862, 1864, 1917, 2010-2097, 2010-2100, 2010-2101, 2010-2190, 2010-2191, 2010-2225, 2010-2484, CVE-2010-2531, CVE-2010-3062, CVE-2010-3063, CVE-2010-3064, CVE-2010-3065
BID: 38708, 40461, 40948, 41991
High (CVSS: 7.5)
NVT: OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.100668)
Summary:
OpenSSL is prone to a remote memory-corruption vulnerability. According to its banner, Yarubo has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8o/1.0.0a which is vulnerable
An attacker can exploit this issue by supplying specially crafted structures to a vulnerable application that uses the affected library. Successfully exploiting this issue can allow the attacker to execute arbitrary code. Failed exploit attempts will result in a denial-of-service condition.
Versions of OpenSSL 0.9.h through 0.9.8n and OpenSSL 1.0.x prior to 1.0.0a are affected. Note that Cryptographic Message Syntax (CMS) functionality is only enabled by default in OpenSSL versions 1.0.x. Solution:
Updates are available. Please see the references for more information.
References
CVE: CVE-2010-0742 BID: 40502
https (443/tcp) https (443/tcp) https (443/tcp) https (443/tcp) https (443/tcp) High (CVSS: 7.5)
NVT: MacOS X Finder reveals contents of Apache Web directories (OID: 1.3.6.1.4.1.25623.1.0.10756)
MacOS X creates a hidden file, '.DS_Store' in each directory that has been viewed with the↵
'Finder'. This file contains a list of the contents of the directory, giving an attacker ↵
information on the structure and contents of your website. Solution:
Use a <FilesMatch> directive in httpd.conf to forbid retrieval of this file: <FilesMatch '^\.[Dd][Ss]_[Ss]'>
Order allow, deny Deny from all </FilesMatch> and restart Apache.
References
CVE: CVE-2001-1446 BID: 3316, 3325
High (CVSS: 7.5)
NVT: PHP version 5.3< 5.3.6 (OID: 1.3.6.1.4.1.25623.1.0.110013)
PHP version < 5.3.6 suffers multiple vulnerabilities such as integer overflow vulnerabilit↵
y, buffer overflow error and several casting errors. Recommendation:
Upgrade PHP to 5.3.6 or later versions.
References
CVE: 0421, 0708, 1092, 1153, 1464, 1466, CVE-2011-1467, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470
BID: 46354, 46365, 46786, 46854
High (CVSS: 6.8)
NVT: PHP version smaller than 5.3.4 (OID: 1.3.6.1.4.1.25623.1.0.110181)
PHP version smaller than 5.3.4 suffers vulnerability. Solution:
Update PHP to version 5.3.4 or later.
References
CVE: CVE-2006-7243, 2094, 2950, 3436, 3709, 3710, 2010-3870, 2010-4150, 2010-4156, 2010-4409, 2010-4697, 2010-4698, 2010-4699, CVE-2010-4700, CVE-2011-0753, CVE-2011-0754, CVE-2011-0755
BID: 40173, 43926, 44605, 44718, 44723, 44951, 44980, 45119, 45335, 45338, 45339, 45952, 45954, 46056, 46168
High (CVSS: 6.5)
NVT: phpMyAdmin Bookmark Security Bypass Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.103076) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)
Summary:
phpMyAdmin is prone to a security-bypass vulnerability that affects bookmarks.
Successfully exploiting this issue allows a remote attacker to bypass certain security restrictions and perform unauthorized actions. Versions prior to phpMyAdmin 3.3.9.2 and 2.11.11.3 are vulnerable. Solution:
Updates are available. Please see the references for details.
References
CVE: CVE-2011-0987 BID: 46359
general/tcp
http (80/tcp)
http (80/tcp) NVT: http TRACE XSS attack (OID: 1.3.6.1.4.1.25623.1.0.11213)
Summary:
Debugging functions are enabled on the remote HTTP server. Description :
The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections.
It has been shown that servers supporting this method are subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when used in conjunction with various weaknesses in browsers.
An attacker may use this flaw to trick your legitimate web users to give him their credentials.
Solution:
Disable these methods. Plugin output :
Solution:
Add the following lines for each virtual host in your configuration file : RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F]
References
CVE: CVE-2004-2320, CVE-2003-1567 BID: 9506, 9561, 11604
Medium (CVSS: 2.6)
NVT: TCP timestamps (OID: 1.3.6.1.4.1.25623.1.0.80091)
It was detected that the host implements RFC1323.
The following timestamps were retrieved with a delay of 1 seconds in-between: Paket 1: 1348979171
Paket 2: 1348980125
Medium (CVSS: 5.0)
NVT: OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.100587)
Summary:
OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference.
According to its banner, Yarubo has discovered that the remote
Webserver is using a version prior to OpenSSL 0.9.8n which is vulnerable. An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
OpenSSL versions 0.9.8f through 0.9.8m are vulnerable. Solution:
Updates are available. Please see the references for more information.
