Hi, I've run both nikto and wapiti on my domain.
In both cases they report vulnerable applications which I don't have installed. They are listed as HIGH risk level, and lists a URL they used to attack this application
Post Nuke 0.7.2.3-Phoenix is vulnerable to Cross Site Scripting (XSS). CA-2000-02
PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS). CA-2000-02
Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). CA-2000-02
DailyDose 1.1 is vulnerable to a directory traversal attack in the 'list' parameter
the URLs used to attack these applications throw off a 404 when I try them
Mailman was found on the server
http://www.mydomain.com/mailman/listinfo is available
The following are listed as "Default CGI, often with a hosting manager of some sort. No known problems, but host managers allow sys admin via web"
mydomain.com/cgi-sys/entropysearch.cgi
mydomain.com/cgi-sys/FormMail0clone.cgi
mydomain.com/cgi-sys/mchat.cgi
mydomain.com/cgi-sys/scgiwrap
all of these are found when I click on the URL
The following are all displayed
mydomain.com/img-sys
mydomain.com/java-sys
mydomain.com/manual
mydomain.com/manual/images
AND
MyWebServer 1.0.2 is vulnerable to HTML injection. Upgrade to a later version
AND
Apache default file found at mydomain.com/icons/README
------------
I don't see any of this stuff on my webserver.My
question is, "Is there any cause for any concern?" If these applications are running on my shared server in another persons account is there any danger to my account?
