| Host Name |
Severity |
Vulnerability / Service |
Class |
CVE |
Exploit Available? |
| host1.domain.com |
critical |
Download.Ject detected on web server |
Other |
|
no |
| host1.domain.com |
critical |
Guessed password to windows account (foobar:foobar) |
Passwords |
|
no |
| host1.domain.com |
critical |
MS FrontPage Server Extension Vulnerability: /_vti_bin/shtml.dll |
Web |
CVE-2003-0824 |
no |
| host1.domain.com |
critical |
MS FrontPage Server Extension Vulnerability: remote debug |
Web |
CVE-2003-0822 |
yes |
| host1.domain.com |
critical |
Folder traversal in IIS (Double Decoding) |
Web |
CVE-2001-0333 |
yes |
| host1.domain.com |
critical |
Folder traversal in IIS (Unicode Translation) |
Web |
CVE-2000-0884 |
yes |
| host1.domain.com |
critical |
vulnerabilities in IIS 5 |
Web |
CVE-2000-0770 CVE-2001-0151 CVE-2001-0241 CVE-2001-0500 CVE-2001-0507 CVE-2002-0869 CVE-2002-1180 CVE-2002-1181 CVE-2002-1182 CVE-2003-0223 CVE-2003-0224 CVE-2003-0225 CVE-2003-0226 |
yes |
| host1.domain.com |
critical |
MailEnable HTTPMail vulnerability |
Mail |
CVE-2005-1348 CVE-2005-2222 CVE-2006-1338 |
yes |
| host1.domain.com |
critical |
MS Site Server default account |
Other |
CVE-2002-1769 CVE-2002-2073 CVE-2002-2081 |
no |
| host1.domain.com |
critical |
vulnerability in Windows Media Services (nsiislog.dll) |
Web |
CVE-2003-0227 CVE-2003-0349 |
no |
| host1.domain.com |
critical |
Windows Plug and Play vulnerability |
Windows OS |
CVE-2005-1983 |
yes |
| host1.domain.com |
critical |
RPC runtime library vulnerability |
Windows OS |
CVE-2003-0807 CVE-2003-0813 CVE-2004-0116 CVE-2004-0124 |
no |
| host1.domain.com |
critical |
Windows 2000 ASN1 buffer overflow |
Windows OS |
CVE-2003-0818 |
no |
| host1.domain.com |
critical |
Windows 2000 RPC buffer overflow |
Windows OS |
CVE-2003-0352 |
yes |
| host1.domain.com |
critical |
Windows COM+ command execution vulnerability |
Windows OS |
CVE-2005-1978 CVE-2005-1979 CVE-2005-1980 CVE-2005-2119 |
no |
| host1.domain.com |
critical |
Windows SMB Transaction response buffer overflow |
Windows OS |
CVE-2005-0045 |
no |
| host1.domain.com |
critical |
Windows SMB input validation vulnerability |
Windows OS |
CVE-2005-1206 |
no |
| host1.domain.com |
critical |
Windows TCP/IP vulnerabilities |
Windows OS |
CVE-2004-0230 CVE-2004-0790 CVE-2004-1060 CVE-2005-0048 CVE-2005-0688 |
no |
| host1.domain.com |
critical |
Windows WMF gdi32.dll vulnerability |
Windows OS |
CVE-2005-4560 |
yes |
| host1.domain.com |
critical |
pointer corruption vulnerability in WINS replication service |
Windows OS |
CVE-2004-0567 CVE-2004-1080 |
yes |
| host1.domain.com |
critical |
Worm detected (Code Red II) |
Other |
|
no |
| host1.domain.com |
concern |
Web server allows cross-site tracing |
Web |
|
no |
| host1.domain.com |
concern |
Windows DNS server allows cache poisoning |
DNS |
CVE-2001-1452 |
no |
| host1.domain.com |
concern |
Internet Explorer COM object memory corruption |
Windows OS |
CVE-2005-2127 |
no |
| host1.domain.com |
concern |
Internet Explorer Create Text Range code injection |
Windows OS |
