Home

Vulnerability Categories

Every vulnerability is mapped to one vulnerability category. This includes vulnerabilities, potential vulnerabilities and information gathered checks. When a vulnerability matches multiple categories, our service determines which category is the best match and assigns the vulnerability to that category.

There are currently 30 vulnerability categories available in the KnowledgeBase and new categories are added frequently. Some vulnerability categories are platform-specific (for example Debian and SUSE) while others are more general (for example Database and Firewall). Learn moreLearn more

When vulnerability categories were first introduced in the product, most of the vulnerabilities in the KnowledgeBase were remote detections which were initially mapped to general categories like Database, Mail Services and Firewall. When authenticated scanning functionality was introduced, several platform-specific vulnerabilities were added to the KnowledgeBase and platform-specific categories were created to coincide with these new detections.

Categories:

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

B

Backdoors and trojan horses

This category consists of QIDs that detect malicious programs that appear to perform a desirable function for the user but instead facilitates unauthorized access to the user’s computer system. Usually the malicious code bypasses normal authentication, securing remote access to the target computer, obtaining sensitive information while attempting to remain undetected.

  1000  Potential UDP Backdoor
  1001  "Back Orifice" Backdoor
  1002  "girlfriend" backdoor
  1004  Potential TCP Backdoor
  1005  "Deep Throat" (Version 1) Backdoor

Brute Force Attack

This category consists of QIDs that detect applications that are vulnerable to brute force attacks. Brute force attacks usually involve traversing the search space of possible keys until the correct key is found.

  5000  FireWall-1 Login Access Enabled
  5001  Discovery of Unix Account Names Vulnerability
  5002  iPlanet Netscape Messaging Server POP E-mail Address Verification Vulnerability
  5003  Potential TCP Backdoor
  5004  CommuniGate Pro E-mail Address Verification Vulnerability
  5005  NetBIOS Brute Force of Accounts

C

CGI

This category consists of QIDs that detect vulnerabilities or gather information in CGI web applications.

  10000  phf CGI Vulnerability
  10001  campas CGI Vulnerability
  10002  Finger CGI Present
  10003  PHP Buffer Overflow
  10004  htmlscript CGI Directory Traversal Vulnerability

D

DNS and BIND

This category consists of QIDs that detect vulnerabilities or gather information in domain name servers and their implementations like BIND.

  15001  Named Daemon Version Number Disclosure Vulnerability
  15005  ISC BIND NXT Buffer Overflow (NXT bug) Vulnerability
  15006  ISC BIND Name Server Denial of Service Vulnerability
  15007  ISC BIND 8.2.2 Domain Cache Denial of Service Vulnerability
  15008  Multiple Vendor ISC BIND Denial of Service (zxfr bug) Vulnerability

Database

This category consists of QIDs that detect vulnerabilities or gather information in various databases.

  19001  Microsoft SQL Weak Database Password
  19002  Guessed Oracle Database Name
  19003  Default Oracle Login(s) Found
  19004  PostgreSQL Database Default Account Vulnerability
  19005  Oracle Listener Log File Can Be Renamed Without Authentication

Debian

This is a platform-specific category for all vulnerabilities and informational checks that belong to Debian.

  175000  Debian Security Update for Wget (DSA-1904)
  175001  Debian Security Update for Samba (DSA-1908)
  175002  Debian Security Update for Ipplan (DSA-1827)
  175003  Debian Security Update for Linux (DSA-1872)
  175004  Debian Security Update for Linux (DSA-1929)

E

E-Commerce

This category consists of QIDs that detect vulnerabilities or gather information in web application systems that are related to e-commerce.

  23000  Cart32 expdate Administrative Information Disclosure Vulnerability
  23001  Multiple Vendor Web Shopping Cart Hidden Form Field Vulnerability
  23002  Carey Internet Services Commerce.cgi Directory Traversal Vulnerability
  23003  SmartWin CyberOffice Shopping Cart 2.0 Client Information Disclosure Vulnerability
  23004  Smartwin Technology CyberOffice Shopping Cart 2.0 Price Modification Vulnerability

F

File Transfer Protocol

This category consists of QIDs that detect vulnerabilities or gather information in various file transfer protocol systems.

  27000  Accessible Anonymous FTP Server
  27001  Anonymous Access to FTP with a Blank Password Allowed
  27002  Writeable Root Directory on FTP Server
  27003  STAT FTP Command Information Disclosure Vulnerability
  27005  World Readable and Writeable Directory on Anonymous FTP

Finger

This category consists of QIDs that detect vulnerabilities or gather information in implementations of RFC1196 that provide an interface to the 'finger' program at most network sites.

  31000  Finger 0@" Information about Logged Users Disclosure Vulnerability
  31001  "Finger .@" Information about Logged Users Disclosure Vulnerability
  31002  Finger Daemon Accepts Forwarding of Requests
  31003  Finger Service Discloses Logged Users
  31004  FreeBSD fingerd File Disclosure Vulnerability
  31005  Cfinger 1.2.2 and 1.3.2 User Listing

Firewall

This category consists of QIDs that detect vulnerabilities or gather information in various firewall products.

