Part 1: Vulnerabilities List

The following table summarizes a set of vulnerabilities, and casts data about them into DOVES format. Where the entries have corresponding DOVES entries, we've put a pointer to them.
No. Vulnerability Name Vulnerability Class Description
1 BackOrifice Backdoors Back Orifice default installation
2 Getadmin Present Backdoors GetAdmin utility present
3 NetBus Backdoors NetBus trojan horse allows complete remote control of Windows systems
4 defrexec Brute Force Rexec default account accessible
5 deftel Brute Force Telnet default account accessible
6 TelnetOpen Brute Force Telnet available with no login
7 Aglimpse CGI-Bin Glimpse HTTP aglimpse remote execution vulnerability
8 AnyForm CGI-Bin AnyForm CGI script allows remote execution of arbitrary commands
9 Campas CGI-Bin Campas cgi-bin file executes remote commands
10 CGI Textcounter CGI-Bin Textcounter CGI program allows remote command execution
11 cgiexec CGI-Bin CGI program executed an arbitrary command
12 FormMailExec CGI-Bin FormMail remote execution
13 GuestBookCheck CGI-Bin Guestbook could allow execut...
14 HTTP Glimpse Vulnerability CGI-Bin Glimpse HTTP aglimpse remote execution vulnerability
15 PHPBufferOverflow CGI-Bin php.cgi buffer overflow
16 vulncgi CGI-Bin CGI-BIN programs vulnerable
17 vulnphf CGI-Bin Phone book CGI phf allows remote execution of arbitrary commands
18 rlogin Daemons Rlogin -froot command could allow remote root access
19 tftp Daemons TFTP
20 popimap E-mail Popd buffer overflow vulnerability (second writeup)
21 smtp_outdated E-mail Sendmail daemon outdated
22 ftppwless FTP FTP daemon with no password
23 nfswrite NFS NFS writable
24 accountblankpw NT Critical Issue User account has blank password
25 accountuserpw NT Critical Issue User account has a password the same as the account name
26 adminblankpw NT Critical Issue Administrator account has blank password
27 adminnopw NT Critical Issue Administrator has no password
28 adminuserpw NT Critical Issue Administrator username same as password
29 winreg NT Registry Registry access unrestricted...
30 rshsvc NT Services Windows NT rsh service Running
31 Service User Pwd NT Services Windows NT service user password found
32 rexd RPC Rexd running
33 rpcstatd RPC RPC statd remote file creation and removal
34 rpcupdate RPC RPC ypupdated daemon allows remote commands execution as root
35 ToolTalk Overflow RPC CDE rpc.ttdbserver daemon allows root access
36 All Access NetBIOS share found Shares SMB share full access
37 nbperm Shares NetBIOS permutations attack vulnerability
38 Writable NetBIOS share Shares NetBIOS share writable
39 Apache cookie Web Scan Apache cookies buffer overflow
40 CgiPerlMailPrograms Web Scan CGI Perl mail program allow execution of arbitrary commands
41 ColdFusionEvaluator Web Scan ColdFusion Expression Evaluator allows remote file manipulation, including creation
42 Handler Check Web Scan IRIX handler CGI allows remote command execution
43 httpd Web Scan HTTP (WWW server) port active
44 httppassword Web Scan HTTP basic authorization password guessed
45 IIS RDS Web Scan IIS unauthorized ODBC data access with RDS
46 iiscmd Web Scan Win32 web servers could allow remote command execution through .CMD and .BAT files
47 Uploader Web Scan WebSite 1.1 uploader vulnerability
48 Webdist Web Scan SGI Webdist CGI script allow remote command execution
49 xcheck X Windows Open X display
50 Port 1524 Scan Port Scan NASA Specific: Scan for open port 1524

We suspect several, if not all, of the names of the vulnerabilities on our list are derived from the output of the ISS vulnerability scanner. See the URL http://www.softek.co.jp/NAS/iss/is_item.html (we don't provide a link because this site has some snazzy graphics that produce a black screen with the word Vulnerabilities, and nothing else, on some browsers; but if you load the page separately, it works fine).