Every vulnerability is mapped to a vulnerability category. This includes vulnerabilities, potential vulnerabilities and information gathered checks. There are currently 30 vulnerability categories available in the KnowledgeBase and new categories are added frequently. Some vulnerability categories are platform-specific (for example Debian and SUSE) while others are more general (for example Database and Firewall).
When vulnerability categories were first introduced in the product, most of the vulnerabilities in the KnowledgeBase were remote detections which were initially mapped to general categories like Database, Mail Services and Firewall. When authenticated scanning functionality was introduced, several platform-specific vulnerabilities were added to the KnowledgeBase and platform-specific categories were created to coincide with these new detections.
There is a one-to-one association between a vulnerability and a vulnerability category. When a vulnerability matches multiple categories, the service determines which category is the best match and assigns the vulnerability to that category.
See vulnerability category descriptions and examples below.
A | B | C | D | E | F | G | H
| I | J | K | L | M
| N | O | P | Q | R | S | T | U
| V | W | X | Y | Z
This category consists of QIDs that detect malicious programs that appear to perform a desirable function for the user but instead facilitates unauthorized access to the user’s computer system. Usually the malicious code bypasses normal authentication, securing remote access to the target computer, obtaining sensitive information while attempting to remain undetected.
QID |
TITLE |
1000 |
Potential UDP Backdoor |
1001 |
"Back Orifice" Backdoor |
1002 |
"GirlFriend" Backdoor |
1004 |
Potential TCP Backdoor |
1005 |
"Deep Throat" (Version 1) Backdoor |
This category consists of QIDs that detect applications that are vulnerable to brute force attacks. Brute force attacks usually involve traversing the search space of possible keys until the correct key is found.
QID |
TITLE |
5000 |
FireWall-1 Login Access Enabled |
5001 |
Discovery of Unix Account Names Vulnerability |
5002 |
iPlanet Netscape Messaging Server POP E-mail Address Verification Vulnerability |
5003 |
iPlanet Netscape Messaging Server IMAP E-mail Address Verification Vulnerability |
5004 |
CommuniGate Pro E-mail Address VerificationVulnerability |
5005 |
NetBIOS Brute Force of Accounts |
This category consists of QIDs that detect vulnerabilities or gather information in CGI web applications.
QID |
TITLE |
10000 |
phf CGI Vulnerability |
10001 |
campas CGI Vulnerability |
10002 |
Finger CGI Present |
10003 |
PHP Buffer Overflow |
10004 |
htmlscript CGI Directory Traversal Vulnerability |
This category consists of QIDs that detect vulnerabilities or gather information in domain name servers and their implementations like BIND.
QID |
TITLE |
15001 |
Named Daemon Version Number Disclosure Vulnerability |
15005 |
ISC BIND NXT Buffer Overflow (NXT bug) Vulnerability |
15006 |
ISC BIND Name Server Denial of Service Vulnerability |
15007 |
ISC BIND 8.2.2 Domain Cache Denial of Service Vulnerability |
15008 |
Multiple Vendor ISC BIND Denial of Service (zxfr bug) Vulnerability |
This category consists of QIDs that detect vulnerabilities or gather information in various databases.
QID |
TITLE |
19001 |
Microsoft SQL Weak Database Password |
19002 |
Guessed Oracle Database Name |
19003 |
Default Oracle Login(s) Found |
19004 |
PostgreSQL Database Default Account Vulnerability |
19005 |
Oracle Listener Log File Can Be Renamed Without Authentication |
This is a platform-specific category for all vulnerabilities and informational checks that belong to Debian.
QID |
TITLE |
175000 |
Debian Security Update for Wget (DSA-1904) |
175001 |
Debian Security Update for Samba (DSA-1908) |
175002 |
Debian Security Update for Ipplan (DSA-1827) |
175003 |
Debian Security Update for Linux (DSA-1872) |
175004 |
Debian Security Update for Linux (DSA-1929) |
This category consists of QIDs that detect vulnerabilities or gather information in web application systems that are related to e-commerce.
QID |
TITLE |
23000 |
Cart32 expdate Administrative Information Disclosure Vulnerability |
23001 |
Multiple Vendor Web Shopping Cart Hidden Form Field Vulnerability |
23002 |
Carey Internet Services Commerce.cgi Directory Traversal Vulnerability |
23003 |
SmartWin CyberOffice Shopping Cart 2.0 Client Information Disclosure Vulnerability |
23004 |
Smartwin Technology CyberOffice Shopping Cart 2.0 Price Modification Vulnerability |
This category consists of QIDs that detect vulnerabilities or gather information in various file transfer protocol systems.
QID |
TITLE |
27000 |
Accessible Anonymous FTP Server |
27001 |
Anonymous Access to FTP with a Blank Password Allowed |
27002 |
Writeable Root Directory on FTP Server |
27003 |
STAT FTP Command Information Disclosure Vulnerability |
27005 |
World Readable and Writeable Directory on Anonymous FTP |
This category consists of QIDs that detect vulnerabilities or gather information in implementations of RFC1196 that provide an interface to the 'finger' program at most network sites.
