Overview

This help file contains descriptions of 103 vulnerabilities. These vulnerabilities are listed by category in the following table. You can also view this list of vulnerabilities by risk level or search for a particular vulnerability in the index.

Internet Scanner Vulnerabilities by Category
Category: Vulnerabilities:
DNS
bindvrs BIND servers can be remotely queried for their version
Firewalls
SOCKS SOCKS v3 daemon misconfigured
SocksV4 SOCKS v4 daemon misconfigured
SocksV5 SOCKS v5 daemon misconfigured
ftpproxy FTP proxy penetrated
squidprox Squid proxy was penetrated to reach protected hosts
wwwproxypen HTTP proxy penetrated
Information Gathering
rstatd NIS rstat service is running
rstatout Rstat output
NIS
YpBindReserved Ypbind is running over a non-reserved port
YpServReserved Ypserv on unreserved Port
ypbind NIS YPBind service
ypmap NIS maps
yppasswdd Yppasswdd service
ypserv NIS Yellow Pages (YP) service is running
ypxfrd Ypxfrd service
NT Password
guestblankpw Guest user has blank password
guestnopw Guest account has no password
guestuserpw Guest username same as password
NT Policy Issues
Lockout Duration Lockout duration insufficient
Lockout Window Lockout window insufficient
Logon Hours Not Set Logon hours not set
Primary Domain Controller Primary domain controller identified
lockout Lockout threshold incorrect
NT Users
Act as System Privilege Inappropriate user with Act as Part of the Operating System privilege
Backup Privilege Inappropriate user with Backup Files and Directories privilege
Change System Time Privilege Inappropriate user with Change the System Time privilege
Create Pagefile Privilege Inappropriate user with Create a Pagefile privilege
Create Permanent Object Privilege Inappropriate user with Create Permanent Shared Objects privilege
Create Token Name Privilege Inappropriate user with Create a Token Object privilege
Debug Privilege Inappropriate user with Debug Programs privilege
Disabled Account Disabled account
Domain Admin Domain Administrators group includes non-default user
Domain Guest Domain Guest group includes non-default user
Dormant Account Dormant account
Forced Logoff Forced logoff not enabled for account with expired time
Generate Security Audit Privilege Inappropriate user with Generate Security Audits privilege
Guest Exists Guest account name exists
Guest User Guest account includes unallowed user
Guest in Group Guest account in non-default group
Increase Priority Privilege Inappropriate user with Increase Scheduling Priority privilege
Increase Quota Privilege Inappropriate user with Increase Quotas privilege
Interactive Guest Logon Windows NT Interactive_Guest_Logon
Load Driver Privilege Inappropriate user with Load and Unload Device Drivers privilege
Local User Windows NT local user on workstation
Lock Memory Privilege Inappropriate user with Lock Pages in Memory privilege
Locked Account Locked account from bad login attempts
Manage Security Log Privilege Inappropriate user with Manage Auditing and Security Log privilege
Network Guest Logon Windows NT network Guest logon
No Logon Windows NT user has never logged on
No User Profile No user profile required
Profile Single Process Privilege Inappropriate user with Profile Single Process privilege
Profile System Privilege Inappropriate user with Profile System Performance privilege
Remote Shutdown Privilege Inappropriate user with Force Shutdown from a Remote System privilege
Replace Process Token Privilege Inappropriate user with Replace a Process Level Token privilege
Restore Privilege Inappropriate user with Restore Files and Directories privilege
System Environment Privilege Inappropriate user with Modify Firmware Environment Values privilege
Take Ownership Privilege Inappropriate user with Take Ownership of Files or Other Objects privilege
Workstation not restricted Windows NT workstations not restricted
Protocol Spoofing
RipAppend Routed append vulnerability allows remote file manipulation
RPC
3270 mapper 3270 mapper service
PmapUnset Portmap UNSET procedure requested
Sunlink Mapper Sunlink mapper service
Ugidd Check Ugidd daemon can reveal usernames on Linux machines
admind Admind or Sadmind running
alis RPC alis service
bootparam Bootparam enabled
bootpdom Bootparam supplies domain name
database service RPC database service
keyserv RPC keyserv service
llockmgr RPC llockmgr service
nlockmgr RPC nlockmgr service
nsed nsed service
nsemntd nsemntd service
pmapsunset Portmap UNSET procedure requested with spoofed address
rexd Rexd running
rje mapper rje mapper service
rpc32771 RPC bind service on improper port
rpc_snmp RPC SNMP service detected running
rpcpcnfsd RPC pcnfsd service allows remote command execution as root
rpcstatd RPC statd remote file creation and removal
rpcupdate RPC ypupdated daemon allows remote commands execution as root
rquotad rquotad service
ruserout Rusers output
rusersd Rusers running
sched RPC sched service
selsvcvuln Remote file access through selection service
showfhd showfhd service
sprayd Sprayd service
statmon RPC statmon service
tfsd Tfsd service
walld Rpc.walld wall daemon running
x25.inr X25 daemon running
Router/Switch
Ascend-kill2 SNMP Ascend Pipeline and MAX denial of service vulnerability
Cisco CHAP/PPP Vulnerability Cisco CHAP authentication failure allows unauthorized PPP connections
CiscoACL Cisco IOS access control list vulnerable via 'tacacs' keyword
CiscoACL Established Cisco IOS access control list vulnerable via 'established' keyword
CiscoIOS Cisco IOS can be remotely crashed and rebooted by unauthenticated users
CiscoIOS AAA Authenticate Cisco IOS AAA does not properly authenticate users
CiscoLand Cisco vulnerable to land attack
bruteciscoenable Cisco administrative account accessible
Shares
nbdict NetBIOS dictionary attack
NT Users
httpproxy HTTP proxy detected