Overview

This help file contains descriptions of 97 vulnerabilities. These vulnerabilities are listed by category in the following table. You can also view this list of vulnerabilities by risk level or search for a particular vulnerability in the index.

Internet Scanner Vulnerabilities by Category
Category: Vulnerabilities:
Browser
Zone Active X execution Zone ActiveX execution
Zone active scripting Zone active scripting
Zone auto authenticate Zone auto user authentication
Zone desktop install Zone desktop install
Zone file download Zone file download
Zone file launch Zone file launch
Zone java scripting Zone Java scripting
Zone low channel permissions Zone low channel permissions
Zone low java permissions URL Security Zone low Java permissions
Zone non-secure form submission Zone non-secure form submission
Zone safe scripting enabled Zone ActiveX safe scripting enabled
Zone signed download Zone signed ActiveX download
Zone unsafe scripting enabled Zone scripting of unsafe ActiveX controls
Zone unsigned download URL security zone unsigned ActiveX download
DCOM
DCOM DCOM is enabled
DCOM Access Permission DCOM access permission incorrect
DCOM Auth Level DCOM default authentication level
DCOM Config Writable DCOM configuration writable
DCOM Default Access DCOM default access
DCOM Default Launch DCOM default launch
DCOM Launch Permission DCOM launch permission incorrect
DCOM RunAs DCOM RunAs value altered
Daemons
SybaseDetectTCP Database service detected via TCP
E-mail
ExchangeAnonIMAP Exchange anonymous IMAP allowed
LDAP
LDAP Config LDAP config information available
LDAP Exchange Overflow LDAP Exchange overflow crashes LDAP server
LDAP NullBase LDAP null base returns information
LDAP NullBind LDAP anonymous access to directory
LDAP NullSubtree LDAP null subtree allows user to gain information
LDAP Schema LDAP schema information gathering
LDAP monitor LDAP monitor information gathering
NT Patches
IIS CGI Overflow IIS can be remotely crashed by excessively long client requests
MsrpcLsaLookupnamesDos Windows NT Local Security Authority (LSA) can be remotely crashed, requiring a system reboot
NT Help Overflow Windows NT 4.0 help file utility contains a locally exploitable buffer overflow
NT RAS Overflow Windows NT RAS client contains an exploitable buffer overflow
NT SNMPAgent Leak Windows NT SNMP agent has a serious memory leak
NTKnownDLLsList Windows NT 4.0 domain caching feature can be exploited to gain administrator privileges
NTSP4AuthError Windows NT 4.0 SP4 could allow null passwords to be used for access
NTScreenSaver Windows NT screen saver can be used to compromise admin privileges
NTginaPaste Windows NT gina flaw allows some clipboard text to be revealed
NTnprpcDoS Windows NT RPC services can be used to deplete system resources
NtCsrssDos Windows NT CSRSS denial of service attack
NtMalformedImageHeader Windows NT can be crashed by executables containing malformed image headers
RRASIncomingStop RRAS under stress stops responding to incoming calls
RRASPasswordFix RRAS caches security credentials when using Dial-up Networking client
Snork DoS Windows NT "snork" attack can disable machines
Network Sniffers
NetXRay3Probe NetXRay 3.x probe detect
NetXRay3ProbeNoPass NetXRay 3.x probe unpassworded
RPC
ToolTalk Overflow CDE rpc.ttdbserver daemon allows remote root access
irixfam FAM server lists files on IRIX systems
Router/Switch
SNMPCiscoPingball Cisco equipment can be used to send ICMP pings via SNMP
SNMPCiscoRTTMONKill Cisco SNMP agent can be instructed to shut down the RTT monitor service
SNMPRMONGetEventCommunityStrings Cisco SNMP agent can reveal event community strings
SNMP
NT Delete Records WINS records deletion via SNMP
NT Wins Dump Windows NT/WINS exploit using SNMP
SNMP Community SNMP community name is world readable by default
SNMP kill interface SNMP kill interface
SNMPKillAuthTrap SNMP agents can be instructed not to notify management stations
SNMPShowInterface SNMP agents reveal information about network interfaces
SNMPShowRMON SNMP RMON agents can monitor network and application activity
SNMPShowRoutes SNMP agents reveal information about network routing
Snmp - NetBIOS NetBIOS information available from SNMP
Snmp Get Any Community SNMP_Get able to retrieve any Community Name
Snmp Get Guessable Community SNMP_Get able to guess Community Name
Snmp Get Public Community SNMP_Get able to retrieve Public Community Name
Snmp Set Any Community SNMP_Set used any Community Name to change system information
Snmp Set Guessable Community SNMP_Set guessed Community Name and changed system information
Snmp Set Public Community SNMP_Set used Public Community Name to change system information
snmp_comm SNMP server configured without communities
snmp_info SNMP public information
Shares
NetBIOS share NetBIOS share found
Open NetBIOS share NetBIOS share has no access control
Open Samba Share Samba open share
Root Share SMB NetBIOS entire drive available
Samba Overflow Samba buffer overflow
Writable NetBIOS share NetBIOS share writable
insecure file system File system insecure
nbperm NetBIOS permutations attack vulnerability
nbsmbpwl Password cache files accessible
NT Patches
Apache cookie Apache cookies buffer overflow
Aspdot check IIS ASP dot bug
Convert Check Novell Convert.bas web server script vulnerability
DATA bug IIS ASP DATA bug in Windows NT-based web servers
Handler Check IRIX handler CGI allows remote command execution
ScriptAlias ScriptAlias directive allows remote CGI script access
Uploader WebSite 1.1 uploader vulnerability
Webdist SGI Webdist CGI script allows remote command execution
Websendmail WebGais websendmail allows remote command execution
WinSample WebSite 1.1 for Windows NT winsample vulnerability
Wrap Check SGI IRIX cgi-bin wrap directory listing vulnerability
aspsource IIS ASP dot bug
httpd HTTP (WWW server) port active
httppassword HTTP basic authorization password guessed
iiscmd Win32 web servers could allow remote command execution through .CMD and .BAT files
noindex Web server directories without an index file
rootdotdot Root dot dot
unreslink HTTP server with unresolvable local links