Shodan

188.39.178.122

Regular View Raw Data
Last Seen: 2024-06-07
Tags:
vpn

GeneralInformation

Hostnames 188-39-178-122.static.enta.net
museumssites.com
Domains enta.net museumssites.com 
Country United Kingdom
City Newbury
Organization Cityfibre Limited
ISP Cityfibre Limited
ASN AS8468

WebTechnologies

JavaScript libraries
jQuery1.7.1

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

OpenPorts 

-758258928 | 2024-05-30T17:28:31.053531
23 / tcp 
1845118841 | 2024-06-07T21:26:10.136979
80 / tcp 
817643711 | 2024-06-06T00:07:17.329945
443 / tcp 
1164459795 | 2024-06-04T16:06:56.886465
1194 / udp 
1732327417 | 2024-06-05T15:12:50.290441
1723 / tcp



Products
Pricing
Contact Us

Shodan ® - All rights reserved

\", which results in the enclosed script logic to be executed.","verified":false},"CVE-2020-1934":{"cvss":5.0,"ports":[80,443],"summary":"In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.","verified":false},"CVE-2020-1927":{"cvss":5.8,"ports":[80,443],"summary":"In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.","verified":false},"CVE-2019-17567":{"cvss":5.0,"ports":[80,443],"summary":"Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.","verified":false},"CVE-2019-11358":{"cvss":4.3,"ports":[443],"summary":"jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.","verified":false},"CVE-2015-9251":{"cvss":4.3,"ports":[443],"summary":"jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.","verified":false},"CVE-2013-4365":{"cvss":7.5,"ports":[80,443],"summary":"Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.","verified":false},"CVE-2013-2765":{"cvss":5.0,"ports":[80,443],"summary":"The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.","verified":false},"CVE-2013-0942":{"cvss":4.3,"ports":[80,443],"summary":"Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","verified":false},"CVE-2013-0941":{"cvss":2.1,"ports":[80,443],"summary":"EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.","verified":false},"CVE-2012-6708":{"cvss":4.3,"ports":[443],"summary":"jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.","verified":false},"CVE-2012-4360":{"cvss":4.3,"ports":[80,443],"summary":"Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","verified":false},"CVE-2012-4001":{"cvss":5.0,"ports":[80,443],"summary":"The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.","verified":false},"CVE-2012-3526":{"cvss":5.0,"ports":[80,443],"summary":"The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.","verified":false},"CVE-2011-2688":{"cvss":7.5,"ports":[80,443],"summary":"SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.","verified":false},"CVE-2011-1176":{"cvss":4.3,"ports":[80,443],"summary":"The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.","verified":false},"CVE-2009-2299":{"cvss":5.0,"ports":[80,443],"summary":"The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.","verified":false},"CVE-2009-0796":{"cvss":2.6,"ports":[80,443],"summary":"Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.","verified":false},"CVE-2007-4723":{"cvss":7.5,"ports":[80,443],"summary":"Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a \"/...../\" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.","verified":false},"CVE-2006-20001":{"cvss":0,"ports":[80,443],"summary":"A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.\n\nThis issue affects Apache HTTP Server 2.4.54 and earlier.\n","verified":false}}; setupBannerCve(); setupVulns(VULNS); })();