CVE-2006-1185 CVE-2006-1186 CVE-2006-1188 CVE-2006-1189 CVE-2006-1190 CVE-2006-1191 CVE-2006-1192 CVE-2006-1245 CVE-2006-1359 CVE-2006-1388 |
yes |
| host1.domain.com |
concern |
Internet Explorer JPEG buffer overflow |
Windows OS |
CVE-2005-1988 CVE-2005-1989 CVE-2005-1990 |
yes |
| host1.domain.com |
concern |
Internet Explorer JS stack overflow |
Windows OS |
CVE-2006-0753 CVE-2006-0830 |
no |
| host1.domain.com |
concern |
Internet Explorer JavaScript vulnerability |
Windows OS |
CVE-2005-1790 CVE-2005-2829 CVE-2005-2830 CVE-2005-2831 |
yes |
| host1.domain.com |
concern |
Internet Explorer PNG buffer overflow |
Windows OS |
CVE-2002-0648 CVE-2005-1211 |
no |
| host1.domain.com |
concern |
Internet Explorer URL parsing buffer overflow |
Windows OS |
CVE-2005-0553 CVE-2005-0554 CVE-2005-0555 |
yes |
| host1.domain.com |
concern |
Internet Explorer WMF handling vulnerability |
Windows OS |
CVE-2006-0020 |
no |
| host1.domain.com |
concern |
vulnerability in License Logging Service |
Windows OS |
CVE-2005-0050 |
no |
| host1.domain.com |
concern |
AxWebRemoveCtrl ActiveX control enabled |
Web |
CVE-2005-3693 |
no |
| host1.domain.com |
concern |
CodeSupport ActiveX control enabled |
Web |
CVE-2005-3650 |
no |
| host1.domain.com |
concern |
null session access using alternate pipes |
Windows OS |
CVE-2005-2150 |
no |
| host1.domain.com |
concern |
Windows Plug and Play privilege elevation |
Windows OS |
CVE-2005-2120 |
no |
| host1.domain.com |
concern |
Run key allows write access |
Windows OS |
CVE-1999-0589 |
no |
| host1.domain.com |
concern |
Uninstall key allows write access |
Windows OS |
CVE-1999-0589 |
no |
| host1.domain.com |
concern |
Windows telephony service vulnerability |
Windows OS |
CVE-2005-0058 |
yes |
| host1.domain.com |
concern |
DirectShow buffer overflow |
Windows OS |
CVE-2005-2128 |
no |
| host1.domain.com |
concern |
HTML Application Host vulnerability in Windows shell |
Windows OS |
CVE-2005-0063 |
no |
| host1.domain.com |
concern |
Microsoft Color Management Module buffer overflow |
Windows OS |
CVE-2005-1219 |
yes |
| host1.domain.com |
concern |
Microsoft Data Access Component vulnerability |
Windows OS |
CVE-2006-0003 |
yes |
| host1.domain.com |
concern |
Windows DHTML Editing Component vulnerability |
Windows OS |
CVE-2004-1319 |
no |
| host1.domain.com |
concern |
Windows Explorer COM object command execution |
Windows OS |
CVE-2004-2289 CVE-2006-0012 |
no |
| host1.domain.com |
concern |
Windows Hyperlink Object Library buffer overflow |
Windows OS |
CVE-2005-0057 |
no |
| host1.domain.com |
concern |
Windows Kernel privilege elevation vulnerability |
Windows OS |
CVE-2005-2827 |
no |
| host1.domain.com |
concern |
Windows Media Player plug-in EMBED vulnerability |
Windows OS |
CVE-2006-0005 |
yes |
| host1.domain.com |
concern |
Windows Web Fonts vulnerability |
Windows OS |
CVE-2006-0010 |
no |
| host1.domain.com |
concern |
Windows shortcut file command execution |
Windows OS |
CVE-2005-2117 CVE-2005-2118 CVE-2005-2122 |
no |
| host1.domain.com |
concern |
vulnerable WinZip version: 8.0 |
Other |
CVE-2001-0449 CVE-2004-1465 |
no |
| host1.domain.com |
potential |
