Overview:
vsftpd is prone to a backdoor vulnerability.
Attackers can exploit this issue to execute arbitrary commands in the
context of the application. Successful attacks will compromise the
affected application.
The vsftpd 2.3.4 source package is affected.
Solution:
The repaired package can be downloaded from
https://security.appspot.com/vsftpd.html. Please validate the package
with its signature.
References:
http://www.securityfocus.com/bid/48539
http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html
https://security.appspot.com/vsftpd.html
http://vsftpd.beasts.org/

  Overview: The host is running ProFTPD and is prone to multiple vulnerabilities.
  Vulnerability Insight:
  - An input validation error within the 'mod_site_misc' module can be exploited
    to create and delete directories, create symlinks, and change the time of
    files located outside a writable directory.
  - A logic error within the 'pr_netio_telnet_gets()' function in 'src/netio.c'
    when processing user input containing the Telnet IAC escape sequence can be
    exploited to cause a stack-based buffer overflow by sending specially
    crafted input to the FTP or FTPS service.
  Impact:
  Successful exploitation may allow execution of arbitrary code or cause a
  denial-of-service.
  Impact Level: Application
  Affected Software/OS:
  ProFTPD versions prior to 1.3.3c
  Fix: Upgrade to ProFTPD version 1.3.3c or later,
  For updates refer, http://www.proftpd.org/
  References:
  http://secunia.com/advisories/42052
  http://bugs.proftpd.org/show_bug.cgi?id=3519
  http://bugs.proftpd.org/show_bug.cgi?id=3521
  http://www.zerodayinitiative.com/advisories/ZDI-10-229/ 

Overview:
vsftpd is prone to a backdoor vulnerability.
Attackers can exploit this issue to execute arbitrary commands in the
context of the application. Successful attacks will compromise the
affected application.
The vsftpd 2.3.4 source package is affected.
Solution:
The repaired package can be downloaded from
https://security.appspot.com/vsftpd.html. Please validate the package
with its signature.
References:
http://www.securityfocus.com/bid/48539
http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html
https://security.appspot.com/vsftpd.html
http://vsftpd.beasts.org/

  Overview: This host is running ProFTPD Server and is prone to remote
  SQL Injection vulnerability.
  Vulnerability Insight:
  This flaw occurs because the server performs improper input sanitising,
  - when a %(percent) character is passed in the username, a single quote
    (') gets introduced during variable substitution by mod_sql and this
    eventually allows for an SQL injection during login.
  - when NLS support is enabled, a flaw in variable substition feature in
    mod_sql_mysql and mod_sql_postgres may allow an attacker to bypass
    SQL injection protection mechanisms via invalid, encoded multibyte
    characters.
  Impact:
  Successful exploitation will allow remote attackers to execute arbitrary
  SQL commands, thus gaining access to random user accounts.
  Affected Software/OS:
  ProFTPD Server version 1.3.1 through 1.3.2rc2
  Fix:
  Upgrade to the latest version 1.3.2rc3,
  http://www.proftpd.org/
  References:
  http://www.milw0rm.com/exploits/8037
  http://www.securityfocus.com/archive/1/archive/1/500833/100/0/threaded
  http://www.securityfocus.com/archive/1/archive/1/500851/100/0/threaded

Overview:
ProFTPD is prone to a security-bypass vulnerability because the
application fails to properly validate the domain name in a signed CA
certificate, allowing attackers to substitute malicious SSL
certificates for trusted ones.
Successful exploits allows attackers to perform man-in-the-
middle attacks or impersonate trusted servers, which will aid in
further attacks.
Versions prior to ProFTPD 1.3.2b and 1.3.3 to 1.3.3.rc1 are vulnerable.
Solution:
Updates are available. Please see the references for details.
References:
http://www.securityfocus.com/bid/36804
http://bugs.proftpd.org/show_bug.cgi?id=3275
http://www.proftpd.org

Overview:
Apache is prone to multiple vulnerabilities.
These issues may lead to information disclosure or other attacks.
Apache versions prior to 2.2.15-dev are affected.
Solution:
These issues have been addressed in Apache 2.2.15-dev. Apache 2.2.15
including fixes will become available in the future as well. Please
see the references for more information.
References:
http://www.securityfocus.com/bid/38494
http://httpd.apache.org/security/vulnerabilities_22.html
http://httpd.apache.org/
https://issues.apache.org/bugzilla/show_bug.cgi?id=48359
http://svn.apache.org/viewvc?view=revision&revision=917870

PHP version smaller than 5.2.14 suffers vulnerability.
Solution:
Update PHP to version 5.2.14 or later.

PHP version smaller than 5.2.7 suffers vulnerability.
Solution:
Update PHP to version 5.2.7 or later.

PHP version smaller than 5.2.11 suffers vulnerability.
Solution:
Update PHP to version 5.2.11 or later.

PHP version smaller than 5.3.1 suffers vulnerability.
Solution:
Update PHP to version 5.3.1 or later.

PHP version smaller than 5.2.8 suffers vulnerability.
Solution:
Update PHP to version 5.2.8 or later.

PHP version smaller than 5.3.4 suffers vulnerability.
Solution:
Update PHP to version 5.3.4 or later.

PHP version smaller than 5.3.3 suffers vulnerability.
Solution:
Update PHP to version 5.3.3 or later.

PHP version smaller than 5.2.6 suffers vulnerability.
Solution:
Update PHP to version 5.2.6 or later.

PHP version smaller than 5.2.9 suffers vulnerability.
Solution:
Update PHP to version 5.2.9 or later.

Overview:
TikiWiki is prone to multiple unspecified vulnerabilities, including:
- An unspecified SQL-injection vulnerability
- An unspecified authentication-bypass vulnerability
- An unspecified vulnerability
Exploiting these issues could allow an attacker to compromise the
application, access or modify data, exploit latent vulnerabilities in
the underlying database, and gain unauthorized access to the affected
application. Other attacks are also possible.
Versions prior to TikiWiki 4.2 are vulnerable.
Solution:
The vendor has released an advisory and fixes. Please see the
references for details.
References:
http://www.securityfocus.com/bid/38608
http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=24734
http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25046
http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25424
http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25435
http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases
http://info.tikiwiki.org/tiki-index.php?page=homepage

Overview:
When PHP is used in a CGI-based setup (such as Apache's mod_cgid), the
php-cgi receives a processed query string parameter as command line
arguments which allows command-line switches, such as -s, -d or -c to be
passed to the php-cgi binary, which can be exploited to disclose source
code and obtain arbitrary code execution.
An example of the -s command, allowing an attacker to view the source code
of index.php is below:
http://localhost/index.php?-s
References:
http://www.h-online.com/open/news/item/Critical-open-hole-in-PHP-creates-risks-Update-1567↵
532.html
http://www.kb.cert.org/vuls/id/520827
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
https://bugs.php.net/bug.php?id=61910
http://www.php.net/manual/en/security.cgi-bin.php

Synopsis :
Debugging functions are enabled on the remote HTTP server.
Description :
The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.   
It has been shown that servers supporting this method are subject to
cross-site-scripting attacks, dubbed XST for "Cross-Site-Tracing", when
used in conjunction with various weaknesses in browsers. 
An attacker may use this flaw to trick your legitimate web users to give
him their credentials. 
Solution :
Disable these methods.
See also :
http://www.kb.cert.org/vuls/id/867593
Plugin output :
Solution : 
Add the following lines for each virtual host in your configuration file :
    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]

PHP version smaller than 5.2.5 suffers vulnerability.
Solution:
Update PHP to version 5.2.5 or later.

