Overview

This help file contains descriptions of 107 vulnerabilities. These vulnerabilities are listed by category in the following table. You can also view this list of vulnerabilities by risk level or search for a particular vulnerability in the index.

Internet Scanner Vulnerabilities by Category
Category: Vulnerabilities:
Backdoors
Active Modem Modem detected and active
BackOrifice Back Orifice default installation
Fsp FSP daemon running
NetBus NetBus trojan horse allows complete remote control of Windows systems
PortdCheck Portd running
Browser
IE ActiveX execution Internet Explorer allows ActiveX controls to be automatically executed
IE accept cookies Internet Explorer accept cookies warning disabled
IE active content Internet Explorer has low active content security enabled
IE active download Internet Explorer allows active content to be automatically downloaded
IE active scripting Internet Explorer active scripting is enabled
IE cached pages Internet Explorer allows secure content to be cached
IE form redirection Internet Explorer Form redirection enabled
IE java enabled Internet Explorer has Java enabled
IE non-secure submission Internet Explorer non-secure form submission warning is disabled
IE outdated Internet Explorer is outdated
IE secure site Internet Explorer entering/leaving a secure site warning disabled
IE send certificate Internet Explorer has the check security certificate before sending option disabled
IE view Certificate Internet Explorer has check security certificate before viewing option disabled
Nav Java enabled Netscape Navigator has Java enabled
Nav Javascript enabled Netscape Navigator has JavaScript enabled
Nav accept cookies Netscape Navigator accept cookies warning
Nav enter secure site Netscape Navigator entering a secure site warning is disabled
Nav leave secure site Netscape Navigator leaving a secure site warning is disabled
Nav mixed document Netscape Navigator mixed document security warning is disabled
Nav non-secure submission Netscape Navigator non-secure form submission warning is disabled
Nav outdated Netscape Navigator is outdated
Brute Force
defftp FTP default account accessible
defpop POP3 default account accessible
defrexec Rexec default account accessible
defrsh Rsh default account accessible
kerbbf Kerberos IV brute force
kerbul Kerberos IV peek accesses user names and information
CGI-Bin
Aglimpse Glimpse HTTP aglimpse remote execution vulnerability
AnyForm AnyForm CGI script allows remote execution of arbitrary commands
Campas Campas cgi-bin file executes remote commands
FormMailExec FormMail remote execution
FormMailUse FormMail remote usage
GuestBookCheck Guestbook could allow execution of commands from remote
HTTP Glimpse Vulnerability Glimpse HTTP aglimpse remote execution vulnerability
PHPBufferOverflow php.cgi buffer overflow
PHPread PHP remote file read vulnerability
ViewSource HTTP View source vulnerability
cgiexec CGI program executed an arbitrary command
nphtestcgi Nph-test-cgi file listing vulnerability
vulncgi CGI-BIN programs vulnerable
vulnphf Phone book CGI phf allows remote execution of arbitrary commands
vulntestcgi Test-cgi sample CGI script allows remote retrieval of file listings
Daemons
DguxFing DG/UX finger shell metacharacters allowed
LinTftp Linux TFTP didn't restrict users to tftpboot directory, allowing remote retrieval of files
Sshd 1223 Check Sshd version 1.2.23 obsolete
Sshd1217 Obsolete sshd 1.2.17 running
SshdInfo Sshd advertises information
SshdRhosts SSH .rhosts weak authentication
echo Echo service
finger Finger service
innd vuln INN control message vulnerable
linkerbug Dynamic Linker telnet vulnerability
nntppost NNTP posting
nntpread NNTP reading
rip RIP tables modified
rlogin Rlogin -froot command could allow remote root access
routed Routed service active
rshequiv Rsh vulnerable in hosts.equiv
rshnull Rsh null vulnerable
telnet Windows NT telnet service installed
tftp TFTP
uucp UUCP available
E-mail
identd Identd remote execution via sendmail
identdresp SMTP host possibly vulnerable
popimap Popd buffer overflow vulnerability
Information Gathering
Finger Names Finger output from common names
Finger Output Stock fingerd running
IdentdUsers Ident daemon can be used to remotely gather the username's system servers run under
Whois Whois information
filesgrabbed Files obtained
traceroute Traceroute can be used to map network topologies
NIS
LinPlus Linux NIS could treat '+' user as a normal login account
NT Critical Issues
Add Workstation Privilege Inappropriate user with Add Workstations to Domain privilege
Altered System Value Altered system value
Critical Key Permissions Critical key permissions incorrect
Posix Enabled POSIX subsystem enabled
accountblankpw User account has blank password
accountuserpw User account has a password the same as the account name
adminblankpw Administrator account has blank password
adminnopw Administrator has no password
adminuserpw Administrator username same as password
autologon Autologon is enabled
fpnwclnt FPNWCLNT.DLL not found
fpnwclnt checksum FPNWCLNT.DLL has incorrect checksum
fpnwclnt incorrect FPNWCLNT.DLL incorrect size
getadmin GetAdmin patch not applied
ntpwdll LSA registry key altered
NT Policy Issues
Account Management Audit Account management auditing not enabled
Allocate CDRoms CD-ROM available to all users
Allocate Floppy Allocate floppy
Backup Domain Controller Backup domain controller identified
Logon Audit Logon and Logoff auditing not enabled
Object Audit File and object access auditing not enabled
Policy Audit Policy change auditing not enabled
Privilege Audit Privilege auditing not enabled
Process Audit Process auditing not enabled
System Audit System auditing not enabled
adminexists Windows NT default Administrator User ID exists
guestenabled Guest account enabled
NT Services
alerter Alerter service
Protocol Spoofing
seqport System allocates ports in a sequential or predictable order
NT Critical Issues
snmp SNMP can reveal possibly sensitive information about hosts