  34000  TCP Source Port Pass Firewall
  34001  Novell BorderManager Denial of Service Vulnerability
  34002  FireWall-1 Administration Ports
  34003  Check Point FireWall-1 Name Disclosure
  34004  FireWall-1 Client Authentication Enabled

Forensics

This category consists of QIDs that detect vulnerabilities or gather information that could be useful in computer forensics.

  125000  Kernel Routing Tables Information
  125001  RPC Portmapper Information
  125002  Network Filesystem (NFS) Exports Information
  125003  Network Information Service (NIS) Information
  125004  Host File Information

G

General remote services

This category consists of QIDs that detect vulnerabilities or gather information in services or daemons.

  38000  "Systat" Service Open
  38001  "Netstat" Service Open
  38002  UDP Test-Services
  38003  TCP Test-Services
  38004  WircSrv MOTD Read Vulnerability
  38005  GAMSoft Telsrv DoS Vulnerability

H

Hardware

This category consists of QIDs that detect vulnerabilities or gather information in hardware related protocols or hardware appliances.

  43000  RIP Protocol Address Disclosure Vulnerability
  43001  Cisco Catalyst 3500 XL Remote Arbitrary Command Execution Vulnerability
  43002  Nortel Contivity Denial of Service and File Viewing Vulnerabilities
  43003  Cisco IOS HTTP %% Vulnerability
  43004  Cisco Router Online Help Vulnerability
  43005  Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability

I

Information gathering

This category consists of vulnerabilities that detect informational types of data. Please note that not all informational checks fall into this category.

  45002  Global User List
  45003  Remote User List Disclosure Using NetBIOS
  45004  Target Network Information
  45005  Internet Service Provider

Internet Explorer

This category consists of QIDs that detect vulnerabilities or gather information about Microsoft Internet Explorer.

  100000  Microsoft Internet Explorer Multiple Object Type Vulnerabilities (MS03-040)
  100001  Microsoft Internet Explorer Multiple Vulnerabilities (MS03-032)
  100002  Microsoft Internet Explorer Multiple Vulnerabilities (MS03-020)
  100003  Microsoft Internet Explorer Cumulative Security Update Not Installed (MS03-048)
  100004  Microsoft Internet Explorer Cumulative Security Update Not Installed (MS04-004)

L

Local

This category consists of QIDs that detect vulnerabilities or gather information about vulnerabilities that can be exploited after getting local access to a box or vulnerabilities that need authenticated credentials to be detected.

  115000  Red Hat tcpdump Malformed NFS Packet Buffer Overflow Vulnerability
  115001  Red Hat Gaim Jabber Plug-In Buffer Overflow Vulnerability
  115002  Red Hat Ghostscript PostScript File Arbitrary Command Execution Vulnerability
  115003  Red Hat XChat DNS Command Character Stripping EXECL Vulnerability
  115004  Red Hat GNU Mailman Pipermail Index Summary HTML Injection Vulnerability

M

Mail services

This category consists of QIDs that detect vulnerabilities or gather information about mail services.

  50000  POP3 Banner
  50001  Qualcomm Qpopper POP3 Mail Service Buffer Overflow Vulnerability
  50002  Berolist Mailing List Manager Vulnerability
  50004  Avirt Rover POP Server Buffer Overflow Vulnerability
  50005  True North Software Internet Anywhere POP Server Buffer Overflow Vulnerability

N

News Server

This category consists of QIDs that detect vulnerabilities or gather information about news services.

  54000  InterNetNews Daemon (INND) News Server Buffer Overflow Vulnerability
  54001  InterNetNews Daemon (INND) 2.X News Server Buffer Overflow Vulnerability
  54002  Multiple Vendor INN Remote Vulnerability
  54003  ISC INN News Server Buffer Overflow Vulnerability
  54004  Atrium Software Cassandra NNTP Server 1.10 Buffer Overflow Vulnerability

O

OEL

This is a platform-specific category for all vulnerabilities and informational checks that belong to Oracle Enterprise Linux (OEL).

  155001  Oracle Enterprise Linux firefox Security Update (ELSA-2009-0256)
  155002  Oracle Enterprise Linux seamonkey Security Update (ELSA-2009-0257)
  155003  Oracle Enterprise Linux sudo Security Update (ELSA-2009-0267)
  155004  Oracle Enterprise Linux gstreamer-plugins-good Security Update (ELSA-2009-0271)
  155005  Oracle Enterprise Linux gstreamer-plugins Security Update (ELSA-2009-0270)

Office Application

This category consists of QIDs that detect vulnerabilities or gather information about various Office applications.