  Overview: The host is running SMB/NETBIOS and prone to authentication
  bypass Vulnerability
  Vulnerability Insight:
  The flaw is caused due to an SMB share, allows full access to Guest users.
  If the Guest account is enabled, anyone can access the computer without a
  valid user account or password.
  Impact:
  Successful exploitation could allow attackers to use shares to cause the
  system to crash.
  Impact Level: System
  Affected Software/OS:
  Microsoft Windows 95
  Microsoft Windows 98
  Microsoft Windows NT
  Fix: No solution or patch is available as on 11th October, 2011. Information
  regarding this issue will be updated once the solution details are available.
  For updates refer, http://sourceforge.net/projects/nfs/files/nfs-utils/
  workaround:
  1 Disable null session login.
  2 Remove the share.
  3 Enable passwords on the share.
  References:
  http://xforce.iss.net/xforce/xfdb/2
  http://seclab.cs.ucdavis.edu/projects/testing/vulner/38.html 

  Overview: The host is running MySQL and is prone to Multiple Format String
  vulnerabilities.
  Vulnerability Insight:
  The flaws are due to error in the 'dispatch_command' function in sql_parse.cc
  in libmysqld/ which can caused via format string specifiers in a database name
  in a 'COM_CREATE_DB' or 'COM_DROP_DB' request.
  Impact:
  Successful exploitation could allow remote authenticated users to cause a Denial
  of Service and possibly have unspecified other attacks.
  Impact Level: Application
  Affected Software/OS:
  MySQL version 4.0.0 to 5.0.83 on all running platform.
  Fix: Upgrade to MySQL version 5.1.36 or later
  http://dev.mysql.com/downloads
  References:
  http://www.osvdb.org/55734
  http://secunia.com/advisories/35767
  http://xforce.iss.net/xforce/xfdb/51614
  http://www.securityfocus.com/archive/1/archive/1/504799/100/0/threaded

Overview:
MySQL 5.0.51a is prone to an unspecified remote code-execution
vulnerability.
Very few technical details are currently available.
An attacker can leverage this issue to execute arbitrary code within
the context of the vulnerable application. Failed exploit attempts
will result in a denial-of-service condition.
This issue affects MySQL 5.0.51a; other versions may also be
vulnerable.
References:
http://www.securityfocus.com/bid/37640
http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html
http://www.mysql.com/
http://intevydis.com/mysql_demo.html

  Overview: The host is running MySQL and is prone to Buffer overflow
  Vulnerability
  Vulnerability Insight:
  The flaw is due to an error in application that allows remote attackers to
  execute arbitrary code via unspecified vectors
  Impact:
  Successful exploitation could allow attackers to execute arbitrary code.
  Impact Level: Application
  Affected Software/OS:
  MySQL Version 5.0.51a On Linux
  Fix: No solution/patch is available as on 31st December, 2009. Information
  regarding this issue will be updated once the solution details are available
  For Updates Refer, http://dev.mysql.com/downloads
  References:
  http://intevydis.com/vd-list.shtml
  http://www.intevydis.com/blog/?p=57

  Overview: The host is running MySQL and is prone to Denial Of Service
  and Spoofing Vulnerabilities
  Vulnerability Insight:
  The flaws are due to:
  - mysqld does not properly handle errors during execution of certain SELECT
    statements with subqueries, and does not preserve certain null_value flags
    during execution of statements that use the 'GeomFromWKB()' function.
  - An error in 'vio_verify_callback()' function in 'viosslfactories.c', when
    OpenSSL is used, accepts a value of zero for the depth of X.509 certificates.
  Impact:
  Successful exploitation could allow users to cause a Denial of Service and
  man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via
  a crafted certificate.
  Impact Level: Application
  Affected Software/OS:
  MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 on all running platform.
  Fix: Upgrade to MySQL version 5.0.88 or 5.1.41
  For Updates Refer, http://dev.mysql.com/downloads
  References:
  http://bugs.mysql.com/47780
  http://bugs.mysql.com/47320
  http://marc.info/?l=oss-security&m=125881733826437&w=2
  http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html

  Overview: The host is running MySQL and is prone to multiple vulnerabilities.
  Vulnerability Insight:
  The flaws are due to:
  - An error in 'my_net_skip_rest()' function in 'sql/net_serv.cc' when handling
    a large number of packets that exceed the maximum length, which allows remote
    attackers to cause a denial of service (CPU and bandwidth consumption).
  - buffer overflow when handling 'COM_FIELD_LIST' command with a long
    table name, allows remote authenticated users to execute arbitrary code.
  - directory traversal vulnerability when handling a '..' (dot dot) in a
    table name, which allows remote authenticated users to bypass intended
    table grants to read field definitions of arbitrary tables.
  Impact:
  Successful exploitation could allow users to cause a denial of service and
  to execute arbitrary code.
  Impact Level: Application
  Affected Software/OS:
  MySQL 5.0.x before 5.0.91 and 5.1.x before 5.1.47 on all running platform.
  Fix: Upgrade to MySQL version 5.0.91 or 5.1.47,
  For Updates Refer, http://dev.mysql.com/downloads
  References:
  http://securitytracker.com/alerts/2010/May/1024031.html
  http://securitytracker.com/alerts/2010/May/1024033.html
  http://securitytracker.com/alerts/2010/May/1024032.html
  http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html
  http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html 

Overview:
MySQL is prone to a security-bypass vulnerability and to to a local
privilege-escalation vulnerability.
An attacker can exploit the security-bypass issue to bypass certain
security restrictions and obtain sensitive information that may lead
to further attacks.
Local attackers can exploit the local privilege-escalation issue to
gain elevated privileges on the affected computer.
Versions prior to MySQL 5.1.41 are vulnerable.
Solution:
Updates are available. Please see the references for details.
References:
http://www.securityfocus.com/bid/37076
http://www.securityfocus.com/bid/37075
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
http://www.mysql.com/

  Overview: The host is running a Database server and is prone to information
  disclosure vulnerability.
  Vulnerability Insight:
  The flaw is caused due to not restricting direct access of databases to the
  remote systems.
  Impact:
  Successful exploitation could allow an attacker to obtain the sensitive
  information of the database.
  Impact Level: Application
  Affected Software/OS:
  MySQL
  IBM DB2
  PostgreSQL
  IBM solidDB
  Oracle Database
  Microsoft SQL Server
  Workaround:
  Restrict Database access to remote systems.
  References:
  https://www.pcisecuritystandards.org/security_standards/index.php?id=pci_dss_v1-2.pdf 

  Overview: The host is running MySQL and is prone to Access Restrictions Bypass
  Vulnerability
  Vulnerability Insight:
  The flaw is due to an error in 'sql/sql_table.cc', when the data home directory
  contains a symlink to a different filesystem.
  Impact:
  Successful exploitation could allow users to bypass intended access restrictions
  by calling CREATE TABLE with  DATA DIRECTORY or INDEX DIRECTORY argument referring
  to a subdirectory.
  Impact Level: Application
  Affected Software/OS:
  MySQL 5.0.x before 5.0.88, 5.1.x before 5.1.41, 6.0 before 6.0.9-alpha
  Fix: Upgrade to MySQL version 5.0.88 or 5.1.41 or 6.0.9-alpha
  For Updates Refer, http://dev.mysql.com/downloads
  References:
  http://lists.mysql.com/commits/59711
  http://bugs.mysql.com/bug.php?id=39277
  http://marc.info/?l=oss-security&m=125908040022018&w=2

Overview:
MySQL is prone to a buffer-overflow vulnerability because if fails to
perform adequate boundary checks on user-supplied data.
An attacker can leverage this issue to execute arbitrary code within
the context of the vulnerable application. Failed exploit attempts
will result in a denial-of-service condition.
This issue affects MySQL 5.x; other versions may also be vulnerable.
References:
http://www.securityfocus.com/bid/36242
http://www.mysql.com/
http://intevydis.com/company.shtml

Here is the export list of 192.168.56.3 : 
/ *

  Overview: The host is running ProFTPD and is prone to multiple vulnerabilities.
  Vulnerability Insight:
  - An input validation error within the 'mod_site_misc' module can be exploited
    to create and delete directories, create symlinks, and change the time of
    files located outside a writable directory.
  - A logic error within the 'pr_netio_telnet_gets()' function in 'src/netio.c'
    when processing user input containing the Telnet IAC escape sequence can be
    exploited to cause a stack-based buffer overflow by sending specially
    crafted input to the FTP or FTPS service.
  Impact:
  Successful exploitation may allow execution of arbitrary code or cause a
  denial-of-service.
  Impact Level: Application
  Affected Software/OS:
  ProFTPD versions prior to 1.3.3c
  Fix: Upgrade to ProFTPD version 1.3.3c or later,
  For updates refer, http://www.proftpd.org/
  References:
  http://secunia.com/advisories/42052
  http://bugs.proftpd.org/show_bug.cgi?id=3519
  http://bugs.proftpd.org/show_bug.cgi?id=3521
  http://www.zerodayinitiative.com/advisories/ZDI-10-229/ 

  Overview: This host is running ProFTPD Server and is prone to remote
  SQL Injection vulnerability.
  Vulnerability Insight:
  This flaw occurs because the server performs improper input sanitising,
  - when a %(percent) character is passed in the username, a single quote
    (') gets introduced during variable substitution by mod_sql and this
    eventually allows for an SQL injection during login.
  - when NLS support is enabled, a flaw in variable substition feature in
    mod_sql_mysql and mod_sql_postgres may allow an attacker to bypass
    SQL injection protection mechanisms via invalid, encoded multibyte
    characters.
  Impact:
  Successful exploitation will allow remote attackers to execute arbitrary
  SQL commands, thus gaining access to random user accounts.
  Affected Software/OS:
  ProFTPD Server version 1.3.1 through 1.3.2rc2
  Fix:
  Upgrade to the latest version 1.3.2rc3,
  http://www.proftpd.org/
  References:
  http://www.milw0rm.com/exploits/8037
  http://www.securityfocus.com/archive/1/archive/1/500833/100/0/threaded
  http://www.securityfocus.com/archive/1/archive/1/500851/100/0/threaded