References
CVE: CVE-2010-0740 BID: 39013
Medium (CVSS: 5.0)
NVT: Apache UserDir Sensitive Information Disclosure (OID: 1.3.6.1.4.1.25623.1.0.10766)
An information leak occurs on Apache based web servers
whenever the UserDir module is enabled. The vulnerability allows an external attacker to enumerate existing accounts by requesting access to their home directory and monitoring the response.
Solution:
1) Disable this feature by changing 'UserDir public_html' (or whatever) to 'UserDir disabled'.
Or
2) Use a RedirectMatch rewrite rule under Apache -- this works even if there is no such entry in the password file, e.g.:
RedirectMatch ^/~(.*)$ http://my-target-webserver.somewhere.org/$1 Or
http (80/tcp)
http (80/tcp)
http (80/tcp)
ErrorDocument 404 http://localhost/sample.html ErrorDocument 403 http://localhost/sample.html
(NOTE: You need to use a FQDN inside the URL for it to work properly). Additional Information: http://www.securiteam.com/unixfocus/5WP0C1F5FI.html References CVE: CVE-2001-1013 BID: 3335 Medium (CVSS: 4.3)
NVT: OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerabi... (OID: 1.3.6.1.4.1.25623.1.0.100588)
Summary:
OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference.
According to its banner, Yarubo has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8n which is vulnerable.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
OpenSSL versions 0.9.8m and prior are vulnerable. Solution:
Updates are available. Please see the references for more information.
References
CVE: CVE-2010-0433 BID: 38533
Medium (CVSS: 4.3)
NVT: phpMyAdmin Multiple Cross Site Scripting Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.100761) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)
Summary:
phpMyAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The following versions are vulnerable:
phpMyAdmin 2.11.x prior to 2.11.10.1 phpMyAdmin 3.x prior to 3.3.5.1 Solution:
Updates are available. Please see the references for details.
References
CVE: CVE-2010-3056 BID: 42584
Medium (CVSS: 4.3)
NVT: phpMyAdmin Debug Backtrace Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.100775) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID:
1.3.6.1.4.1.25623.1.0.900129)
Summary:
phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to phpMyAdmin 3.3.6 are vulnerable; other versions may also be affected.
http (80/tcp)
http (80/tcp)
http (80/tcp)
Vendor updates are available. Please see the references for more information.
References
CVE: CVE-2010-2958 BID: 42874
Medium (CVSS: 4.3)
NVT: phpMyAdmin Database Search Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.100939) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID:
1.3.6.1.4.1.25623.1.0.900129)
Summary:
phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to phpMyAdmin 3.3.8.1 and 2.11.11.1 are vulnerable. Solution:
Vendor updates are available. Please see the references for more information.
References
CVE: CVE-2010-4329 BID: 45100
Medium (CVSS: 4.3)
NVT: phpMyAdmin Setup Script Request Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.801286) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID:
1.3.6.1.4.1.25623.1.0.900129)
Summary:
The host is running phpMyAdmin and is prone to Cross-Site Scripting Vulnerability.
Vulnerability Insight:
The flaw is caused by an unspecified input validation error when processing spoofed requests sent to setup script, which could be exploited by attackers to cause arbitrary scripting code to be executed on the user's browser session in the security context of an affected site.
Impact:
Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site.
Impact Level: Application Affected Software/OS:
phpMyAdmin versions 3.x before 3.3.7 Solution:
Upgrade to phpMyAdmin version 3.3.7 or later,
For updates refer to http://www.phpmyadmin.net/home_page/downloads.php
References
CVE: CVE-2010-3263
Medium (CVSS: 4.3)
NVT: phpMyAdmin 'error.php' Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.801660) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)
Summary:
The host is running phpMyAdmin and is prone to Cross-Site Scripting Vulnerability.
Vulnerability Insight:
http (80/tcp)
http (80/tcp)
http (80/tcp)
processing crafted BBcode tags containing '@' characters, which could allow attackers to inject arbitrary HTML code within the error page and conduct phishing attacks.
Impact:
Successful exploitation will allow attackers to inject arbitrary HTML code within the error page and conduct phishing attacks.
Impact Level: Application Affected Software/OS:
phpMyAdmin version 3.3.8.1 and prior. Solution:
No solution or patch is available as of 10th December, 2010. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.phpmyadmin.net/home_page/downloads.php
References
CVE: CVE-2010-4480
Medium (CVSS: 4.3)
NVT: phpMyAdmin 'db' Parameter Stored Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.801851) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID:
1.3.6.1.4.1.25623.1.0.900129)
Summary:
The host is running phpMyAdmin and is prone to Cross-Site Scripting vulnerability.
Vulnerability Insight:
The flaw is caused by improper validation of user-supplied input passed in the 'db' parameter to 'index.php', which allows attackers to execute arbitrary HTML and script code on the web server.
Impact:
Successful exploitation will allow attackers to plant XSS backdoors and inject arbitrary SQL statements via crafted XSS payloads.
Impact Level: Application Affected Software/OS:
phpMyAdmin versions 3.4.x before 3.4.0 beta 3 Solution:
Upgrade to phpMyAdmin version 3.4.0 beta 3 or later.