guessable read community string |
Networking/SNMP |
CVE-1999-0516 CVE-1999-0517 |
no |
| host1.domain.com |
potential |
Internet Explorer Shell.Explorer object enabled |
Windows OS |
CVE-2004-0985 |
no |
| host1.domain.com |
potential |
Javaprxy.dll access through Internet Explorer |
Windows OS |
CVE-2005-2087 |
yes |
| host1.domain.com |
potential |
last user name shown in login box |
Windows OS |
CVE-1999-0592 |
no |
| host1.domain.com |
potential |
MailEnable Enterprise 1.04 may be vulnerable |
Mail |
CVE-2005-1013 CVE-2005-1781 CVE-2005-2223 |
yes |
| host1.domain.com |
potential |
possible vulnerability in MailEnable Enterprise IMAP 1.04 |
Mail |
CVE-2005-1014 CVE-2005-1015 CVE-2005-2278 CVE-2005-3155 CVE-2005-3690 CVE-2005-3691 CVE-2005-3813 CVE-2005-3993 CVE-2005-4402 CVE-2005-4456 CVE-2005-4457 CVE-2006-0504 |
yes |
| host1.domain.com |
potential |
possible vulnerability in MailEnable Enterprise POP3 1.04 |
Mail |
CVE-2006-1337 |
no |
| host1.domain.com |
potential |
possible vulnerability in MailEnable POP3 0 |
Mail |
|
no |
| host1.domain.com |
potential |
excessive null session access |
Windows OS |
CVE-2000-1200 |
no |
| host1.domain.com |
potential |
Possible ODBC RDS Vulnerability |
Web |
CVE-1999-1011 CVE-2002-1142 |
no |
| host1.domain.com |
potential |
chargen could be used in UDP bomb |
Networking/SNMP |
CVE-1999-0103 |
no |
| host1.domain.com |
potential |
pop receives password in clear |
Mail |
|
no |
| host1.domain.com |
potential |
possible vulnerability in PPTP service |
Other |
CVE-2002-1214 |
no |
| host1.domain.com |
potential |
SNMP is enabled and may be vulnerable |
Networking/SNMP |
CVE-1999-0615 CVE-2002-0012 CVE-2002-0013 CVE-2002-0053 CVE-2002-0796 CVE-2002-0797 |
no |
| host1.domain.com |
potential |
TCP reset using approximate sequence number |
Other |
CVE-2004-0230 |
no |
| host1.domain.com |
potential |
password complexity policy disabled |
Windows OS |
CVE-1999-0535 |
no |
| host1.domain.com |
potential |
weak account lockout policy (0) |
Windows OS |
CVE-1999-0582 |
no |
| host1.domain.com |
potential |
weak minimum password age policy (0 days) |
Windows OS |
CVE-1999-0535 |
no |
| host1.domain.com |
potential |
weak minimum password length policy (0) |
Windows OS |
CVE-1999-0535 |
no |
| host1.domain.com |
potential |
weak password history policy (0) |
Windows OS |
CVE-1999-0535 |
no |
| host1.domain.com |
potential |
non-administrative users can act as part of the operating system |
Windows OS |
CVE-1999-0534 |
no |
| host1.domain.com |
potential |
non-administrative users can bypass traverse checking |
Windows OS |
CVE-1999-0534 |
no |
| host1.domain.com |
potential |
non-administrative users can create token object |
Windows OS |
CVE-1999-0534 |
no |
| host1.domain.com |
potential |
auditing is disabled |
Windows OS |
CVE-1999-0575 |
no |
| host1.domain.com |
potential |
Password never expires for user LDAP_Anonymous |
Windows OS |
|
no |
| host1.domain.com |
potential |
Password never expires for user foobar |
Windows OS |
|
no |
| host1.domain.com |
potential |
Client Service for Netware vulnerability |
Windows OS |