  Overview : The host is running ProFTPD Server, which is prone to cross-site 
  request forgery vulnerability.
  Vulnerability Insight :
  The flaw exists due to the application truncating an overly long FTP command,
  and improperly interpreting the remainder string as a new FTP command.
  Impact : This can be exploited to execute arbitrary FTP commands on another
  user's session privileges.
  Impact Level : Application
  Affected Software/OS :
  ProFTPD Project versions 1.2.x on Linux
  ProFTPD Project versions 1.3.x on Linux
 
  Fix : Fixed is available in the SVN repository,
  http://www.proftpd.org/cvs.html
  *****
  NOTE : Ignore this warning, if above mentioned fix is applied already.
  *****
  References :
  http://secunia.com/advisories/31930/
  http://bugs.proftpd.org/show_bug.cgi?id=3115

Overview:
ProFTPD is prone to a security-bypass vulnerability because the
application fails to properly validate the domain name in a signed CA
certificate, allowing attackers to substitute malicious SSL
certificates for trusted ones.
Successful exploits allows attackers to perform man-in-the-
middle attacks or impersonate trusted servers, which will aid in
further attacks.
Versions prior to ProFTPD 1.3.2b and 1.3.3 to 1.3.3.rc1 are vulnerable.
Solution:
Updates are available. Please see the references for details.
References:
http://www.securityfocus.com/bid/36804
http://bugs.proftpd.org/show_bug.cgi?id=3275
http://www.proftpd.org

Overview:
It was possible to login into the remote host using default credentials.
Solution:
Change the password as soon as possible.
It was possible to login with the following credentials <User>:<Password>
user:user

Overview:
Apache Tomcat is prone to multiple remote vulnerabilities including
information-disclosure and denial-of-service issues.
Remote attackers can exploit these issues to cause denial-of-service
conditions or gain access to potentially sensitive information;
information obtained may lead to further attacks.
The following versions are affected:
Tomcat 5.5.0 to 5.5.29 Tomcat 6.0.0 to 6.0.27 Tomcat 7.0.0
Tomcat 3.x, 4.x, and 5.0.x may also be affected.
Solution:
The vendor released updates. Please see the references for more
information.
References:
https://www.securityfocus.com/bid/41544
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/
http://www.securityfocus.com/archive/1/512272

Overview:
Apache Tomcat is prone to a directory-traversal vulnerability and to
an authentication-bypass vulnerability.
Exploiting this issue allows attackers to delete arbitrary files
within the context of the current working directory or gain
unauthorized access to files and directories..
The following versions are affected:
Tomcat 5.5.0 through 5.5.28 
Tomcat 6.0.0 through 6.0.20
Solution:
The vendor has released updates. Please see the references for
details.
References:
http://www.securityfocus.com/bid/37945
http://www.securityfocus.com/bid/37944
http://www.securityfocus.com/bid/37942
http://tomcat.apache.org/
http://svn.apache.org/viewvc?view=revision&revision=892815
http://svn.apache.org/viewvc?view=revision&revision=902650

This X server does *not* allow any client to connect to it
however it is recommended that you filter incoming connections
to this port as attacker may send garbage data and slow down
your X session or even kill the server.
Here is the server version : 11.0
Here is the message we received : Client is not authorized
Solution : filter incoming connections to ports 6000-6009

Overview:
ISC BIND is prone to a remote denial-of-service vulnerability because
the application fails to properly handle specially crafted dynamic
update requests.
Successfully exploiting this issue allows remote attackers to crash
affected DNS servers, denying further service to legitimate users.
Versions prior to BIND 9.4.3-P3, 9.5.1-P3, and 9.6.1-P1 are
vulnerable.
Solution:
The vendor released an advisory and fixes to address this issue.
Please see the references for more information.
References:
http://www.securityfocus.com/bid/35848
https://bugzilla.redhat.com/show_bug.cgi?id=514292
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975
http://www.isc.org/products/BIND/
https://www.isc.org/node/474
http://www.kb.cert.org/vuls/id/725188
** It seems that OpenVAS was not able to crash the remote Bind.
According to its version number the remote version of BIND is
anyway vulnerable.
Please check its status right now.

  Overview:
   
   Rexecd Service is running at this Host.
   Rexecd (Remote Process Execution) has the same kind of functionality
   that rsh has : you can execute shell commands on a remote computer.
   The main difference is that rexecd authenticate by reading the
   username and password *unencrypted* from the socket.
  Solution:
   Disable rexec Service.

  Overview: The host is running ProFTPD and is prone to denial of service
  vulnerability.
  Vulnerability Insight:
  The flaw is caused due to an error in 'pr_data_xfer()' function which allows
  remote authenticated users to cause a denial of service (CPU consumption)
  via an ABOR command during a data transfer.
  Impact:
  Successful exploitation will let the attackers to cause a denial of service.
  Impact Level: Application
  Affected Software/OS:
  ProFTPD versions prior to 1.3.2rc3
  Fix: Upgrade to ProFTPD version 1.3.2rc3 or later,
  For updates refer, http://www.proftpd.org/
  References:
  http://bugs.proftpd.org/show_bug.cgi?id=3131 

  Overview: The host is running TCP services and is prone to denial of service
  vulnerability.
  Vulnerability Insight:
  The flaw is triggered when spoofed TCP Reset packets are received by the
  targeted TCP stack and will result in loss of availability for the attacked
  TCP services.
  Impact:
  Successful exploitation will allow remote attackers to guess sequence numbers
  and cause a denial of service to persistent TCP connections by repeatedly
  injecting a TCP RST packet.
  Impact Level: System
  Affected Software/OS:
  TCP
  Fix: Please see the referenced advisories for more information on obtaining
  and applying fixes.
  References:
  http://www.osvdb.org/4030
  http://xforce.iss.net/xforce/xfdb/15886
  http://www.us-cert.gov/cas/techalerts/TA04-111A.html
  http://www-01.ibm.com/support/docview.wss?uid=isg1IY55949
  http://www-01.ibm.com/support/docview.wss?uid=isg1IY55950
  http://www-01.ibm.com/support/docview.wss?uid=isg1IY62006
  http://www.microsoft.com/technet/security/Bulletin/MS05-019.mspx
  http://www.microsoft.com/technet/security/bulletin/ms06-064.mspx
  http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-nonios.html
  http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-nonios.html 

The /doc directory is browsable.
/doc shows the content of the /usr/doc directory and therefore it shows which programs and↵
 - important! - the version of the installed programs.
Solution : Use access restrictions for the /doc directory.
If you use Apache you might use this in your access.conf:
 <Directory /usr/doc>
 AllowOverride None
 order deny,allow
 deny from all
 allow from localhost
 </Directory>

Overview:
awiki is prone to multiple local file-include vulnerabilities because
it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to obtain potentially
sensitive information and execute arbitrary local scripts in the
context of the webserver process. This may allow the attacker to
compromise the application and the computer; other attacks are
also possible.
awiki 20100125 is vulnerable; other versions may also be affected.
References:
http://www.securityfocus.com/bid/49187
http://www.kobaonline.com/awiki/

  Overview: The host is running phpMyAdmin and is prone to Cross-Site Scripting
  Vulnerability.
  Vulnerability Insight:
  The flaw is caused by input validation errors in the 'error.php' script when
  processing crafted BBcode tags containing '@' characters, which could allow
  attackers to inject arbitrary HTML code within the error page and conduct
  phishing attacks.
  Impact:
  Successful exploitation will let the attackers to inject arbitrary HTML code
  within the error page and conduct phishing attacks.
  Impact Level: Application
  Affected Software/OS:
  phpMyAdmin version 3.3.8.1 and prior.
  Fix: No solution or patch is available as on 10th December, 2010. Information
  regarding this issue will be updated once the solution details are available.
  For updates refer, http://www.phpmyadmin.net/home_page/downloads.php
  References:
  http://www.exploit-db.com/exploits/15699/
  http://www.vupen.com/english/advisories/2010/3133 

