[Nikto-discuss] help with nikto output results

Matt ~ aereal at gmail.com
Fri Jun 1 09:36:08 CDT 2012 

Maybe the responses from accessing a /scgi-bin/* folder, whether or not
exists are completely different from any other 404.

On Fri, Jun 1, 2012 at 5:50 AM, Jeff Cheng <iungltd at yahoo.com> wrote:

> hello
> can anyone help me with this: i use nikto to scan my site, and the output
> result show a lot of files that does not exist on my server, below are some
> of them:
>  i don't even have a scgi-bin folder.
>
> + OSVDB-11740: /scgi-bin/foxweb.dll: Foxweb 2.5 and below is vulnerable to
> a buffer overflow (not tested or confirmed). Verify Foxweb is the latest
> available version.******
> + OSVDB-11741: /scgi-bin/foxweb.exe: Foxweb 2.5 and below is vulnerable to
> a buffer overflow (not tested or confirmed). Verify Foxweb is the latest
> available version.****
> + /scgi-bin/mgrqcgi: This CGI from Magic Enterprise 8.30-5 and earlier is
> vulnerable to multiple buffer overflows. Upgrade to 9.x.****
> + OSVDB-3093: /scgi-bin/pollssi.cgi: This might be interesting... has been
> seen in web logs from an unknown scanner.****
> + OSVDB-3093: /scgi-bin/postcards.cgi: This might be interesting... has
> been seen in web logs from an unknown scanner.****
> + OSVDB-3093: /scgi-bin/profile.cgi: This might be interesting... has been
> seen in web logs from an unknown scanner.****
> + OSVDB-3093: /scgi-bin/quikstore.cfg: This might be interesting... has
> been seen in web logs from an unknown scanner.****
> + OSVDB-3093: /scgi-bin/register.cgi: This might be interesting... has
> been seen in web logs from an unknown scanner.****
> + OSVDB-3093: /scgi-bin/replicator/webpage.cgi/: This might be
> interesting... has been seen in web logs from an unknown scanner.****
> + OSVDB-3093: /scgi-bin/rightfax/fuwww.dll/?: This might be interesting...
> has been seen in web logs from an unknown scanner.****
> + OSVDB-3093: /scgi-bin/rmp_query: This might be interesting... has been
> seen in web logs from an unknown scanner.****
> + OSVDB-3093: /scgi-bin/robpoll.cgi: This might be interesting... has been
> seen in web logs from an unknown scanner.****
> + OSVDB-3093: /scgi-bin/scripts/*%0a.pl: This might be interesting... has
> been seen in web logs from an unknown scanner.****
> + OSVDB-3093: /scgi-bin/simplestguest.cgi: This might be interesting...
> has been seen in web logs from an unknown scanner.
>
> thanks!!!
>
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
>


-- 
Atte:
Matías Aereal Aeón
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20120601/9e1adb71/attachment-0001.html>

More information about the Nikto-discuss mailing list