<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="&#1;" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal>I&#8217;m a newbie to nikto, have ran several scans and the
output has items like the ones below,<o:p></o:p></p>

<table class=MsoNormalTable border=1 cellpadding=0 width="95%"
 style='width:95.0%;background:#EEEEEE;border:solid black 1.0pt'>
 <tr>
  <td width=240 valign=top style='width:2.5in;border:none;padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><b><span style='font-family:"Tahoma","sans-serif";
  color:#000066'>URI</span></b><span style='font-family:"Tahoma","sans-serif";
  color:#000066'><o:p></o:p></span></p>
  </td>
  <td width=658 style='width:493.75pt;border:none;padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:#000066'>/forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22<o:p></o:p></span></p>
  </td>
 </tr>
 <tr>
  <td width=240 valign=top style='width:2.5in;border:none;padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><b><span style='font-family:"Tahoma","sans-serif";
  color:#000066'>HTTP Method</span></b><span style='font-family:"Tahoma","sans-serif";
  color:#000066'><o:p></o:p></span></p>
  </td>
  <td width=658 style='width:493.75pt;border:none;padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:#000066'>GET<o:p></o:p></span></p>
  </td>
 </tr>
 <tr>
  <td width=240 valign=top style='width:2.5in;border:none;padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><b><span style='font-family:"Tahoma","sans-serif";
  color:#000066'>Description</span></b><span style='font-family:"Tahoma","sans-serif";
  color:#000066'><o:p></o:p></span></p>
  </td>
  <td width=658 style='width:493.75pt;border:none;padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:#000066'>Web
  Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS).
  CA-2000-02.<o:p></o:p></span></p>
  </td>
 </tr>
 <tr>
  <td width=240 valign=top style='width:2.5in;border:none;padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><b><span style='font-family:"Tahoma","sans-serif";
  color:#000066'>Test Links</span></b><span style='font-family:"Tahoma","sans-serif";
  color:#000066'><o:p></o:p></span></p>
  </td>
  <td width=658 style='width:493.75pt;border:none;padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:#000066'>http://&#8221;mywebsite&#8221;/forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22<br>
  http:&#8221;mywebsiteIP&#8221;/forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22
  <o:p></o:p></span></p>
  </td>
 </tr>
 <tr>
  <td width=240 valign=top style='width:2.5in;border:none;padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><b><span style='font-family:"Tahoma","sans-serif";
  color:#000066'>OSVDB Entries</span></b><span style='font-family:"Tahoma","sans-serif";
  color:#000066'><o:p></o:p></span></p>
  </td>
  <td width=658 style='width:493.75pt;border:none;padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:#000066'>OSVDB-0
  <o:p></o:p></span></p>
  </td>
 </tr>
 <tr>
  <td width=240 valign=top style='width:2.5in;border:none;border-left:solid black 1.0pt;
  padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><b><span style='font-family:"Tahoma","sans-serif";
  color:#000066'>URI<o:p></o:p></span></b></p>
  </td>
  <td width=658 style='width:493.75pt;border:none;border-right:solid black 1.0pt;
  padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:#000066'>/scripts/dose.pl?daily&amp;somefile.txt&amp;|ls|<o:p></o:p></span></p>
  </td>
 </tr>
 <tr>
  <td width=240 valign=top style='width:2.5in;border:none;border-left:solid black 1.0pt;
  padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><b><span style='font-family:"Tahoma","sans-serif";
  color:#000066'>HTTP Method<o:p></o:p></span></b></p>
  </td>
  <td width=658 style='width:493.75pt;border:none;border-right:solid black 1.0pt;
  padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:#000066'>GET<o:p></o:p></span></p>
  </td>
 </tr>
 <tr>
  <td width=240 valign=top style='width:2.5in;border:none;border-left:solid black 1.0pt;
  padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><b><span style='font-family:"Tahoma","sans-serif";
  color:#000066'>Description<o:p></o:p></span></b></p>
  </td>
  <td width=658 style='width:493.75pt;border:none;border-right:solid black 1.0pt;
  padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:#000066'>DailyDose
  1.1 is vulnerable to a directory traversal attack in the 'list' parameter.<o:p></o:p></span></p>
  </td>
 </tr>
 <tr>
  <td width=240 valign=top style='width:2.5in;border:none;border-left:solid black 1.0pt;
  padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><b><span style='font-family:"Tahoma","sans-serif";
  color:#000066'>Test Links<o:p></o:p></span></b></p>
  </td>
  <td width=658 style='width:493.75pt;border:none;border-right:solid black 1.0pt;
  padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:#000066'>http://&#8221;mywebsite&#8221;/scripts/dose.pl?daily&amp;somefile.txt&amp;|ls|<br>
  http://&#8221;mywebsiteIP&#8221;/scripts/dose.pl?daily&amp;somefile.txt&amp;|ls|
  <o:p></o:p></span></p>
  </td>
 </tr>
 <tr>
  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:solid black 1.0pt;
  border-bottom:solid black 1.0pt;border-right:none;padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><b><span style='font-family:"Tahoma","sans-serif";
  color:#000066'>OSVDB Entries<o:p></o:p></span></b></p>
  </td>
  <td width=658 style='width:493.75pt;border-top:none;border-left:none;
  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:.75pt .75pt .75pt .75pt'>
  <p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:#000066'>OSVDB-2799
  <o:p></o:p></span></p>
  </td>
 </tr>
</table>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal>How does one interpret this? do I have an actual vulnerability?<o:p></o:p></p>

<p class=MsoNormal><span style='font-size:9.0pt;color:#365F91'><o:p>&nbsp;</o:p></span></p>

</div>

<p>Notice: This email message, including any attachments, contains
information belonging to Trinity Industries, Inc. and its business
units.  It has been sent solely for the use of the intended
recipients and may be confidential, proprietary, copyrighted, and
legally privileged.  If you are not an intended recipient, please
advise the sender of the error and permanently delete all copies of
this email, including any copies that may reside in your deleted
box.  The unauthorized review, use, disclosure, distribution, or
copying of this email or its contents is strictly prohibited.</p>
</body>

</html>