  Overview: The host is running TWiki and is prone to cross site scripting
  vulnerability.
  Vulnerability Insight:
  The flaw is caused due to an improper validation of user-supplied input
  to the 'organization' field when registering or editing a user, which allows
  attackers to execute arbitrary HTML and script code in a user's browser
  session in the context of an affected site.
  Impact:
  Successful exploitation will allow remote attackers to insert arbitrary HTML
  and script code, which will be executed in a user's browser session in the
  context of an affected site.
  Impact Level: Application
  Affected Software/OS:
  TWiki version 5.1.1 and prior
  Fix: No solution or patch is available as on 21st March, 2012. Information
  regarding this issue will be updated once the solution details are available.
  For updates refer, http://twiki.org/cgi-bin/view/Codev/DownloadTWiki
  References:
  http://osvdb.org/78664
  http://secunia.com/advisories/47784
  http://xforce.iss.net/xforce/xfdb/72821
  http://www.securitytracker.com/id?1026604
  http://www.securityfocus.com/bid/51731/info
  http://packetstormsecurity.org/files/109246/twiki-xss.txt 

  Overview: This host is running Apache HTTP Server and is prone to cookie
  information disclosure vulnerability.
  Vulnerability Insight:
  The flaw is caused due to an error within the default error response for
  status code 400 when no custom ErrorDocument is configured, which can be
  exploited to expose 'httpOnly' cookies.
  Impact:
  Successful exploitation will allow attackers to obtain sensitive information
  that may aid in further attacks.
  Impact Level: Application
  Affected Software/OS:
  Apache HTTP Server versions 2.2.0 through 2.2.21
  Fix: Upgrade to Apache HTTP Server version 2.2.22 or later,
  For updates refer, http://httpd.apache.org/
  References:
  http://osvdb.org/78556
  http://secunia.com/advisories/47779
  http://www.exploit-db.com/exploits/18442
  http://rhn.redhat.com/errata/RHSA-2012-0128.html
  http://httpd.apache.org/security/vulnerabilities_22.html
  http://svn.apache.org/viewvc?view=revision&revision=1235454
  http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html 

The following files are calling the function phpinfo() which
disclose potentially sensitive information to the remote attacker : 
/phpinfo.php
/mutillidae/phpinfo.php
Solution : Delete them or restrict access to them

Overview:
Samba is prone to a remote denial-of-service vulnerability.
A remote attacker can exploit this issue to crash the affected
application, denying service to legitimate users.
Samba 3.4.5 and earlier are vulnerable.
References:
http://www.securityfocus.com/bid/38326
http://git.samba.org/?p=samba.git;a=commit;h=a065c177dfc8f968775593ba00dffafeebb2e054
http://us1.samba.org/samba/

 Overview:
  According to its version number, the remote version of MySQL is
  prone to a security-bypass vulnerability.
  An attacker can exploit this issue to gain access to table files created by
  other users, bypassing certain security restrictions.
  NOTE 1: This issue was also assigned CVE-2008-4097 because
  CVE-2008-2079 was incompletely fixed, allowing symlink attacks.
  NOTE 2: CVE-2008-4098 was assigned because fixes for the vector
  described in CVE-2008-4097 can also be bypassed.
  This issue affects versions prior to MySQL 4 (prior to 4.1.24) and
  MySQL 5 (prior to 5.0.60). 
 Solution:
  Updates are available. Update to newer Version.
 See also:
  http://www.securityfocus.com/bid/29106

Overview:
MySQL is prone to a denial-of-service vulnerability.
An attacker can exploit these issues to crash the database, denying
access to legitimate users.
This issues affect versions prior to MySQL 5.1.49.
Solution:
Updates are available. Please see the references for more information.
References:
https://www.securityfocus.com/bid/42598
http://bugs.mysql.com/bug.php?id=54044
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
http://www.mysql.com/

Overview:
MySQL is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the database, denying
access to legitimate users.
This issue affects versions prior to MySQL 5.1.49.
Solution:
Updates are available. Please see the references for more information.
References:
https://www.securityfocus.com/bid/42646
https://www.securityfocus.com/bid/42633
https://www.securityfocus.com/bid/42643
https://www.securityfocus.com/bid/42598
https://www.securityfocus.com/bid/42596
https://www.securityfocus.com/bid/42638
https://www.securityfocus.com/bid/42599
https://www.securityfocus.com/bid/42625
http://bugs.mysql.com/bug.php?id=54575
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html
http://www.mysql.com/

 Overview : This host is running MySQL, which is prone to Denial of Service
 Vulnerability.
 Vulnerability Insight :
        Issue is due to error while processing an empty bit string literal via
        a specially crafted SQL statement.
        Impact : Successful exploitation by remote attackers could cause denying
        access to legitimate users.
 Impact Level : Application
 Affected Software/OS : 
        MySQL versions prior to 5.0.x - 5.0.66,
                                5.1.x - 5.1.26, and
                                6.0.x - 6.0.5 on all running platform.
 Fix : Update to version 5.0.66 or 5.1.26 or 6.0.6 or later.
 http://dev.mysql.com/downloads/
 References : 
 http://secunia.com/advisories/31769/
 http://bugs.mysql.com/bug.php?id=35658
 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html

  Overview: The host is running MySQL and is prone to Denial Of Service
  vulnerability.
  Vulnerability Insight:
  The flaw is due to an error when processing the 'ALTER DATABASE' statement and
  can be exploited to corrupt the MySQL data directory using the '#mysql50#'
  prefix followed by a '.' or '..'.
  NOTE: Successful exploitation requires 'ALTER' privileges on a database.
  Impact:
  Successful exploitation could allow an attacker to cause a Denial of Service.
  Impact Level: Application
  Affected Software/OS:
  MySQL version priot to 5.1.48 on all running platform.
  Fix: Upgrade to MySQL version 5.1.48
  For Updates Refer, http://dev.mysql.com/downloads
  References:
  http://secunia.com/advisories/40333
  http://bugs.mysql.com/bug.php?id=53804
  http://securitytracker.com/alerts/2010/Jun/1024160.html
  http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html 

  Overview: The host is running ProFTPD and is prone to denial of service
  vulnerability.
  Vulnerability Insight:
  The flaw is caused due to an error in 'pr_data_xfer()' function which allows
  remote authenticated users to cause a denial of service (CPU consumption)
  via an ABOR command during a data transfer.
  Impact:
  Successful exploitation will let the attackers to cause a denial of service.
  Impact Level: Application
  Affected Software/OS:
  ProFTPD versions prior to 1.3.2rc3
  Fix: Upgrade to ProFTPD version 1.3.2rc3 or later,
  For updates refer, http://www.proftpd.org/
  References:
  http://bugs.proftpd.org/show_bug.cgi?id=3131 

  
  Overview:
   rsh Service is running at this Host.
   rsh (remote shell) is a command line computer program which can execute
   shell commands as another user, and on another computer across a computer
   network. 
  Solution:
   Disable rsh and use ssh instead.

 Overview:
  The Mailserver on this host answers to VRFY and/or EXPN requests.
  VRFY and EXPN ask the server for information about an address. They are
  inherently unusable through firewalls, gateways, mail exchangers for part-time
  hosts, etc. OpenVAS suggests that, if you really want to publish this type of
  information, you use a mechanism that legitimate users actually know about,
  such as Finger or HTTP. 
 Solution:
  Disable VRFY and/or EXPN on your Mailserver. 
  For postfix add 'disable_vrfy_command=yes' in 'main.cf'. 
  For Sendmail add the option 'O PrivacyOptions=goaway'.
 See also:
  http://cr.yp.to/smtp/vrfy.html
Details:
'VRFY root' produces the following answer: 252 2.0.0 root 

Overview:
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7
provides debug messages containing authorized_keys command options, which allows
remote authenticated users to obtain potentially sensitive information by
reading these messages, as demonstrated by the shared user account required by
Gitolite. NOTE: this can cross privilege boundaries because a user account may
intentionally have no shell or filesystem access, and therefore may have no
supported way to read an authorized_keys file in its own home directory.
OpenSSH before 5.7 is affected; 
Solution:
Updates are available. Please see the references for more information.
References:
http://www.securityfocus.com/bid/51702
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445
http://packages.debian.org/squeeze/openssh-server
https://downloads.avaya.com/css/P8/documents/100161262