For updates refer to http://www.phpmyadmin.net/home_page/downloads.php
Medium (CVSS: 4.3)
NVT: XAMPP Web Server Multiple Cross Site Scripting Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.802261)
Summary:
This host is running XAMPP and is prone to multiple cross site scripting vulnerabilities.
Vulnerability Insight:
Multiple flaws are due to improper validation of user-supplied input to the 'text' parameter in 'ming.php' and input appended to the URL in cds.php, that allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact:
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site.
Impact Level: Application Affected Software/OS:
XAMPP version 1.7.4 and prior Solution:
Upgrade to XAMPP version 1.7.7 or later.
For updates refer to http://www.apachefriends.org/en/xampp.html
Medium (CVSS: 4.3)
NVT: phpMyAdmin Setup Interface Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.902585) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)
http (80/tcp)
http (80/tcp)
The host is running phpMyAdmin and is prone to cross-site scripting vulnerability.
Vulnerability Insight:
The flaw is due to improper validation of user-supplied input
via the 'Servers-0-verbose' parameter to setup/index.php, which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact:
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site.
Impact Level: Application Affected Software/OS:
phpMyAdmin versions 3.4.x before 3.4.6 Solution:
Upgrade to phpMyAdmin version 3.4.6 or later,
For updates refer to http://www.phpmyadmin.net/home_page/downloads.php
References
CVE: CVE-2011-4064 BID: 50175
Medium (CVSS: 4.3)
NVT: phpMyAdmin Setup '$host' Variable Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.902802) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID:
1.3.6.1.4.1.25623.1.0.900129)
Summary:
The host is running phpMyAdmin and is prone to cross site scripting vulnerability.
Vulnerability Insight:
The flaw is due to improper validation of user-supplied input via
the '$host' variable within the setup, which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact:
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site.
Impact Level: Application Affected Software/OS:
phpMyAdmin versions 3.4.x before 3.4.9 Solution:
Upgrade to phpMyAdmin version 3.4.9 or later,
For updates refer to http://www.phpmyadmin.net/home_page/downloads.php
References
CVE: CVE-2011-4780, CVE-2011-4782 BID: 51166
Medium (CVSS: 4.3)
NVT: Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.902830)
Summary:
This host is running Apache HTTP Server and is prone to cookie information disclosure vulnerability.
Vulnerability Insight:
The flaw is due to an error within the default error response for
status code 400 when no custom ErrorDocument is configured, which can be exploited to expose 'httpOnly' cookies.
Impact:
Successful exploitation will allow attackers to obtain sensitive information that may aid in further attacks.
Impact Level: Application Affected Software/OS:
Apache HTTP Server versions 2.2.0 through 2.2.21 Solution:
http (80/tcp)
http (80/tcp)
https (443/tcp)
For updates refer to http://httpd.apache.org/
References
CVE: CVE-2012-0053 BID: 51706
Medium (CVSS: 2.6)
NVT: Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vul... (OID: 1.3.6.1.4.1.25623.1.0.100130)
Summary:
According to its version number, the remote version of the Apache mod_perl module is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the
affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Solution:
The vendor has released a fix through the SVN repository.
References
CVE: CVE-2009-0796 BID: 34383
Medium (CVSS: 2.6)
NVT: phpMyAdmin pmd_pdf.php Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.800301) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)
Summary:
This host is running phpMyAdmin and is prone to cross site scripting vulnerability.
Vulnerability Insight:
Input passed to the 'db' parameter in pmd_pdf.php file is not properly sanitised before returning to the user.
Impact:
Allows execution of arbitrary HTML and script code, and steal cookie-based authentication credentials.
Impact Level: System Affected Software/OS:
phpMyAdmin phpMyAdmin versions 3.0.1 and prior on all running platform. Solution:
Upgrade to phpMyAdmin 3.0.1.1 or later
References
CVE: CVE-2008-4775 BID: 31928
Medium (CVSS: 5.0)
NVT: OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.100587)
Summary:
OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference.
According to its banner, Yarubo has discovered that the remote
Webserver is using a version prior to OpenSSL 0.9.8n which is vulnerable. An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
OpenSSL versions 0.9.8f through 0.9.8m are vulnerable. Solution:
Updates are available. Please see the references for more information.
References
CVE: CVE-2010-0740 BID: 39013
https (443/tcp)
https (443/tcp)
https (443/tcp)
Medium (CVSS: 5.0)
NVT: Apache UserDir Sensitive Information Disclosure (OID: 1.3.6.1.4.1.25623.1.0.10766)
An information leak occurs on Apache based web servers
whenever the UserDir module is enabled. The vulnerability allows an external attacker to enumerate existing accounts by requesting access to their home directory and monitoring the response.
Solution:
1) Disable this feature by changing 'UserDir public_html' (or whatever) to 'UserDir disabled'.
