Берут же таких придурков на работу!!!!
А ещё что-то о безопасности рассуждает.....www.aist.de ssh (22/tcp) Security hole found
You are running a version of OpenSSH which is older than 3.7.1
Versions older than 3.7.1 are vulnerable to a flaw in the buffer management
functions which might allow an attacker to execute arbitrary commands on this
host.
An exploit for this issue is rumored to exist.
www.aist.de ftp (21/tcp) Security hole found
The remote FTP server seems to be vulnerable to an integer
conversion bug when it receives a malformed argument to the
'REST' command.
An attacker may exploit this flaw to crash the remote FTP
daemon and possibly execute arbitary code on this host.
www.aist.de http (80/tcp) Security hole found
The following URLs seem to be vulnerable to various SQL injection
techniques :
/german/webnews/print.php?id='UNION'& =
/german/webnews/print.php?id='& =
/german/webnews/print.php?id='%22& =
/german/webnews/print.php?id='bad_bad_value& =
/german/webnews/print.php?id=bad_bad_value'& =
/german/webnews/print.php?id='WHERE& =
/german/webnews/print.php?id='OR& =
The following URLs seem to be vulnerable to various SQL injection
techniques :
/german/webnews/news.php?id=10&stof='UNION'& =
/german/webnews/news.php?id=10&stof='& =
/german/webnews/news.php?id=10&stof='%22& =
/german/webnews/news.php?id=10&stof='bad_bad_value& =
/german/webnews/news.php?id=10&stof=bad_bad_value'& =
/german/webnews/news.php?id=10&stof='WHERE& =
/german/webnews/news.php?id=10&stof='OR& =
An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.
The following requests seem to allow the reading of
sensitive files or XSS. You should manually try them to see if anything bad happens :
/german/webnews/news.php?id=10&stof=<script>alert('foo');</script>
/german/webnews/print.php?id=<script>alert('foo');</script>
www.aist.de https (443/tcp) Security hole found
t seems that the source code of various CGIs can be accessed by
requesting the CGI name with a special suffix (.old, .bak, ~ or .copy)
Here is the list of CGIs Nessus gathered :
/egroupware/login.php
/login.php
www.aist.de pop3s (995/tcp) Security hole found
www.aist.de imaps (993/tcp) Security hole found
The remote host seems to be using a version of OpenSSL which is
older than 0.9.6e or 0.9.7-beta3
This version is vulnerable to a buffer overflow which,
may allow an attacker to obtain a shell on this host.