  Overview: This host is running Apache Tomcat Server and is prone to
  multiple vulnerabilities.
  Vulnerability Insight:
  Multiple flows are due to,
  - Error in 'XML parser' used for other web applications, which allows local users to
    read or modify the web.xml, context.xml, or tld files via a crafted application
    that is loaded earlier than the target application.
  - when FORM authentication is used, cause enumerate valid usernames via requests
    to /j_security_check with malformed URL encoding of passwords, related to
    improper error checking in the MemoryRealm, DataSourceRealm, and JDBCRealm
    authentication realms, as demonstrated by a % (percent) value for the
    j_password parameter.
  - when the 'Java AJP connector' and 'mod_jk load balancing' are used, via a
    crafted request with invalid headers, related to temporary blocking of
    connectors that have encountered errors, as demonstrated by an error
    involving a malformed HTTP Host header.
  Impact:
  Successful attempt could lead to remote code execution and attacker can gain
  the full permission on affected file, and can cause denial of service.
  Impact Level: System/Application
  Affected Software/OS:
  Apache Tomcat version 6.0.0 to 6.0.18
  Apache Tomcat version 5.5.0 to 5.5.27
  Apache Tomcat version 4.1.0 to 4.1.39
  Fix: Upgrade to Apache Tomcat version 4.1.40, or 5.5.28, or 6.0.20
  http://archive.apache.org/dist/tomcat/
  References:
  http://tomcat.apache.org/security-6.html
  http://tomcat.apache.org/security-5.html
  http://tomcat.apache.org/security-4.html
  http://www.securitytracker.com/id?1022336
  http://www.vupen.com/english/advisories/2009/1496
  http://svn.apache.org/viewvc?view=rev&revision=781708

  Overview: Apache Tomcat Server is running on this host and that is prone to
  security bypass vulnerability.
  Vulnerability Insight:
  Flaw in the application is due to the synchronisation problem when checking
  IP addresses. This could allow user from a non permitted IP address to gain
  access to a context that is protected with a valve that extends
  RemoteFilterValve including the standard RemoteAddrValve and RemoteHostValve
  implementations.
  Impact: Successful attempt could lead to remote code execution and attacker
  can gain access to context of the filtered value.
  Impact Level: Application
  Affected Software/OS:
  Apache Tomcat version 4.1.x - 4.1.31, and 5.5.0
  Fix: Upgrade to Apache Tomcat version 4.1.32, or 5.5.1, or later,
  http://archive.apache.org/dist/tomcat/
  References:
  http://tomcat.apache.org/security-4.html
  http://tomcat.apache.org/security-5.html
  https://issues.apache.org/bugzilla/show_bug.cgi?id=25835

Overview:
Apache Tomcat is prone to a remote information-disclosure
vulnerability.
Remote attackers can exploit this issue to obtain the host name or IP
address of the Tomcat server. Information harvested may lead to
further attacks.
The following versions are affected:
Tomcat 5.5.0 through 5.5.29 Tomcat 6.0.0 through 6.0.26
Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.
Solution:
Updates are available. Please see the references for more information.
References:
http://www.securityfocus.com/bid/39635
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/
http://svn.apache.org/viewvc?view=revision&revision=936540
http://svn.apache.org/viewvc?view=revision&revision=936541
http://www.securityfocus.com/archive/1/510879

  Overview: This host is running Apache Tomcat server and is prone to security
  bypass vulnerability.
  Vulnerability Insight:
  The flaw is caused by 'realm name' in the 'WWW-Authenticate' HTTP header for
  'BASIC' and 'DIGEST' authentication that might allow remote attackers to
  discover the server's hostname or IP address by sending a request for a
  resource.
  Impact:
  Remote attackers can exploit this issue to obtain the host name or IP address
  of the Tomcat server. Information harvested may aid in further attacks.
  Impact Level: Application
  Affected Software/OS:
  Apache Tomcat version 5.5.0 to 5.5.29
  Apache Tomcat version 6.0.0 to 6.0.26
  Fix: Upgrade to the latest version of Apache Tomcat 5.5.30 or 6.0.27 or later,
  For updates refer, http://tomcat.apache.org
  References:
  http://tomcat.apache.org/security-5.html
  http://tomcat.apache.org/security-6.html
  http://www.securityfocus.com/archive/1/510879 

BIND 'NAMED' is an open-source DNS server from ISC.org.
Many proprietary DNS servers are based on BIND source code.
The BIND based NAMED servers (or DNS servers) allow remote users
to query for version and type information.  The query of the CHAOS
TXT record 'version.bind', will typically prompt the server to send
the information back to the querying source.
The remote bind version is : 9.4.2
Solution :
Using the 'version' directive in the 'options' section will block
the 'version.bind' query, but it will not log such attempts.

 Overview:
  A DNS Server is running at this Host.
  A Name Server translates domain names into IP addresses. This makes it
  possible for a user to access a website by typing in the domain name instead of
  the website's actual IP address.

 Overview:
  A DNS Server is running at this Host.
  A Name Server translates domain names into IP addresses. This makes it
  possible for a user to access a website by typing in the domain name instead of
  the website's actual IP address.

Remote FTP server banner :
220 (vsFTPd 2.3.4) 

Here is the route recorded between 192.168.56.4 and 192.168.56.3 :
192.168.56.3.
192.168.56.3.

Synopsis :
The remote service implements TCP timestamps.
Description :
The remote host implements TCP timestamps, as defined by RFC1323.
A side effect of this feature is that the uptime of the remote 
host can sometimes be computed.
See also :
http://www.ietf.org/rfc/rfc1323.txt

ProFTPD version 1.3.1 was detected on the host

The remote web server type is :
Apache/2.2.8 (Ubuntu) DAV/2 
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.

The following directories were discovered:
/cgi-bin, /doc, /test, /icons, /phpMyAdmin
While this is not, in and of itself, a bug, you should manually inspect 
these directories to ensure that they are in compliance with company
security standards

  phpMyAdmin is running at this Host.
  phpMyAdmin is a free software tool written in PHP intended to handle
  the administration of MySQL over the World Wide Web. 
phpMyAdmin was detected on the remote host in the following directory(s):
phpMyAdmin (Ver. unknown) under /phpMyAdmin.