Or
2) Use a RedirectMatch rewrite rule under Apache -- this works even if there is no such entry in the password file, e.g.:
RedirectMatch ^/~(.*)$ http://my-target-webserver.somewhere.org/$1 Or
3) Add into httpd.conf:
ErrorDocument 404 http://localhost/sample.html ErrorDocument 403 http://localhost/sample.html
(NOTE: You need to use a FQDN inside the URL for it to work properly). Additional Information: http://www.securiteam.com/unixfocus/5WP0C1F5FI.html References CVE: CVE-2001-1013 BID: 3335 Medium (CVSS: 4.3)
NVT: OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerabi... (OID: 1.3.6.1.4.1.25623.1.0.100588)
Summary:
OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference.
According to its banner, Yarubo has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8n which is vulnerable.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
OpenSSL versions 0.9.8m and prior are vulnerable. Solution:
Updates are available. Please see the references for more information.
References
CVE: CVE-2010-0433 BID: 38533
Medium (CVSS: 4.3)
NVT: phpMyAdmin Multiple Cross Site Scripting Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.100761) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)
Summary:
phpMyAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The following versions are vulnerable:
phpMyAdmin 2.11.x prior to 2.11.10.1 phpMyAdmin 3.x prior to 3.3.5.1 Solution:
Updates are available. Please see the references for details.
References
CVE: CVE-2010-3056 BID: 42584
https (443/tcp)
https (443/tcp)
https (443/tcp)
Medium (CVSS: 4.3)
NVT: phpMyAdmin Debug Backtrace Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.100775) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID:
1.3.6.1.4.1.25623.1.0.900129)
Summary:
phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to phpMyAdmin 3.3.6 are vulnerable; other versions may also be affected.
Solution:
Vendor updates are available. Please see the references for more information.
References
CVE: CVE-2010-2958 BID: 42874
Medium (CVSS: 4.3)
NVT: phpMyAdmin Database Search Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.100939) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID:
1.3.6.1.4.1.25623.1.0.900129)
Summary:
phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to phpMyAdmin 3.3.8.1 and 2.11.11.1 are vulnerable. Solution:
Vendor updates are available. Please see the references for more information.
References
CVE: CVE-2010-4329 BID: 45100
Medium (CVSS: 4.3)
NVT: phpMyAdmin Setup Script Request Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.801286) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID:
1.3.6.1.4.1.25623.1.0.900129)
Summary:
The host is running phpMyAdmin and is prone to Cross-Site Scripting Vulnerability.
Vulnerability Insight:
The flaw is caused by an unspecified input validation error when processing spoofed requests sent to setup script, which could be exploited by attackers to cause arbitrary scripting code to be executed on the user's browser session in the security context of an affected site.
Impact:
Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site.
Impact Level: Application Affected Software/OS:
phpMyAdmin versions 3.x before 3.3.7 Solution:
https (443/tcp)
https (443/tcp)
https (443/tcp)
For updates refer to http://www.phpmyadmin.net/home_page/downloads.php
References
CVE: CVE-2010-3263
Medium (CVSS: 4.3)
NVT: phpMyAdmin 'error.php' Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.801660) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)
Summary:
The host is running phpMyAdmin and is prone to Cross-Site Scripting Vulnerability.
Vulnerability Insight:
The flaw is caused by input validation errors in the 'error.php' script when processing crafted BBcode tags containing '@' characters, which could allow attackers to inject arbitrary HTML code within the error page and conduct phishing attacks.
Impact:
Successful exploitation will allow attackers to inject arbitrary HTML code within the error page and conduct phishing attacks.
Impact Level: Application Affected Software/OS:
phpMyAdmin version 3.3.8.1 and prior. Solution:
No solution or patch is available as of 10th December, 2010. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.phpmyadmin.net/home_page/downloads.php
References
CVE: CVE-2010-4480
Medium (CVSS: 4.3)
NVT: phpMyAdmin 'db' Parameter Stored Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.801851) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID:
1.3.6.1.4.1.25623.1.0.900129)
Summary:
The host is running phpMyAdmin and is prone to Cross-Site Scripting vulnerability.
Vulnerability Insight:
The flaw is caused by improper validation of user-supplied input passed in the 'db' parameter to 'index.php', which allows attackers to execute arbitrary HTML and script code on the web server.
Impact:
Successful exploitation will allow attackers to plant XSS backdoors and inject arbitrary SQL statements via crafted XSS payloads.
Impact Level: Application Affected Software/OS:
phpMyAdmin versions 3.4.x before 3.4.0 beta 3 Solution:
Upgrade to phpMyAdmin version 3.4.0 beta 3 or later.
For updates refer to http://www.phpmyadmin.net/home_page/downloads.php
Medium (CVSS: 4.3)
NVT: XAMPP Web Server Multiple Cross Site Scripting Vulnerabilities (OID: 1.3.6.1.4.1.25623.1.0.802261)
Summary:
This host is running XAMPP and is prone to multiple cross site scripting vulnerabilities.
Vulnerability Insight:
Multiple flaws are due to improper validation of user-supplied input to the 'text' parameter in 'ming.php' and input appended to the URL in cds.php, that allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact:
https (443/tcp)
https (443/tcp)
https (443/tcp)
daap (3689/tcp)
and script code, which will be executed in a user's browser session in the context of an affected site.