CVE-2005-1985 |
no |
| host1.domain.com |
potential |
Collaboration Data Objects vulnerability |
Windows OS |
CVE-2005-1987 |
no |
| host1.domain.com |
potential |
FTP Client vulnerability |
Windows OS |
CVE-2005-2126 |
no |
| host1.domain.com |
potential |
Jet Database Engine input validation problems |
Windows OS |
CVE-2005-0944 |
yes |
| host1.domain.com |
potential |
Microsoft Agent spoofing vulnerability |
Windows OS |
CVE-2005-1214 |
no |
| host1.domain.com |
potential |
Network Connection Manager vulnerability |
Windows OS |
CVE-2005-2307 |
no |
| host1.domain.com |
potential |
Win2000 SP2 Security Rollup 1 not installed |
Windows OS |
CVE-1999-0662 |
no |
| host1.domain.com |
potential |
Windows 2000 SP4 Update Rollup 1 not applied |
Windows OS |
CVE-2005-3168 CVE-2005-3169 CVE-2005-3170 CVE-2005-3171 CVE-2005-3172 CVE-2005-3173 CVE-2005-3174 CVE-2005-3175 CVE-2005-3176 CVE-2005-3177 |
no |
| host1.domain.com |
potential |
Windows Media Player URL script execution |
Windows OS |
CVE-2003-1107 |
no |
| host1.domain.com |
potential |
potential vulnerability in WINS |
Windows OS |
CVE-2003-0825 |
no |
| host1.domain.com |
service |
17/TCP |
|
|
no |
| host1.domain.com |
service |
17/UDP |
|
|
no |
| host1.domain.com |
service |
42/TCP |
|
|
no |
| host1.domain.com |
service |
1027/TCP |
|
|
no |
| host1.domain.com |
service |
1028/TCP |
|
|
no |
| host1.domain.com |
service |
1031/UDP |
|
|
no |
| host1.domain.com |
service |
1033/TCP |
|
|
no |
| host1.domain.com |
service |
1035/UDP |
|
|
no |
| host1.domain.com |
service |
1036/TCP |
|
|
no |
| host1.domain.com |
service |
1037/UDP |
|
|
no |
| host1.domain.com |
service |
1038/TCP |
|
|
no |
| host1.domain.com |
service |
1039/TCP |
|
|
no |
| host1.domain.com |
service |
1041/UDP |
|
|
no |
| host1.domain.com |
service |
1043/UDP |
|
|
no |
| host1.domain.com |
service |
1645/UDP |
|
|
no |
| host1.domain.com |
service |
1646/UDP |
|
|
no |
| host1.domain.com |
service |
1701/UDP |
|
|
no |
| host1.domain.com |
service |
1723/TCP |
|
|
no |
| host1.domain.com |
service |
1755/TCP |
|
|
no |
| host1.domain.com |
service |
1755/UDP |
|
|
no |
| host1.domain.com |
service |
1813/UDP |
|
|
no |
| host1.domain.com |
service |
3372/TCP |
|
|
no |
| host1.domain.com |
service |
6666/TCP |
|
|
no |
| host1.domain.com |
service |
7007/TCP |
|
|
no |
| host1.domain.com |
service |
7778/TCP |
|
|
no |
| host1.domain.com |
service |
8081/TCP |
|
|
no |
| host1.domain.com |
service |
DNS |
|
|
no |
| host1.domain.com |
service |
IMAP |
|
|
no |
| host1.domain.com |
service |
POP |
|
|
no |
| host1.domain.com |
service |
SMB |
|
|
no |
| host1.domain.com |
service |
SMTP |
|
|
no |
| host1.domain.com |
service |
SNMP |
|
|
no |
| host1.domain.com |
service |
WWW |
|
|
no |
| host1.domain.com |
service |
WWW (Secure) |
|
|
no |
| host1.domain.com |
service |
WWW (non-standard port 8080) |
|
|
no |
| host1.domain.com |
service |
bootpc (68/UDP) |
|
|
no |
| host1.domain.com |
service |
bootps (67/UDP) |
|
|
no |
| host1.domain.com |
service |
chargen (19/TCP) |
|
|
no |
| host1.domain.com |
service |
chargen:UDP (19/UDP) |