An unknown server is running on this port.
If you know what it is, please send this banner to the OpenVAS team:
0x0000:  00 00 00 03 04 08 46 00 00 03 A1 04 08 6F 3A 16    ......F......o:.
0x0010:  44 52 62 3A 3A 44 52 62 43 6F 6E 6E 45 72 72 6F    DRb::DRbConnErro
0x0020:  72 07 3A 07 62 74 5B 17 22 2F 2F 75 73 72 2F 6C    r.:.bt[."//usr/l
0x0030:  69 62 2F 72 75 62 79 2F 31 2E 38 2F 64 72 62 2F    ib/ruby/1.8/drb/
0x0040:  64 72 62 2E 72 62 3A 35 37 33 3A 69 6E 20 60 6C    drb.rb:573:in `l
0x0050:  6F 61 64 27 22 37 2F 75 73 72 2F 6C 69 62 2F 72    oad'"7/usr/lib/r
0x0060:  75 62 79 2F 31 2E 38 2F 64 72 62 2F 64 72 62 2E    uby/1.8/drb/drb.
0x0070:  72 62 3A 36 31 32 3A 69 6E 20 60 72 65 63 76 5F    rb:612:in `recv_
0x0080:  72 65 71 75 65 73 74 27 22 37 2F 75 73 72 2F 6C    request'"7/usr/l
0x0090:  69 62 2F 72 75 62 79 2F 31 2E 38 2F 64 72 62 2F    ib/ruby/1.8/drb/
0x00A0:  64 72 62 2E 72 62 3A 39 31 31 3A 69 6E 20 60 72    drb.rb:911:in `r
0x00B0:  65 63 76 5F 72 65 71 75 65 73 74 27 22 3C 2F 75    ecv_request'"</u
0x00C0:  73 72 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 2F    sr/lib/ruby/1.8/
0x00D0:  64 72 62 2F 64 72 62 2E 72 62 3A 31 35 33 30 3A    drb/drb.rb:1530:
0x00E0:  69 6E 20 60 69 6E 69 74 5F 77 69 74 68 5F 63 6C    in `init_with_cl
0x00F0:  69 65 6E 74 27 22 39 2F 75 73 72 2F 6C 69 62 2F    ient'"9/usr/lib/
0x0100:  72 75 62 79 2F 31 2E 38 2F 64 72 62 2F 64 72 62    ruby/1.8/drb/drb
0x0110:  2E 72 62 3A 31 35 34 32 3A 69 6E 20 60 73 65 74    .rb:1542:in `set
0x0120:  75 70 5F 6D 65 73 73 61 67 65 27 22 33 2F 75 73    up_message'"3/us
0x0130:  72 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 2F 64    r/lib/ruby/1.8/d
0x0140:  72 62 2F 64 72 62 2E 72 62 3A 31 34 39 34 3A 69    rb/drb.rb:1494:i
0x0150:  6E 20 60 70 65 72 66 6F 72 6D 27 22 35 2F 75 73    n `perform'"5/us
0x0160:  72 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 2F 64    r/lib/ruby/1.8/d
0x0170:  72 62 2F 64 72 62 2E 72 62 3A 31 35 38 39 3A 69    rb/drb.rb:1589:i
0x0180:  6E 20 60 6D 61 69 6E 5F 6C 6F 6F 70 27 22 30 2F    n `main_loop'"0/
0x0190:  75 73 72 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38    usr/lib/ruby/1.8
0x01A0:  2F 64 72 62 2F 64 72 62 2E 72 62 3A 31 35 38 35    /drb/drb.rb:1585
0x01B0:  3A 69 6E 20 60 6C 6F 6F 70 27 22 35 2F 75 73 72    :in `loop'"5/usr
0x01C0:  2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 2F 64 72    /lib/ruby/1.8/dr
0x01D0:  62 2F 64 72 62 2E 72 62 3A 31 35 38 35 3A 69 6E    b/drb.rb:1585:in
0x01E0:  20 60 6D 61 69 6E 5F 6C 6F 6F 70 27 22 31 2F 75     `main_loop'"1/u
0x01F0:  73 72 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 2F    sr/lib/ruby/1.8/
0x0200:  64 72 62 2F 64 72 62 2E 72 62 3A 31 35 38 31 3A    drb/drb.rb:1581:
0x0210:  69 6E 20 60 73 74 61 72 74 27 22 35 2F 75 73 72    in `start'"5/usr
0x0220:  2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 2F 64 72    /lib/ruby/1.8/dr
0x0230:  62 2F 64 72 62 2E 72 62 3A 31 35 38 31 3A 69 6E    b/drb.rb:1581:in
0x0240:  20 60 6D 61 69 6E 5F 6C 6F 6F 70 27 22 2F 2F 75     `main_loop'"//u
0x0250:  73 72 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 2F    sr/lib/ruby/1.8/
0x0260:  64 72 62 2F 64 72 62 2E 72 62 3A 31 34 33 30 3A    drb/drb.rb:1430:
0x0270:  69 6E 20 60 72 75 6E 27 22 31 2F 75 73 72 2F 6C    in `run'"1/usr/l
0x0280:  69 62 2F 72 75 62 79 2F 31 2E 38 2F 64 72 62 2F    ib/ruby/1.8/drb/
0x0290:  64 72 62 2E 72 62 3A 31 34 32 37 3A 69 6E 20 60    drb.rb:1427:in `
0x02A0:  73 74 61 72 74 27 22 2F 2F 75 73 72 2F 6C 69 62    start'"//usr/lib
0x02B0:  2F 72 75 62 79 2F 31 2E 38 2F 64 72 62 2F 64 72    /ruby/1.8/drb/dr
0x02C0:  62 2E 72 62 3A 31 34 32 37 3A 69 6E 20 60 72 75    b.rb:1427:in `ru
0x02D0:  6E 27 22 36 2F 75 73 72 2F 6C 69 62 2F 72 75 62    n'"6/usr/lib/rub
0x02E0:  79 2F 31 2E 38 2F 64 72 62 2F 64 72 62 2E 72 62    y/1.8/drb/drb.rb
0x02F0:  3A 31 33 34 37 3A 69 6E 20 60 69 6E 69 74 69 61    :1347:in `initia
0x0300:  6C 69 7A 65 27 22 2F 2F 75 73 72 2F 6C 69 62 2F    lize'"//usr/lib/
0x0310:  72 75 62 79 2F 31 2E 38 2F 64 72 62 2F 64 72 62    ruby/1.8/drb/drb
0x0320:  2E 72 62 3A 31 36 32 37 3A 69 6E 20 60 6E 65 77    .rb:1627:in `new
0x0330:  27 22 39 2F 75 73 72 2F 6C 69 62 2F 72 75 62 79    '"9/usr/lib/ruby
0x0340:  2F 31 2E 38 2F 64 72 62 2F 64 72 62 2E 72 62 3A    /1.8/drb/drb.rb:
0x0350:  31 36 32 37 3A 69 6E 20 60 73 74 61 72 74 5F 73    1627:in `start_s
0x0360:  65 72 76 69 63 65 27 22 25 2F 75 73 72 2F 73 62    ervice'"%/usr/sb
0x0370:  69 6E 2F 64 72 75 62 79 5F 74 69 6D 65 73 65 72    in/druby_timeser
0x0380:  76 65 72 2E 72 62 3A 31 32 3A 09 6D 65 73 67 22    ver.rb:12:.mesg"
0x0390:  20 74 6F 6F 20 6C 61 72 67 65 20 70 61 63 6B 65     too large packe
0x03A0:  74 20 31 32 31 32 35 30 31 30 37 32                t 1212501072    

Remote FTP server banner :
220 ProFTPD 1.3.1 Server (Debian) [::ffff:192.168.56.3] 

Some antivirus scanners dies when they process an email with a 
too long string without line breaks.
Such a message was sent. If there is an antivirus on your MTA,
it might have crashed. Please check its status right now, as 
it is not possible to do it remotely

The file 42.zip was sent 2 times. If there is an antivirus in your MTA, it might
have crashed. Please check its status right now, as it is
not possible to do so remotely

Remote SMTP server banner :
220 metasploitable.localdomain ESMTP Postfix (Ubuntu) 
This is probably: Postfix

Overview:
The remote Mailserver supports the STARTTLS command.

RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on port 111

RPC program #100003 version 2 'nfs' (nfsprog) is running on port 2049
RPC program #100003 version 3 'nfs' (nfsprog) is running on port 2049
RPC program #100003 version 4 'nfs' (nfsprog) is running on port 2049

RPC program #100005 version 1 'mountd' (mount showmount) is running on port 37000
RPC program #100005 version 2 'mountd' (mount showmount) is running on port 37000
RPC program #100005 version 3 'mountd' (mount showmount) is running on port 37000

RPC program #100021 version 1 'nlockmgr' is running on port 44501
RPC program #100021 version 3 'nlockmgr' is running on port 44501
RPC program #100021 version 4 'nlockmgr' is running on port 44501

RPC program #100024 version 1 'status' is running on port 57176

RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on port 111

RPC program #100003 version 2 'nfs' (nfsprog) is running on port 2049
RPC program #100003 version 3 'nfs' (nfsprog) is running on port 2049
RPC program #100003 version 4 'nfs' (nfsprog) is running on port 2049

RPC program #100005 version 1 'mountd' (mount showmount) is running on port 33649
RPC program #100005 version 2 'mountd' (mount showmount) is running on port 33649
RPC program #100005 version 3 'mountd' (mount showmount) is running on port 33649

RPC program #100021 version 1 'nlockmgr' is running on port 58930
RPC program #100021 version 3 'nlockmgr' is running on port 58930
RPC program #100021 version 4 'nlockmgr' is running on port 58930

RPC program #100024 version 1 'status' is running on port 48701

  Overview:
   A telnet Server is running at this host.
   Experts in computer security, such as SANS Institute, and the members of the
   comp.os.linux.security newsgroup recommend that the use of Telnet for remote
   logins should be discontinued under all normal circumstances, for the following
   reasons:
   * Telnet, by default, does not encrypt any data sent over the connection
     (including passwords), and so it is often practical to eavesdrop on the
     communications and use the password later for malicious purposes; anybody who
     has access to a router, switch, hub or gateway located on the network between
     the two hosts where Telnet is being used can intercept the packets passing by
     and obtain login and password information (and whatever else is typed) with any
     of several common utilities like tcpdump and Wireshark.
    
   * Most implementations of Telnet have no authentication that would ensure
     communication is carried out between the two desired hosts and not intercepted
     in the middle.
   * Commonly used Telnet daemons have several vulnerabilities discovered over
     the years.

Remote telnet banner :
                _                  _       _ _        _     _      ____   
 _ __ ___   ___| |_ __ _ ___ _ __ | | ___ (_) |_ __ _| |__ | | ___|___ \  
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __/ _` | '_ \| |/ _ \ __) | 
| | | | | |  __/ || (_| \__ \ |_) | | (_) | | || (_| | |_) | |  __// __/  
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__\__,_|_.__/|_|\___|_____| 
                            |_|                                           
 
 
Warning: Never expose this VM to an untrusted network! 
 
Contact: msfdev[at]metasploit.com 
 
Login with msfadmin/msfadmin to get started 
 
 
metasploitable login: 

Synopsis :
The remote host has TFTP server running.
Description :
The remote host has TFTP server running. TFTP stands 
for Trivial File Transfer Protocol.
Solution : 
Disable TFTP server if not used.

