Network Vulnerability Assessment Report
21.02.2007
Sorted by host names

Session name: OvisLink WL-5460CAMStart Time:21.02.2007 18:15:17
Finish Time:21.02.2007 18:27:48
Elapsed:0 day(s) 00:12:30
Total records generated:11
high severity:0
Medium severity:4
informational:7


Summary of scanned hosts

HostHolesWarningsOpen portsState
10.0.0.220042Finished


10.0.0.220

ServiceSeverityDescription
netbios-ns (137/tcp)
Info
Port is open
www (80/tcp)
Info
Port is open
www (80/tcp)
Medium

The remote host is hosting the Pod.Board CGI suite,
a set of PHP scripts designed to manage online forums.

There is a cross site scripting issue in this suite which
may allow an attacker to steal the cookies of your legitimate
users, by luring them into clicking on a rogue URL.

Solution : None at this time
Risk factor : Low / Medium
BID : 7933
www (80/tcp)
Medium

The remote host is using 12Planet Chat Server.

There is a bug in this software which makes it vulnerable to cross site
scripting attacks.

An attacker may use this bug to steal the credentials of the legitimate users
of this site.

Risk factor: Medium
CVE : CAN-2004-0678
BID : 10659
www (80/tcp)
Medium

The remote host is using InMail/InShop, a web applications written in Perl.

An implementation error in the validation of the user input specifically in
the script 'inmail.pl' in its 'acao' uri-argument and 'inshop.pl' in its
'screen' uri argument lead to an XSS vulnerability allowing a user to create
cross site attacks, also allowing theft of cookie-based authentication
credentials.

Solution : None at this time
Risk factor : Medium
CVE : CVE-2004-1196, CVE-2004-1197
BID : 11758
Other references : OSVDB:11704
www (80/tcp)
Medium

The remote host is running 'My Little Forum', a free CGI suite to manage
discussion forums.

This PHP/MySQL based forum suffers from a Cross Site Scripting vulnerability.
This can be exploited by including arbitrary HTML or even JavaScript code in
the parameters (forum_contact, category and page), which will be executed in
user's browser session when viewed.

Risk factor : Medium
www (80/tcp)
Info
The following CGI have been discovered :

Syntax : cginame (arguments [default value])

/goform/formLogin (f_LOGIN_NAME [] f_LOGIN_PASSWD [] B5 [Apply] B2 [Cancel] )

netbios-ns (137/tcp)
Info

Synopsis :

It is possible to obtain the network name of the remote host.

Description :

The remote host listens on udp port 137 and replies to NetBIOS nbtscan
requests. By sending a wildcard request it is possible to obtain the
name of the remote system and the name of its domain.

Risk factor :

None

Plugin output :

The following 7 NetBIOS names have been gathered :

WL-5460CAM = Computer name
WL-5460CAM = Messenger Service
WL-5460CAM = File Server Service
__MSBROWSE__ = Master Browser
WORKGROUP = Workgroup / Domain name
WORKGROUP = Master Browser
WORKGROUP = Browser Service Elections

This SMB server seems to be a SAMBA server (MAC address is NULL).
CVE : CVE-1999-0621
Other references : OSVDB:13577
www (80/tcp)
Info
A web server is running on this port
general/tcp
Info
The following ports were open at the beginning of the scan but are now closed:

Port 80 was detected as being open but is now closed.

This might be an availability problem related which might be due to the following reasons :

- The remote host is now down, either because a user turned it off during the scan
- A network outage has been experienced during the scan, and the remote
network cannot be reached from the Vulnerability Scanner any more
- This Vulnerability Scanner has been blacklisted by the system administrator
or by automatic intrusion detection/prevention systems which have detected the
vulnerability assessment.

In any case, the audit of the remote host might be incomplete and may need to
be done again

general/icmp
Info

Synopsis :

It is possible to determine the exact time set on the remote host.

Description :

The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.

This may help him to defeat all your time based authentication protocols.

Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).

Risk factor :

None / CVSS Base Score : 0
(AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N)

Plugin output :

The difference between the local and remote clocks is -87 seconds

CVE : CVE-1999-0524