<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="&#1;" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">

<meta name=Generator content="Microsoft Word 12 (filtered medium)">

<style>

<!--

 /* Font Definitions */

 @font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Tahoma;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

 /* Style Definitions */

 p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:11.0pt;

        font-family:"Calibri","sans-serif";}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

span.EmailStyle17

        {mso-style-type:personal-compose;

        font-family:"Calibri","sans-serif";

        color:windowtext;}

.MsoChpDefault

        {mso-style-type:export-only;}

@page Section1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.Section1

        {page:Section1;}

-->

</style>

<!--[if gte mso 9]><xml>

 <o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

 <o:shapelayout v:ext="edit">

  <o:idmap v:ext="edit" data="1" />

 </o:shapelayout></xml><![endif]-->

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal>I&#8217;m a newbie to nikto, have ran several scans and the

output has items like the ones below,<o:p></o:p></p>

<table class=MsoNormalTable border=1 cellpadding=0 width="95%"

 style='width:95.0%;background:#EEEEEE;border:solid black 1.0pt'>

 <tr>

  <td width=240 valign=top style='width:2.5in;border:none;padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><b><span style='font-family:"Tahoma","sans-serif";

  color:#000066'>URI</span></b><span style='font-family:"Tahoma","sans-serif";

  color:#000066'><o:p></o:p></span></p>

  </td>

  <td width=658 style='width:493.75pt;border:none;padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:#000066'>/forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22<o:p></o:p></span></p>

  </td>

 </tr>

 <tr>

  <td width=240 valign=top style='width:2.5in;border:none;padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><b><span style='font-family:"Tahoma","sans-serif";

  color:#000066'>HTTP Method</span></b><span style='font-family:"Tahoma","sans-serif";

  color:#000066'><o:p></o:p></span></p>

  </td>

  <td width=658 style='width:493.75pt;border:none;padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:#000066'>GET<o:p></o:p></span></p>

  </td>

 </tr>

 <tr>

  <td width=240 valign=top style='width:2.5in;border:none;padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><b><span style='font-family:"Tahoma","sans-serif";

  color:#000066'>Description</span></b><span style='font-family:"Tahoma","sans-serif";

  color:#000066'><o:p></o:p></span></p>

  </td>

  <td width=658 style='width:493.75pt;border:none;padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:#000066'>Web

  Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS).

  CA-2000-02.<o:p></o:p></span></p>

  </td>

 </tr>

 <tr>

  <td width=240 valign=top style='width:2.5in;border:none;padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><b><span style='font-family:"Tahoma","sans-serif";

  color:#000066'>Test Links</span></b><span style='font-family:"Tahoma","sans-serif";

  color:#000066'><o:p></o:p></span></p>

  </td>

  <td width=658 style='width:493.75pt;border:none;padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:#000066'>http://&#8221;mywebsite&#8221;/forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22<br>

  http:&#8221;mywebsiteIP&#8221;/forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22

  <o:p></o:p></span></p>

  </td>

 </tr>

 <tr>

  <td width=240 valign=top style='width:2.5in;border:none;padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><b><span style='font-family:"Tahoma","sans-serif";

  color:#000066'>OSVDB Entries</span></b><span style='font-family:"Tahoma","sans-serif";

  color:#000066'><o:p></o:p></span></p>

  </td>

  <td width=658 style='width:493.75pt;border:none;padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:#000066'>OSVDB-0

  <o:p></o:p></span></p>

  </td>

 </tr>

 <tr>

  <td width=240 valign=top style='width:2.5in;border:none;border-left:solid black 1.0pt;

  padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><b><span style='font-family:"Tahoma","sans-serif";

  color:#000066'>URI<o:p></o:p></span></b></p>

  </td>

  <td width=658 style='width:493.75pt;border:none;border-right:solid black 1.0pt;

  padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:#000066'>/scripts/dose.pl?daily&amp;somefile.txt&amp;|ls|<o:p></o:p></span></p>

  </td>

 </tr>

 <tr>

  <td width=240 valign=top style='width:2.5in;border:none;border-left:solid black 1.0pt;

  padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><b><span style='font-family:"Tahoma","sans-serif";

  color:#000066'>HTTP Method<o:p></o:p></span></b></p>

  </td>

  <td width=658 style='width:493.75pt;border:none;border-right:solid black 1.0pt;

  padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:#000066'>GET<o:p></o:p></span></p>

  </td>

 </tr>

 <tr>

  <td width=240 valign=top style='width:2.5in;border:none;border-left:solid black 1.0pt;

  padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><b><span style='font-family:"Tahoma","sans-serif";

  color:#000066'>Description<o:p></o:p></span></b></p>

  </td>

  <td width=658 style='width:493.75pt;border:none;border-right:solid black 1.0pt;

  padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:#000066'>DailyDose

  1.1 is vulnerable to a directory traversal attack in the 'list' parameter.<o:p></o:p></span></p>

  </td>

 </tr>

 <tr>

  <td width=240 valign=top style='width:2.5in;border:none;border-left:solid black 1.0pt;

  padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><b><span style='font-family:"Tahoma","sans-serif";

  color:#000066'>Test Links<o:p></o:p></span></b></p>

  </td>

  <td width=658 style='width:493.75pt;border:none;border-right:solid black 1.0pt;

  padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:#000066'>http://&#8221;mywebsite&#8221;/scripts/dose.pl?daily&amp;somefile.txt&amp;|ls|<br>

  http://&#8221;mywebsiteIP&#8221;/scripts/dose.pl?daily&amp;somefile.txt&amp;|ls|

  <o:p></o:p></span></p>

  </td>

 </tr>

 <tr>

  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:solid black 1.0pt;

  border-bottom:solid black 1.0pt;border-right:none;padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><b><span style='font-family:"Tahoma","sans-serif";

  color:#000066'>OSVDB Entries<o:p></o:p></span></b></p>

  </td>

  <td width=658 style='width:493.75pt;border-top:none;border-left:none;

  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:.75pt .75pt .75pt .75pt'>

  <p class=MsoNormal><span style='font-family:"Tahoma","sans-serif";color:#000066'>OSVDB-2799

  <o:p></o:p></span></p>

  </td>

 </tr>

</table>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal>How does one interpret this? do I have an actual vulnerability?<o:p></o:p></p>

<p class=MsoNormal><span style='font-size:9.0pt;color:#365F91'><o:p>&nbsp;</o:p></span></p>

</div>

<p>Notice: This email message, including any attachments, contains

information belonging to Trinity Industries, Inc. and its business

units.  It has been sent solely for the use of the intended

recipients and may be confidential, proprietary, copyrighted, and

legally privileged.  If you are not an intended recipient, please

advise the sender of the error and permanently delete all copies of

this email, including any copies that may reside in your deleted

box.  The unauthorized review, use, disclosure, distribution, or

copying of this email or its contents is strictly prohibited.</p>

</body>

</html>