Impact Level: Application Affected Software/OS:
XAMPP version 1.7.4 and prior Solution:
Upgrade to XAMPP version 1.7.7 or later.
For updates refer to http://www.apachefriends.org/en/xampp.html
Medium (CVSS: 2.6)
NVT: Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vul... (OID: 1.3.6.1.4.1.25623.1.0.100130)
Summary:
According to its version number, the remote version of the Apache mod_perl module is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the
affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Solution:
The vendor has released a fix through the SVN repository.
References
CVE: CVE-2009-0796 BID: 34383
Medium (CVSS: 2.6)
NVT: phpMyAdmin pmd_pdf.php Cross Site Scripting Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.800301) Product detection result: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 by phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)
Summary:
This host is running phpMyAdmin and is prone to cross site scripting vulnerability.
Vulnerability Insight:
Input passed to the 'db' parameter in pmd_pdf.php file is not properly sanitised before returning to the user.
Impact:
Allows execution of arbitrary HTML and script code, and steal cookie-based authentication credentials.
Impact Level: System Affected Software/OS:
phpMyAdmin phpMyAdmin versions 3.0.1 and prior on all running platform. Solution:
Upgrade to phpMyAdmin 3.0.1.1 or later
References
CVE: CVE-2008-4775 BID: 31928
Medium (CVSS: 0.0)
NVT: SSL Certificate Expiry (OID: 1.3.6.1.4.1.25623.1.0.15901)
The SSL certificate of the remote service expired on 2010-09-30 09:10:30 UTC!
Low (CVSS: 0.0)
NVT: No 404 check (OID: 1.3.6.1.4.1.25623.1.0.10386)
Synopsis :
Remote web server does not reply with 404 error code. Description :
This web server is [mis]configured in that it does not return '404 Not Found' error codes when a non-existent file is requested, perhaps returning a site map, search page or authentication page
http-alt (8080/tcp) mysql (3306/tcp) ntp (123/udp) daap (3689/tcp) daap (3689/tcp) daap (3689/tcp) general/CPE-T general/HOST-T instead.
Yarubo enabled some counter measures for that, however they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate
Low (CVSS: 0.0)
NVT: No 404 check (OID: 1.3.6.1.4.1.25623.1.0.10386)
Synopsis :
Remote web server does not reply with 404 error code. Description :
This web server is [mis]configured in that it does not return '404 Not Found' error codes when a non-existent file is requested, perhaps returning a site map, search page or authentication page instead.
Yarubo enabled some counter measures for that, however they might be insufficient. If a great number of security holes are produced for this port, they might not all be accurate
Low (CVSS: 0.0)
NVT: Identify unknown services with GET (OID: 1.3.6.1.4.1.25623.1.0.17975)
A MySQL server seems to be running on this port but it rejects connection from the Yarubo scanner.
Low (CVSS: 0.0)
NVT: NTP read variables (OID: 1.3.6.1.4.1.25623.1.0.10884)
A NTP (Network Time Protocol) server is listening on this port.
Log
NVT: (OID: 0)
Open port.
Log (CVSS: 0.0)
NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
A web server is running on this port
Log (CVSS: 0.0)
NVT: wapiti (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.80110)
wapiti could not be found in your system path.
Yarubo was unable to execute wapiti and to perform the scan you requested.
Please make sure that wapiti is installed and that wapiti is available in the PATH variable defined for your environment.
Log (CVSS: 0.0)
NVT: CPE Inventory (OID: 1.3.6.1.4.1.25623.1.0.810002)
192.168.23.38|cpe:/a:apache:http_server:2.2.14 192.168.23.38|cpe:/a:php:php:5.3.1 192.168.23.38|cpe:/a:openbsd:openssh:5.9 192.168.23.38|cpe:/a:phpmyadmin:phpmyadmin:3.2.4 192.168.23.38|cpe:/a:apache:mod_perl:2.0.4 192.168.23.38|cpe:/o:apple:mac_os_x Log (CVSS: 0.0)
general/tcp general/tcp general/tcp general/tcp general/tcp general/tcp general/tcp http (80/tcp) http (80/tcp) traceroute:192.168.23.39,192.168.23.38 TCP ports:443,22,8080,3306,3689,80 UDP ports: Log (CVSS: 0.0) NVT: OS fingerprinting (OID: 1.3.6.1.4.1.25623.1.0.102002)
ICMP based OS fingerprint results: (90% confidence) FreeBSD
Apple Mac OS X
Log (CVSS: 0.0)
NVT: DIRB (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.103079)
DIRB could not be found in your system path.
Yarubo was unable to execute DIRB and to perform the scan you requested.
Please make sure that DIRB is installed and is
available in the PATH variable defined for your environment.
Log (CVSS: 0.0)
NVT: Checks for open udp ports (OID: 1.3.6.1.4.1.25623.1.0.103978)
Open UDP ports: [None found]
Log (CVSS: 0.0)
NVT: arachni (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.110001)
Arachni could not be found in your system path.
Yarubo was unable to execute Arachni and to perform the scan you requested.
Please make sure that Arachni is installed and that arachni is available in the PATH variable defined for your environment.
