Overview

This help file contains descriptions of 97 vulnerabilities. These vulnerabilities are listed by category in the following table. You can also view this list of vulnerabilities by risk level or search for a particular vulnerability in the index.

Internet Scanner Vulnerabilities by Risk Level
Category: Vulnerabilities:
High
Apache cookie Apache cookies buffer overflow
Handler Check IRIX handler CGI allows remote command execution
LDAP Exchange Overflow LDAP Exchange overflow crashes LDAP server
NT Help Overflow Windows NT 4.0 help file utility contains a locally exploitable buffer overflow
NT RAS Overflow Windows NT RAS client contains an exploitable buffer overflow
NTKnownDLLsList Windows NT 4.0 domain caching feature can be exploited to gain administrator privileges
NTSP4AuthError Windows NT 4.0 SP4 could allow null passwords to be used for access
NTScreenSaver Windows NT screen saver can be used to compromise admin privileges
Samba Overflow Samba buffer overflow
Snmp Set Any Community SNMP_Set used any Community Name to change system information
Snmp Set Guessable Community SNMP_Set guessed Community Name and changed system information
Snmp Set Public Community SNMP_Set used Public Community Name to change system information
ToolTalk Overflow CDE rpc.ttdbserver daemon allows remote root access
Uploader WebSite 1.1 uploader vulnerability
Webdist SGI Webdist CGI script allows remote command execution
Websendmail WebGais websendmail allows remote command execution
WinSample WebSite 1.1 for Windows NT winsample vulnerability
Writable NetBIOS share NetBIOS share writable
httpd HTTP (WWW server) port active
httppassword HTTP basic authorization password guessed
iiscmd Win32 web servers could allow remote command execution through .CMD and .BAT files
nbperm NetBIOS permutations attack vulnerability
Low
DCOM DCOM is enabled
ExchangeAnonIMAP Exchange anonymous IMAP allowed
NTginaPaste Windows NT gina flaw allows some clipboard text to be revealed
NetBIOS share NetBIOS share found
NtMalformedImageHeader Windows NT can be crashed by executables containing malformed image headers
RRASIncomingStop RRAS under stress stops responding to incoming calls
SNMP Community SNMP community name is world readable by default
SNMPCiscoRTTMONKill Cisco SNMP agent can be instructed to shut down the RTT monitor service
SNMPShowInterface SNMP agents reveal information about network interfaces
SNMPShowRMON SNMP RMON agents can monitor network and application activity
SNMPShowRoutes SNMP agents reveal information about network routing
ScriptAlias ScriptAlias directive allows remote CGI script access
Snmp Get Any Community SNMP_Get able to retrieve any Community Name
Snmp Get Guessable Community SNMP_Get able to guess Community Name
Snmp Get Public Community SNMP_Get able to retrieve Public Community Name
SybaseDetectTCP Database service detected via TCP
Zone active scripting Zone active scripting
Zone auto authenticate Zone auto user authentication
Zone desktop install Zone desktop install
Zone file download Zone file download
Zone file launch Zone file launch
Zone java scripting Zone Java scripting
Zone low channel permissions Zone low channel permissions
Zone non-secure form submission Zone non-secure form submission
Zone safe scripting enabled Zone ActiveX safe scripting enabled
Zone signed download Zone signed ActiveX download
insecure file system File system insecure
irixfam FAM server lists files on IRIX systems
noindex Web server directories without an index file
snmp_comm SNMP server configured without communities
snmp_info SNMP public information
unreslink HTTP server with unresolvable local links
High
Aspdot check IIS ASP dot bug
Convert Check Novell Convert.bas web server script vulnerability
DATA bug IIS ASP DATA bug in Windows NT-based web servers
DCOM Access Permission DCOM access permission incorrect
DCOM Auth Level DCOM default authentication level
DCOM Config Writable DCOM configuration writable
DCOM Default Access DCOM default access
DCOM Default Launch DCOM default launch
DCOM Launch Permission DCOM launch permission incorrect
DCOM RunAs DCOM RunAs value altered
IIS CGI Overflow IIS can be remotely crashed by excessively long client requests
LDAP Config LDAP config information available
LDAP NullBase LDAP null base returns information
LDAP NullBind LDAP anonymous access to directory
LDAP NullSubtree LDAP null subtree allows user to gain information
LDAP Schema LDAP schema information gathering
LDAP monitor LDAP monitor information gathering
MsrpcLsaLookupnamesDos Windows NT Local Security Authority (LSA) can be remotely crashed, requiring a system reboot
NT Delete Records WINS records deletion via SNMP
NT SNMPAgent Leak Windows NT SNMP agent has a serious memory leak
NT Wins Dump Windows NT/WINS exploit using SNMP
NTnprpcDoS Windows NT RPC services can be used to deplete system resources
NetXRay3Probe NetXRay 3.x probe detect
NetXRay3ProbeNoPass NetXRay 3.x probe unpassworded
NtCsrssDos Windows NT CSRSS denial of service attack
Open NetBIOS share NetBIOS share has no access control
Open Samba Share Samba open share
RRASPasswordFix RRAS caches security credentials when using Dial-up Networking client
Root Share SMB NetBIOS entire drive available
SNMP kill interface SNMP kill interface
SNMPCiscoPingball Cisco equipment can be used to send ICMP pings via SNMP
SNMPKillAuthTrap SNMP agents can be instructed not to notify management stations
SNMPRMONGetEventCommunityStrings Cisco SNMP agent can reveal event community strings
Snmp - NetBIOS NetBIOS information available from SNMP
Snork DoS Windows NT "snork" attack can disable machines
Wrap Check SGI IRIX cgi-bin wrap directory listing vulnerability
Zone Active X execution Zone ActiveX execution
Zone low java permissions URL Security Zone low Java permissions
Zone unsafe scripting enabled Zone scripting of unsafe ActiveX controls
Zone unsigned download URL security zone unsigned ActiveX download
aspsource IIS ASP dot bug
nbsmbpwl Password cache files accessible
rootdotdot Root dot dot