Synopsis :
The remote web server contains a graphic image that is prone to
information disclosure. 
Description :
The 'favicon.ico' file found on the remote web server belongs to a
popular webserver.  This may be used to fingerprint the web server. 
Solution: 
Remove the 'favicon.ico' file or create a custom one for your site. 
CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Plugin output :
The 'favico.ico' fingerprints this webserver as tomcat (5.5.26).

The remote web server type is :
Apache-Coyote/1.1 
and the 'ServerTokens' directive is ProductOnly
Apache does not permit to hide the server type.

The following CGI have been discovered :
Syntax : cginame (arguments [default value])
/servlets-examples/servlet/RequestParamExample (firstname [] lastname [] )
/jsp-examples/jsp2/el/implicit-objects.jsp (foo [bar] )
/jsp-examples/jsp2/el/functions.jsp (foo [JSP+2.0] )
/servlets-examples/servlet/CookieExample (cookiename [] cookievalue [] )
/admin/j_security_check;jsessionid=41E65FC4E316C34D5B282E81652C0C1F (j_username [] j_passw↵
ord [] )
/servlets-examples/servlet/SessionExample;jsessionid=28C2AEF7D90C498A0FBB20AE56133F5C (dat↵
aname [] datavalue [] )

The following directories were discovered:
/admin
While this is not, in and of itself, a bug, you should manually inspect 
these directories to ensure that they are in compliance with company
security standards

Apache Tomcat version 5.5 was detected on the host

Synopsis :
The remote host is running a remote display software (VNC)
Description :
The remote server is running VNC, a software which permits a 
console to be displayed remotely.
This allows authenticated users of the remote host to take its 
control remotely.
Solution : 
Make sure the use of this software is done in accordance with your
corporate security policy, filter incoming traffic to this port.
Plugin output :
The version of the VNC protocol is : RFB 003.003

The remote VNC server chose security type #2 (VNC authentication)

nmap thinks ajp13 is running on this port

nmap thinks distccd is running on this port

An FTP server is running on this port.
Here is its banner : 
220 (vsFTPd 2.3.4) 

192.168.56.3|cpe:/a:samba:samba:3.0.20
192.168.56.3|cpe:/a:x.org:x11:11.0
192.168.56.3|cpe:/a:tikiwiki:tikiwiki:1.9.5
192.168.56.3|cpe:/a:apache:tomcat:5.5
192.168.56.3|cpe:/a:postgresql:postgresql
192.168.56.3|cpe:/a:proftpd:proftpd:1.3.1
192.168.56.3|cpe:/a:apache:http_server:2.2.8
192.168.56.3|cpe:/a:php:php:5.2.4
192.168.56.3|cpe:/a:openbsd:openssh:4.7p1
192.168.56.3|cpe:/o:canonical:ubuntu_linux

traceroute:192.168.56.4,192.168.56.3
TCP ports:44501,80,3632,5900,8009,8180,8787,6667,445,21,111,2049,22,6000,23,512,513,37000,↵
25,514,1099,6697,2121,3306,139,1524,57176,53,51571,5432
UDP ports:111,68,69,53,137,2049,138

The tool "smbclient" is not available for openvasd.
Therefore none of the tests using smbclient are executed.

Overview:
The remote host responded to an ICMP timestamp request. The Timestamp Reply is
an ICMP message which replies to a Timestamp message. It consists of the
originating timestamp sent by the sender of the Timestamp as well as a receive
timestamp and a transmit timestamp. This information could theoretically be used
to exploit weak time-based random number generators in other services.
See also:
http://www.ietf.org/rfc/rfc0792.txt

ICMP based OS fingerprint results: (100% confidence)
Linux Kernel

DIRB could not be found in your system path.
OpenVAS was unable to execute DIRB and to perform the scan you
requested.
Please make sure that DIRB is installed and is
available in the PATH variable defined for your environment.

Open UDP ports: 111, 68, 69, 53, 137, 2049, 138

Arachni could not be found in your system path.
OpenVAS was unable to execute Arachni and to perform the scan you
requested.
Please make sure that Arachni is installed and that arachni is
available in the PATH variable defined for your environment.

Nikto could not be found in your system path.
OpenVAS was unable to execute Nikto and to perform the scan you
requested.
Please make sure that Nikto is installed and that nikto.pl or nikto is
available in the PATH variable defined for your environment.

Information about this scan : 
OpenVAS Scanner version : 5.0.3
NVT feed version : 201208011335
Type of NVT feed : OpenVAS NVT Feed
Scanner IP : 192.168.56.4
Port scanner(s) : nmap 
Port range : T:1-65535,U:2-3,7,9,13,17,19-23,37-38,42,49,53,67-69,80,88,111-113,120,123,13↵
5-139,158,161-162,177,192,199,207,217,363,389,402,407,427,434,443,445,464,497,500,502,512-↵
515,517-518,520,539,559,593,623,626,631,639,643,657,664,682-689,764,767,772-776,780-782,78↵
6,789,800,814,826,829,838,902-903,944,959,965,983,989-990,996-1001,1007-1008,1012-1014,101↵
9-1051,1053-1060,1064-1070,1072,1080-1081,1087-1088,1090,1100-1101,1105,1124,1200,1214,123↵
4,1346,1419,1433-1434,1455,1457,1484-1485,1524,1645-1646,1701,1718-1719,1761,1782,1804,181↵
2-1813,1885-1886,1900-1901,1993,2000,2002,2048-2049,2051,2148,2160-2161,2222-2223,2343,234↵
5,2362,2967,3052,3130,3283,3296,3343,3389,3401,3456-3457,3659,3664,3702-3703,4000,4008,404↵
5,4444,4500,4666,4672,5000-5003,5010,5050,5060,5093,5351,5353,5355,5500,5555,5632,6000-600↵
2,6004,6050,6346-6347,6970-6971,7000,7938,8000-8001,8010,8181,8193,8900,9000-9001,9020,910↵
3,9199-9200,9370,9876-9877,9950,10000,10080,11487,16086,16402,16420,16430,16433,16449,1649↵
8,16503,16545,16548,16573,16674,16680,16697,16700,16708,16711,16739,16766,16779,16786,1681↵
6,16829,16832,16838-16839,16862,16896,16912,16918-16919,16938-16939,16947-16948,16970,1697↵
2,16974,17006,17018,17077,17091,17101,17146,17184-17185,17205,17207,17219,17236-17237,1728↵
2,17302,17321,17331-17332,17338,17359,17417,17423-17424,17455,17459,17468,17487,17490,1749↵
4,17505,17533,17549,17573,17580,17585,17592,17605,17615-17616,17629,17638,17663,17673-1767↵
4,17683,17726,17754,17762,17787,17814,17823-17824,17836,17845,17888,17939,17946,17989,1800↵
4,18081,18113,18134,18156,18228,18234,18250,18255,18258,18319,18331,18360,18373,18449,1848↵
5,18543,18582,18605,18617,18666,18669,18676,18683,18807,18818,18821,18830,18832,18835,1886↵
9,18883,18888,18958,18980,18985,18987,18991,18994,18996,19017,19022,19039,19047,19075,1909↵
6,19120,19130,19140-19141,19154,19161,19165,19181,19193,19197,19222,19227,19273,19283,1929↵
4,19315,19322,19332,19374,19415,19482,19489,19500,19503-19504,19541,19600,19605,19616,1962↵
4-19625,19632,19639,19647,19650,19660,19662-19663,19682-19683,19687,19695,19707,19717-1971↵
9,19722,19728,19789,19792,19933,19935-19936,19956,19995,19998,20003-20004,20019,20031,2008↵
2,20117,20120,20126,20129,20146,20154,20164,20206,20217,20249,20262,20279,20288,20309,2031↵
3,20326,20359-20360,20366,20380,20389,20409,20411,20423-20425,20445,20449,20464-20465,2051↵
8,20522,20525,20540,20560,20665,20678-20679,20710,20717,20742,20752,20762,20791,20817,2084↵
2,20848,20851,20865,20872,20876,20884,20919,21000,21016,21060,21083,21104,21111,21131,2116↵
7,21186,21206-21207,21212,21247,21261,21282,21298,21303,21318,21320,21333,21344,21354,2135↵
8,21360,21364,21366,21383,21405,21454,21468,21476,21514,21524-21525,21556,21566,21568,2157↵
6,21609,21621,21625,21644,21649,21655,21663,21674,21698,21702,21710,21742,21780,21784,2180↵
0,21803,21834,21842,21847,21868,21898,21902,21923,21948,21967,22029,22043,22045,22053,2205↵
5,22105,22109,22123-22124,22341,22692,22695,22739,22799,22846,22914,22986,22996,23040,2317↵
6,23354,23531,23557,23608,23679,23781,23965,23980,24007,24279,24511,24594,24606,24644,2485↵
4,24910,25003,25157,25240,25280,25337,25375,25462,25541,25546,25709,25931,26407,26415,2672↵
0,26872,26966,27015,27195,27444,27473,27482,27707,27892,27899,28122,28369,28465,28493,2854↵
3,28547,28641,28840,28973,29078,29243,29256,29810,29823,29977,30263,30303,30365,30544,3065↵
6,30697,30704,30718,30975,31059,31073,31109,31189,31195,31335,31337,31365,31625,31681,3173↵
1,31891,32345,32385,32528,32768-32780,32798,32815,32818,32931,33030,33249,33281,33354-3335↵
5,33459,33717,33744,33866,33872,34038,34079,34125,34358,34422,34433,34555,34570,34577-3458↵
0,34758,34796,34855,34861-34862,34892,35438,35702,35777,35794,36108,36206,36384,36458,3648↵
9,36669,36778,36893,36945,37144,37212,37393,37444,37602,37761,37783,37813,37843,38037,3806↵
3,38293,38412,38498,38615,39213,39217,39632,39683,39714,39723,39888,40019,40116,40441,4053↵
9,40622,40708,40711,40724,40732,40805,40847,40866,40915,41058,41081,41308,41370,41446,4152↵
4,41638,41702,41774,41896,41967,41971,42056,42172,42313,42431,42434,42508,42557,42577,4262↵
7,42639,43094,43195,43370,43514,43686,43824,43967,44101,44160,44179,44185,44190,44253,4433↵
4,44508,44923,44946,44968,45247,45380,45441,45685,45722,45818,45928,46093,46532,46836,4762↵
4,47765,47772,47808,47915,47981,48078,48189,48255,48455,48489,48761,49152-49163,49165-4918↵
2,49184-49202,49204-49205,49207-49216,49220,49222,49226,49259,49262,49306,49350,49360,4939↵
3,49396,49503,49640,49968,50099,50164,50497,50612,50708,50919,51255,51456,51554,51586,5169↵
0,51717,51905,51972,52144,52225,52503,53006,53037,53571,53589,53838,54094,54114,54281,5432↵
1,54711,54807,54925,55043,55544,55587,56141,57172,57409-57410,57813,57843,57958,57977,5800↵
2,58075,58178,58419,58631,58640,58797,59193,59207,59765,59846,60172,60381,60423,61024,6114↵
2,61319,61322,61370,61412,61481,61550,61685,61961,62154,62287,62575,62677,62699,62958,6342↵
0,63555,64080,64481,64513,64590,64727
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : no
Max hosts : 30
Max checks : 10
Scan Start Date : 2012/8/16 2:12
Scan duration : 3416 sec