Log (CVSS: 0.0)
NVT: Nikto (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.14260)
Nikto could not be found in your system path.
Yarubo was unable to execute Nikto and to perform the scan you requested.
Please make sure that Nikto is installed and that nikto.pl or nikto is available in the PATH variable defined for your environment.
Log (CVSS: 0.0)
NVT: Traceroute (OID: 1.3.6.1.4.1.25623.1.0.51662)
Here is the route from 192.168.23.39 to 192.168.23.38: 192.168.23.39
192.168.23.38
Log (CVSS: 0.0)
NVT: Checks for open tcp ports (OID: 1.3.6.1.4.1.25623.1.0.900239)
Open TCP ports: 443, 22, 8080, 3306, 3689, 80
Log
NVT: (OID: 0)
Open port.
http (80/tcp)
http (80/tcp) NVT: HTTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10107)
The remote web server type is :
Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_perl/2.0.4 Perl/v5.↵
10.1
Solution : You can set the directive 'ServerTokens Prod' to limit the information emanating from the server in its response headers.
Log (CVSS: 0.0)
NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
A web server is running on this port
Log (CVSS: 0.0)
NVT: Web mirroring (OID: 1.3.6.1.4.1.25623.1.0.10662)
The following CGI have been discovered : Syntax : cginame (arguments [default value])
/phpmyadmin/phpmyadmin.css.php (token [85daf7cf6507a0b0a7b90745ff4c45d3] convcharset [utf-↵
8] collation_connection [utf8_general_ci] lang [en-utf-8] js_frame [left] nocache [3801892↵
133] )
/phpmyadmin/server_processlist.php (kill [51] token [986807e535fcb0a05fcc3587d1ab4d0d] con↵
vcharset [utf-8] collation_connection [utf8_general_ci] full [1] lang [en-utf-8] phpMyAdmi↵
n [2b5d602ada86c61288ca8a443865c62477d734ab] ) /xampp/biorhythm.php (showcode [1] )
/phpmyadmin/server_collations.php (token [986807e535fcb0a05fcc3587d1ab4d0d] convcharset [u↵
tf-8] collation_connection [utf8_general_ci] lang [en-utf-8] phpMyAdmin [2b5d602ada86c6128↵
8ca8a443865c62477d734ab] )
/xampp/lang.php (en [] de [] pl [] nl [] it [] no [] es [] jp [] zh [] pt_br [] fr [] ) /phpmyadmin/Documentation.html (phpMyAdmin [b49316dec728e593cb19ac17bf31ab43067e31ba] ) /phpmyadmin/server_databases.php (token [986807e535fcb0a05fcc3587d1ab4d0d] sort_order [des↵
c] convcharset [utf-8] collation_connection [utf8_general_ci] pos [0] sort_by [SCHEMA_NAME↵
] lang [en-utf-8] phpMyAdmin [2b5d602ada86c61288ca8a443865c62477d734ab] dbstats [0] ) /phpmyadmin/server_engines.php (token [986807e535fcb0a05fcc3587d1ab4d0d] engine [InnoDB] c↵
onvcharset [utf-8] collation_connection [utf8_general_ci] lang [en-utf-8] phpMyAdmin [2b5d↵
602ada86c61288ca8a443865c62477d734ab] )
/phpmyadmin/index.php (kill [51] token [85daf7cf6507a0b0a7b90745ff4c45d3] target [server_s↵
ql.php] convcharset [utf-8] collation_connection [utf8_general_ci] lang [en-utf-8] server ↵
[1] db [555-555-0199%40example.com] phpMyAdmin [b49316dec728e593cb19ac17bf31ab43067e31ba] ↵
)
/xampp/cds.php (interpret [] titel [] showcode [1] jahr [] )
/phpmyadmin/db_create.php (phpMyAdmin [2b5d602ada86c61288ca8a443865c62477d734ab] lang [en-↵
utf-8] convcharset [utf-8] collation_connection [utf8_general_ci] token [986807e535fcb0a05↵
fcc3587d1ab4d0d] reload [1] new_db [] db_collation [] )
/xampp/phonebook.php (showcode [1] phone [] lastname [] firstname [] )
/phpmyadmin/server_sql.php (token [986807e535fcb0a05fcc3587d1ab4d0d] convcharset [utf-8] c↵
ollation_connection [utf8_general_ci] lang [en-utf-8] phpMyAdmin [2b5d602ada86c61288ca8a44↵
3865c62477d734ab] )
/phpmyadmin/server_variables.php (token [986807e535fcb0a05fcc3587d1ab4d0d] convcharset [ut↵
f-8] collation_connection [utf8_general_ci] lang [en-utf-8] phpMyAdmin [2b5d602ada86c61288↵
ca8a443865c62477d734ab] )
/phpmyadmin/querywindow.php (token [85daf7cf6507a0b0a7b90745ff4c45d3] convcharset [utf-8] ↵
sql_query [] table [] collation_connection [utf8_general_ci] lang [en-utf-8] querydisplay_↵
