Overview

This help file contains descriptions of 46 vulnerabilities. These vulnerabilities are listed by category in the following table. You can also view this list of vulnerabilities by risk level or search for a particular vulnerability in the index.

Internet Scanner Vulnerabilities by Risk Level
Category: Vulnerabilities:
High
BackdoorPbbser Simple Unix backdoor that can remotely add a predefined entry into the host's passwd file
Bind bo BIND Inverse-Query buffer overflow allows remote root access
CGI Textcounter Textcounter CGI program allows remote command execution
ColdFusionEvaluator ColdFusion Expression Evaluator allows remote file manipulation, including creation
IIS HTR Overflow IIS servers can be manipulated to execute arbitrary code from remote via an overflow in HTR requests
Palmetto FTP FTP remote buffer overflows allow root access
Perl fingerd perl fingerd program allows remote users to execute commands
SMTP EXPN Buffer Overflow Attempt SMTP EXPN buffer overflow can crash or obtain access
SMTP VRFY Buffer Overflow Attempt SMTP VRFY buffer overflow can crash or obtain access
SmtpHeloBo SMTP HELO buffer overflow can crash or obtain access
SubsevenBackdoor SubSeven Backdoor for Windows 9x allows unimpeded remote access to infected machines
UdpScan User Datagram Protocol (UDP) scan for active ports
WinRouteConfig Winroute allows unrestricted access to proxy configuration
smtpdebug SMTP in debug mode
smtpdecode Sendmail decode/uudecode alias could allow remote attackers to create files on the system
smtpwiz Sendmail wizard (WIZ) backdoor allows anonymous remote root access
Low
CDDBD detect CDDB service detected
ColdFusionFileExists ColdFusion sample program can be used to confirm existence of arbitrary file
ICQClient ICQ is distributed network of Internet chat clients and servers
IcmpNmask ICMP netmask request response
IcmpTstamp ICMP timestamp requests
SMTPforgery SMTP server allows fake hostnames in HELO
SMTPrcpt SMTP daemons allow addresses to be verified via RCPT
VNCDetect A Virtual Network Computing server was detected
VNCDetectNoConn VNC detect no connections accepted
VNCNoAuth VNC No Authentication Required
iParty denial of service iParty server shuts down by sending characters to port
mSQLDetect mSQL Database server is running
smtpexpn SMTP EXPN command
smtpvrfy SMTP verify (VRFY) command can be used to validate users
Low
Bind DoS Illegally formatted DNS request can crash some BIND servers
CGI nphpublish nph-publish CGI script could allow remote file writing
ColdFusionFileRead ColdFusion sample program can allow remote users to read any file
ColdFusionSource ColdFusion sample can reveal source to any CFM file
ColdFusionSyntaxChecker ColdFusion syntax checker can cause a system to use all processor resources
HttpCgiCounterLong Long requests to Counter.exe web hit counter can deny further access attempts
IMailIMAPOverflow IMail IMAP service contains a buffer overflow
IMailWhoisOverflow IMail's whois32 service can be remotely crashed
Novell Files Script Novell CGI script files.pl could allow remote file viewing
SiteServerCSC SiteServer 3.0 AdSamples installation could expose SQL server login information
Startech POP3 Startech POP3 proxy contains a buffer overflow that can crash the service
dataflood Data flood
pingbomb Ping of Death
rwhod - vulnerable Rwho daemon overflow
smtprelay Sendmail %style blind relaying can be used to obfuscate the origin of e-mails
syslogflood Syslog flood