Here is the route from 192.168.56.4 to 192.168.56.3:
192.168.56.4
192.168.56.3

Detected TWiki version: unknown
Location: /twiki
CPE: 
Concluded from version identification result:

Fake IP address not specified. Skipping this check. 

SMB signing is disabled on this host

Open TCP ports: 44501, 80, 3632, 5900, 8009, 8180, 8787, 6667, 445, 21, 111, 2049, 22, 600↵
0, 23, 512, 513, 37000, 25, 514, 1099, 6697, 2121, 3306, 139, 1524, 57176, 53, 51571, 5432

Detected Apache version 2.2.8
CPE: cpe:/a:apache:http_server:2.2.8
Concluded from version identification result:
HTTP/1.1 200 OK 
Date: Wed, 15 Aug 2012 06:20:47 GMT 
Server: Apache/2.2.8 (Ubuntu) DAV/2 
X-Powered-By: PHP/5.2.4-2ubuntu5.10 
Content-Length: 891 
Connection: close 
Content-Type: text/html 
 
<html><head><title>Metasploitable2 - Linux</title></head><body>
<pre>
                _                  _       _ _        _     _      ____  
 _ __ ___   ___| |_ __ _ ___ _ __ | | ___ (_) |_ __ _| |__ | | ___|___ \ 
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __/ _` | '_ \| |/ _ \ __) |
| | | | | |  __/ || (_| \__ \ |_) | | (_) | | || (_| | |_) | |  __// __/ 
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__\__,_|_.__/|_|\___|_____|
                            |_|                                          
Warning: Never expose this VM to an untrusted network!
Contact: msfdev[at]metasploit.com
Login with msfadmin/msfadmin to get started
</pre>
<ul>
<li><a href="/twiki/">TWiki</a></li>
<li><a href="/phpMyAdmin/">phpMyAdmin</a></li>
<li><a href="/mutillidae/">Mutillidae</a></li>
<li><a href="/dvwa/">DVWA</a></li>
<li><a href="/dav/">WebDAV</a></li>
</ul>
</body>
</html>

  Overview:
   This FTP Server allows anonymous logins.
   
   A host that provides an FTP service may additionally provide Anonymous FTP
   access as well. Under this arrangement, users do not strictly need an account
   on the host. Instead the user typically enters 'anonymous' or 'ftp' when
   prompted for username. Although users are commonly asked to send their email
   address as their password, little to no verification is actually performed on
   the supplied data. 
 Solution:
   If you do not want to share files, you should disable anonymous logins.

Detected TikiWiki version: 1.9.5 under /tikiwiki
Location: /tikiwiki
CPE: cpe:/a:tikiwiki:tikiwiki:1.9.5
Concluded from version identification result:
1.9.5

A web server is running on this port

Detected PHP version: 5.2.4
Location: none
CPE: cpe:/a:php:php:5.2.4
Concluded from version identification result:
X-Powered-By: PHP/5.2.4-2ubuntu5.10 

wapiti could not be found in your system path.
OpenVAS was unable to execute wapiti and to perform the scan you
requested.
Please make sure that wapiti is installed and that wapiti is
available in the PATH variable defined for your environment.

nmap thinks irc is running on this port

nmap thinks login is running on this port

Overview:
It is possible to extract OS, domain and SMB server information
from the Session Setup AndX Response packet which is generated
during NTLM authentication.
Detected SMB workgroup: WORKGROUP
Detected SMB server: Samba 3.0.20-Debian
Detected OS: Unix

It was possible to log into the remote host using the SMB protocol.

A CIFS server is running on this port

Detected MySQL version: 5.0.51a-3ubuntu5
Location: none
Concluded from version identification result:
5.0.51a-3ubuntu5     6E7"Eu?w ,ª                ]J9!99Rp]cVg 

An unknown service is running on this port.
It is usually reserved for MySQL

The following 7 NetBIOS names have been gathered :
 METASPLOITABLE  = This is the computer name registered for workstation services by a WINS↵
 client.
 METASPLOITABLE  = This is the current logged in user registered for this workstation.
 METASPLOITABLE  = Computer name
   __MSBROWSE__ 
 WORKGROUP       = Workgroup / Domain name
 WORKGROUP      
 WORKGROUP       = Workgroup / Domain name (part of the Browser elections)
. This SMB server seems to be a SAMBA server (this is not a security
risk, this is for your information). This can be told because this server 
claims to have a null MAC address
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.

An SMB server is running on this port

Detected PostgreSQL version: unknown
Location: 5432/tcp
CPE: cpe:/a:postgresql:postgresql
Concluded from version identification result:
R

An unknown service is running on this port.
It is usually reserved for Postgres

An FTP server is running on this port.
Here is its banner : 
220 ProFTPD 1.3.1 Server (Debian) [::ffff:192.168.56.3] 

An SMTP server is running on this port
Here is its banner : 
220 metasploitable.localdomain ESMTP Postfix (Ubuntu) 

The remote SSH Server supports the following SSH Protocol Versions:
1.99
2.0
SSHv2 Fingerprint: 56:56:24:0f:21:1d:de:a7:2b:ae:61:b1:24:3d:e8:f3

Detected SSH server version: SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1
Remote SSH supported authentication: publickey,password
Remote SSH banner: 
(not available)
CPE: cpe:/a:openbsd:openssh:4.7p1
Concluded from remote connection attempt with credentials:
  Login: OpenVAS
  Password: OpenVAS

An ssh server is running on this port

A telnet server seems to be running on this port

nmap thinks irc is running on this port

A web server is running on this port

wapiti could not be found in your system path.
OpenVAS was unable to execute wapiti and to perform the scan you
requested.
Please make sure that wapiti is installed and that wapiti is
available in the PATH variable defined for your environment.