tab [sql] db [] phpMyAdmin [b49316dec728e593cb19ac17bf31ab43067e31ba] no_js [true] )
/phpmyadmin/server_status.php (token [986807e535fcb0a05fcc3587d1ab4d0d] convcharset [utf-8↵
] flush [STATUS] collation_connection [utf8_general_ci] lang [en-utf-8] phpMyAdmin [2b5d60↵
2ada86c61288ca8a443865c62477d734ab] )
/phpmyadmin/navigation.php (token [2e9dceccc31aa3cc40f97c651729a237] convcharset [utf-8] c↵
ollation_connection [utf8_general_ci] lang [en-utf-8] phpMyAdmin [3edabf212cfb41ad6f26d291↵
54019298bac5a344] )
/phpmyadmin/server_privileges.php (checkprivs [555-555-0199%40example.com] tablename [] to↵
ken [986807e535fcb0a05fcc3587d1ab4d0d] convcharset [utf-8] hostname [%25] username [] coll↵
ation_connection [utf8_general_ci] dbname [] lang [en-utf-8] initial [] phpMyAdmin [2b5d60↵
2ada86c61288ca8a443865c62477d734ab] showall [1] )
/phpmyadmin/server_export.php (token [986807e535fcb0a05fcc3587d1ab4d0d] goto [db_export.ph↵
p] convcharset [utf-8] collation_connection [utf8_general_ci] lang [en-utf-8] phpMyAdmin [↵
2b5d602ada86c61288ca8a443865c62477d734ab] selectall [1] ) /xampp/ (action [getpdf] )
http (80/tcp)
http (80/tcp)
http (80/tcp)
http (80/tcp)
on_connection [utf8_general_ci] lang [en-utf-8] phpMyAdmin [3edabf212cfb41ad6f26d291540192↵
98bac5a344] )
/phpmyadmin/setup/index.php (check_page_refresh [] token [80ab04c9900a1b916abc9062a2c031f8↵
] submit [New server] convcharset [utf-8] collation_connection [utf8_general_ci] lang [en-↵
utf-8] mode [add] page [servers] phpMyAdmin [97535046e2c5d81269f3fe0d3a480f618adc411a] ) /xampp/iart.php (text [ceci+n+est+pas+un+ami+d+apache] showcode [1] img [1] )
/xampp/ming.php (text [ceci n est pas un ami d apache] showcode [1] )
/xampp/phpinfo.php (0 [PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000] 0 [PHPE9568F34-D428-11d2-A↵
769-00AA001ACF42] )
/phpmyadmin/server_import.php (token [986807e535fcb0a05fcc3587d1ab4d0d] convcharset [utf-8↵
] collation_connection [utf8_general_ci] lang [en-utf-8] phpMyAdmin [2b5d602ada86c61288ca8↵
a443865c62477d734ab] )
/phpmyadmin/import.php (SQL [Go] token [4bcaf704bf89d02bea9b81f09f2f9c2c] focus_querywindo↵
w [true] goto [server_sql.php] convcharset [utf-8] show_query [1] prev_sql_query [] zero_r↵
ows [Your SQL query has been executed successfully] sql_delimiter [;] collation_connection↵
[utf8_general_ci] is_js_confirmed [0] pos [0] lang [en-utf-8] phpMyAdmin [2d935b61aacd656↵
a23c0f1e6a5dd9982268ceff1] )
/phpmyadmin/setup/ (D [A] token [80ab04c9900a1b916abc9062a2c031f8] formset [features] conv↵
charset [utf-8] collation_connection [utf8_general_ci] lang [] page [form] phpMyAdmin [975↵
35046e2c5d81269f3fe0d3a480f618adc411a] )
PHP script discloses physical path at /xampp/ (/Applications/XAMPP/xamppfiles/htdocs/xampp↵
/index.php)
PHP script discloses physical path at /xampp/biorhythm.php (/Applications/XAMPP/xamppfiles↵
/htdocs/xampp/biorhythm.php)
Extraneous phpinfo() script found at /xampp/phpinfo.php Directory index found at /xampp/img/
Log (CVSS: 0.0)
NVT: Directory Scanner (OID: 1.3.6.1.4.1.25623.1.0.11032)
The following directories were discovered: /cgi-bin, /demo, /webalizer, /error
While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards
References Other:
OWASP:OWASP-CM-006
Log (CVSS: 0.0)
NVT: PHP Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800109)
Detected PHP version: 5.3.1 Location: tcp/80
CPE: cpe:/a:php:php:5.3.1
Concluded from version identification result:
Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_perl/2.0.4 ↵
Perl/v5.10.1
Log (CVSS: 0.0)
NVT: wapiti (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.80110)
wapiti could not be found in your system path.
Yarubo was unable to execute wapiti and to perform the scan you requested.
Please make sure that wapiti is installed and that wapiti is available in the PATH variable defined for your environment.