|
|
no |
| host1.domain.com |
service |
daytime (13/TCP) |
|
|
no |
| host1.domain.com |
service |
daytime (13/UDP) |
|
|
no |
| host1.domain.com |
service |
discard (9/TCP) |
|
|
no |
| host1.domain.com |
service |
discard (9/UDP) |
|
|
no |
| host1.domain.com |
service |
domain (53/TCP) |
|
|
no |
| host1.domain.com |
service |
domain (53/UDP) |
|
|
no |
| host1.domain.com |
service |
echo (7/TCP) |
|
|
no |
| host1.domain.com |
service |
echo (7/UDP) |
|
|
no |
| host1.domain.com |
service |
epmap (135/TCP) |
|
|
no |
| host1.domain.com |
service |
epmap (135/UDP) |
|
|
no |
| host1.domain.com |
service |
isakmp (500/UDP) |
|
|
no |
| host1.domain.com |
service |
microsoft-ds (445/TCP) |
|
|
no |
| host1.domain.com |
service |
microsoft-ds (445/UDP) |
|
|
no |
| host1.domain.com |
service |
name (42/UDP) |
|
|
no |
| host1.domain.com |
service |
netbios-dgm (138/UDP) |
|
|
no |
| host1.domain.com |
service |
netbios-ns (137/UDP) |
|
|
no |
| host1.domain.com |
service |
printer (515/TCP) |
|
|
no |
| host1.domain.com |
service |
radius (1812/UDP) |
|
|
no |
| host1.domain.com |
info |
User: Administrator |
|
|
no |
| host1.domain.com |
info |
User: DHCP Administrators |
|
|
no |
| host1.domain.com |
info |
User: DHCP Users |
|
|
no |
| host1.domain.com |
info |
User: Guest |
|
|
no |
| host1.domain.com |
info |
User: IME_ADMIN |
|
|
no |
| host1.domain.com |
info |
User: IME_USER |
|
|
no |
| host1.domain.com |
info |
User: IUSR_HOST1 |
|
|
no |
| host1.domain.com |
info |
User: IWAM_HOST1 |
|
|
no |
| host1.domain.com |
info |
User: LDAP_Anonymous |
|
|
no |
| host1.domain.com |
info |
User: NetShow Administrators |
|
|
no |
| host1.domain.com |
info |
User: NetShowServices |
|
|
no |
| host1.domain.com |
info |
User: TsInternetUser |
|
|
no |
| host1.domain.com |
info |
User: WINS Users |
|
|
no |
| host1.domain.com |
info |
User: foobar |
|
|
no |
| host1.domain.com |
info |
Windows service: Alerter |
|
|
no |
| host1.domain.com |
info |
Windows service: COM+ Event System |
|
|
no |
| host1.domain.com |
info |
Windows service: Computer Browser |
|
|
no |
| host1.domain.com |
info |
Windows service: DHCP Client |
|
|
no |
| host1.domain.com |
info |
Windows service: DHCP Server |
|
|
no |
| host1.domain.com |
info |
Windows service: DNS Client |
|
|
no |
| host1.domain.com |
info |
Windows service: DNS Server |
|
|
no |
| host1.domain.com |
info |
Windows service: Distributed File System |
|
|
no |
| host1.domain.com |
info |
Windows service: Distributed Link Tracking Client |
|
|
no |
| host1.domain.com |
info |
Windows service: Distributed Transaction Coordinator |
|
|
no |
| host1.domain.com |
info |
Windows service: Event Log |
|
|
no |
| host1.domain.com |
info |
Windows service: FTP Publishing Service |
|
|
no |
| host1.domain.com |
info |
Windows service: IIS Admin Service |
|
|
no |
| host1.domain.com |
info |
Windows service: IPSEC Policy Agent |
|
|
no |
| host1.domain.com |
info |
Windows service: Internet Authentication Service |
|
|
no |
| host1.domain.com |
info |
Windows service: License Logging Service |
|
|
no |
| host1.domain.com |
info |