  110000  Malformed Word Document Could Enable Macro to Run Automatically  (MS01-034)
  110001  Microsoft Outlook Update 300550 is Missing
  110002  Microsoft Outlook Update 300551 is Missing
  110003  Microsoft Excel and PowerPoint Malformed Document Can Bypass Macro Security (MS01-050)
  110004  Microsoft Office XP SP1 Not Installed

OVAL

This category consists of user-created OVAL vulnerabilities. See Adding OVAL Vulnerabilities for information.

P

Proxy

This category consists of QIDs that detect vulnerabilities or gather information in proxy servers. Typically a proxy server acts as an intermediary for requests from clients seeking resources from other servers.

  62000  Wingate Bounce Misconfiguration
  62001  Socks Server
  62002  Unauthenticated/Open Web Proxy Detected
  62003  HTTP Proxy Supports non-HTTP Protocols
  62004  Proxy Allows Directory Traversal Vulnerability
  62005  TinyProxy buffer overflow vulnerability

R

RPC

This category consists of QIDs that detect vulnerabilities or gather information about remote procedure call related applications.

  66001  mountd NFS Service Buffer Overflow Vulnerability
  66002  NFS Exported Filesystems List Vulnerability
  66003  NFS Exported Directories Mountable by Unauthorized Users
  66004  ToolTalk Buffer Overflow Vulnerability

S

Security Policy

This category consists of QIDs that detect vulnerabilities or gather information about security policies. These are generally informational types of checks that detect the presence of anti-virus or various other settings that could be pushed with a windows group policy.

  105000  Sophos Antivirus Scanner Detected
  105001  McAfee Antivirus Scanner Detected
  105002  Kaspersky Antivirus Detected
  105003  Symantec Norton Antivirus Corporate Edition Detected
  105004  Trend Micro Antivirus Detected

SMB / NETBIOS

This category consists of QIDs that detect vulnerabilities or gather information about server message block or the netbios protocol.

  70000  NetBIOS Name Accessible
  70001  NetBIOS Shared Folder List Available
  70002  NetBIOS Access to Shared Folders
  70003  Null Session/Password NetBIOS Access
  70004  NetBIOS Bindings Information

SNMP

This category consists of QIDs that detect vulnerabilities or gather information about SNMP-based applications.

  78000  General information about this host
  78001  Interface list
  78002  IP addresses
  78003  Routing table
  78004  ARP table

SUSE

This is a platform-specific category for all vulnerabilities and informational checks that belong to SUSE Linux.

  165000  SUSE Security Update for acroread (SUSE-SA:2007:011)
  165001  SUSE Security Update for Sun Java 5 and 6 (SUSE-SA:2009:016)
  165002  SUSE Security Update for krb5 (SUSE-SA:2009:019)
  165003  SUSE Security Update for Mozilla Firefox (SUSE-SA:2009:023)
  165005  SUSE Security Update for Mozilla Firefox (SUSE-SA:2009:012)

T

TCP/IP

This category consists of QIDs that detect vulnerabilities or gather information about protocols that fall under the generic TCP/IP protocol suite.

  82001  ICMP Mask Reply
  82002  Host Responds to One ICMP Request Multiple Times (Smurf Variant)
  82003  ICMP Timestamp Request
  82004  Open UDP Services List
  82005  Predictable TCP Initial Sequence Numbers Vulnerability

U

Ubuntu

This is a platform-specific category for all vulnerabilities and informational checks that belong to Ubuntu Linux.

  195002  Ubuntu Security Notification for Apache2 Vulnerabilities (USN-860-1)
  195003  Ubuntu Security Notification for Libvorbis Vulnerabilities (USN-861-1)
  195004  Ubuntu Security Notification for PHP5 Vulnerabilities (USN-862-1)
  195005  Ubuntu Security Notification for Qemu-kvm Vulnerability (USN-863-1)

W

Web Application

This category consists of web application vulnerabilities. See Web Application Vulnerabilities for information.

Web server

This category consists of QIDs that detect vulnerabilities or gather information about web servers.

  86000  Web Server Version
  86001  SSL Web Server Version
  86002  SSL Certificate - Information
  86003  Microsoft IIS 4.0 Filter Extensions Buffer Overflow Vulnerability (MS99-019)
  86004  Enterprise Server "PageServices" File Disclosure Vulnerability

Windows

This category consists of QIDs that detect vulnerabilities or gather information about Microsoft Windows.

  90000  Microsoft Media Server Denial of Service Vulnerability
  90001  Microsoft NetMeeting Remote Desktop Sharing DoS Vulnerability (MS00-077)
  90002  Microsoft Windows Media Unicast Services DoS Vulnerability (MS00-064)
  90003  Microsoft Windows Media Services Severed Connection DoS Vulnerability (MS00-097)
  90005  Disabled Windows File Protection

X

X-Window

This category consists of QIDs that detect vulnerabilities or gather information about x-windows systems.

  95000  Accessible X-Window Server
  95001  X-Window Sniffing
  95002  X Windows Font Server Denial of Service Vulnerability
  95003  X11 Banner
  95004  Sun Solaris fs.auto Remote Buffer Overrun Vulnerability