Log (CVSS: 0.0)
NVT: phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)
Detected phpMyAdmin version: 3.2.4 Location: /phpmyadmin
CPE: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 Concluded from version identification result: 3.2.4
http (80/tcp) http-alt (8080/tcp) http-alt (8080/tcp) http-alt (8080/tcp) https (443/tcp) https (443/tcp) https (443/tcp) https (443/tcp) https (443/tcp)
(Not protected by Username/Password)
Log (CVSS: 0.0)
NVT: Apache Web ServerVersion Detection (OID: 1.3.6.1.4.1.25623.1.0.900498)
Detected Apache Tomcat version: 2.2.14 Location: 80/tcp
CPE: cpe:/a:apache:http_server:2.2.14
Concluded from version identification result: Server: Apache/2.2.14 Log NVT: (OID: 0) Open port. Log (CVSS: 0.0) NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
A web server is running on this port
Log (CVSS: 0.0)
NVT: wapiti (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.80110)
wapiti could not be found in your system path.
Yarubo was unable to execute wapiti and to perform the scan you requested.
Please make sure that wapiti is installed and that wapiti is available in the PATH variable defined for your environment.
Log
NVT: (OID: 0)
Open port.
Log (CVSS: 0.0)
NVT: HTTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10107)
The remote web server type is :
Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_perl/2.0.4 Perl/v5.↵
10.1
Solution : You can set the directive 'ServerTokens Prod' to limit the information emanating from the server in its response headers.
Log (CVSS: 0.0)
NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
A TLSv1 server answered on this port
Log (CVSS: 0.0)
NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
A web server is running on this port through SSL
Log (CVSS: 0.0)
NVT: Directory Scanner (OID: 1.3.6.1.4.1.25623.1.0.11032)
The following directories were discovered: /cgi-bin, /demo, /webalizer, /error
https (443/tcp) https (443/tcp) https (443/tcp) https (443/tcp) mysql (3306/tcp) mysql (3306/tcp) mysql (3306/tcp)
these directories to ensure that they are in compliance with company security standards
References Other:
OWASP:OWASP-CM-006
Log (CVSS: 0.0)
NVT: PHP Version Detection (OID: 1.3.6.1.4.1.25623.1.0.800109)
Detected PHP version: 5.3.1 Location: tcp/443
CPE: cpe:/a:php:php:5.3.1
Concluded from version identification result:
Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_perl/2.0.4 ↵
Perl/v5.10.1
Log (CVSS: 0.0)
NVT: wapiti (NASL wrapper) (OID: 1.3.6.1.4.1.25623.1.0.80110)
wapiti could not be found in your system path.
Yarubo was unable to execute wapiti and to perform the scan you requested.
Please make sure that wapiti is installed and that wapiti is available in the PATH variable defined for your environment.
Log (CVSS: 0.0)
NVT: phpMyAdmin Detection (OID: 1.3.6.1.4.1.25623.1.0.900129)
Detected phpMyAdmin version: 3.2.4 Location: /phpmyadmin
CPE: cpe:/a:phpmyadmin:phpmyadmin:3.2.4 Concluded from version identification result: 3.2.4
(Not protected by Username/Password)
Log (CVSS: 0.0)
NVT: Apache Web ServerVersion Detection (OID: 1.3.6.1.4.1.25623.1.0.900498)
Detected Apache Tomcat version: 2.2.14 Location: 443/tcp
CPE: cpe:/a:apache:http_server:2.2.14
Concluded from version identification result: Server: Apache/2.2.14
Log
NVT: (OID: 0)
Open port.
Log (CVSS: 0.0)
NVT: MySQL/MariaDB Detection (OID: 1.3.6.1.4.1.25623.1.0.100152)
Scanner received a ER_HOST_NOT_PRIVILEGED error from the remote MySQL/MariaDB server. Some tests may fail. Allow the scanner to access the remote MySQL server for better result↵
s.
Log (CVSS: 0.0)
NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
An unknown service is running on this port. It is usually reserved for MySQL
netbios-ns (137/udp) ssh (22/tcp) ssh (22/tcp) ssh (22/tcp) ssh (22/tcp) Log (CVSS: 0.0)
NVT: Using NetBIOS to retrieve information from a Windows host (OID: 1.3.6.1.4.1.25623.1.0.10150)
The following 7 NetBIOS names have been gathered : 24 36 15 98 107 PETERSILIE 111
The remote host has the following MAC address on its adapter : 7c:d1:c3:87:c6:68
If you do not want to allow everyone to find the NetBios name of your computer, you should filter incoming traffic to this port.
Log
NVT: (OID: 0)
Open port.
Log (CVSS: 0.0)
NVT: SSH Protocol Versions Supported (OID: 1.3.6.1.4.1.25623.1.0.100259)
The remote SSH Server supports the following SSH Protocol Versions: 1.99
2.0
SSHv2 Fingerprint: 68:14:03:04:90:97:be:3d:0f:0b:38:a2:59:d0:5d:ec
Log (CVSS: 0.0)
NVT: SSH Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10267)
Detected SSH server version: SSH-2.0-OpenSSH_5.9
Remote SSH supported authentication: publickey,keyboard-interactive Remote SSH banner:
(not available)
CPE: cpe:/a:openbsd:openssh:5.9
Concluded from remote connection attempt with credentials: Login: Yarubo
Password: Yarubo
Log (CVSS: 0.0)
NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
An ssh server is running on this port