QID |
TITLE |
31000 |
Finger 0@" Information about Logged Users Disclosure Vulnerability |
31001 |
"Finger .@" Information about Logged Users Disclosure Vulnerability |
31002 |
Finger Daemon Accepts Forwarding of Requests |
31003 |
Finger Service Discloses Logged Users |
31004 |
FreeBSD fingerd File Disclosure Vulnerability |
31005 |
Cfinger 1.2.2 and 1.3.2 User Listing |
This category consists of QIDs that detect vulnerabilities or gather information in various firewall products.
QID |
TITLE |
34000 |
TCP Source Port Pass Firewall |
34001 |
Novell BorderManager Denial of Service Vulnerability |
34002 |
FireWall-1 Administration Ports |
34003 |
Check Point FireWall-1 Name Disclosure |
34004 |
FireWall-1 Client Authentication Enabled |
This category consists of QIDs that detect vulnerabilities or gather information that could be useful in computer forensics.
QID |
TITLE |
125000 |
Kernel Routing Tables Information |
125001 |
RPC Portmapper Information |
125002 |
Network Filesystem (NFS) Exports Information |
125003 |
Network Information Service (NIS) Information |
125004 |
Host File Information |
This category consists of QIDs that detect vulnerabilities or gather information in services or daemons.
QID |
TITLE |
38000 |
"Systat" Service Open |
38001 |
"Netstat" Service Open |
38002 |
UDP Test-Services |
38003 |
TCP Test-Services |
38004 |
WircSrv MOTD Read Vulnerability |
38005 |
GAMSoft Telsrv DoS Vulnerability |
This category consists of QIDs that detect vulnerabilities or gather information in hardware related protocols or hardware appliances.
QID |
TITLE |
43000 |
RIP Protocol Address Disclosure Vulnerability |
43001 |
Cisco Catalyst 3500 XL Remote Arbitrary Command Execution Vulnerability |
43002 |
Nortel Contivity Denial of Service and File Viewing Vulnerabilities |
43003 |
Cisco IOS HTTP %% Vulnerability |
43004 |
Cisco Router Online Help Vulnerability |
43005 |
Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability |
This category consists of vulnerabilities that detect informational types of data. Please note that not all informational checks fall into this category.
QID |
TITLE |
45002 |
Global User List |
45003 |
Remote User List Disclosure Using NetBIOS |
45004 |
Target Network Information |
45005 |
Internet Service Provider |
This category consists of QIDs that detect vulnerabilities or gather information about Microsoft Internet Explorer.
QID |
TITLE |
100000 |
Microsoft Internet Explorer Multiple Object Type Vulnerabilities (MS03-040) |
100001 |
Microsoft Internet Explorer Multiple Vulnerabilities (MS03-032) |
100002 |
Microsoft Internet Explorer Multiple Vulnerabilities (MS03-020) |
100003 |
Microsoft Internet Explorer Cumulative Security Update Not Installed (MS03-048) |
100004 |
Microsoft Internet Explorer Cumulative Security Update Not Installed (MS04-004) |
This category consists of QIDs that detect vulnerabilities or gather information about vulnerabilities that can be exploited after getting local access to a box or vulnerabilities that need authenticated credentials to be detected.
QID |
TITLE |
115000 |
Red Hat tcpdump Malformed NFS Packet Buffer Overflow Vulnerability |
115001 |
Red Hat Gaim Jabber Plug-In Buffer Overflow Vulnerability |
115002 |
Red Hat Ghostscript PostScript File Arbitrary Command Execution Vulnerability |
115003 |
Red Hat XChat DNS Command Character Stripping EXECL Vulnerability |
115004 |
Red Hat GNU Mailman Pipermail Index Summary HTML Injection Vulnerability |
This category consists of QIDs that detect vulnerabilities or gather information about mail services.
QID |
TITLE |
50000 |
POP3 Banner |
50001 |
Qualcomm Qpopper POP3 Mail Service Buffer Overflow Vulnerability |
50002 |
Berolist Mailing List Manager Vulnerability |
50004 |
Avirt Rover POP Server Buffer Overflow Vulnerability |
50005 |
True North Software Internet Anywhere POP Server Buffer Overflow Vulnerability |
This category consists of QIDs that detect vulnerabilities or gather information about news services.
QID |
TITLE |
54000 |
InterNetNews Daemon (INND) News Server Buffer Overflow Vulnerability |
54001 |
InterNetNews Daemon (INND) 2.X News Server Buffer Overflow Vulnerability |
54002 |
Multiple Vendor INN Remote Vulnerability |
54003 |
ISC INN News Server Buffer Overflow Vulnerability |
54004 |
Atrium Software Cassandra NNTP Server 1.10 Buffer Overflow Vulnerability |
This is a platform-specific category for all vulnerabilities and informational checks that belong to Oracle Enterprise Linux (OEL).
QID |
TITLE |
155001 |
Oracle Enterprise Linux firefox Security Update (ELSA-2009-0256) |
155002 |
Oracle Enterprise Linux seamonkey Security Update (ELSA-2009-0257) |
155003 |
Oracle Enterprise Linux sudo Security Update (ELSA-2009-0267) |
155004 |
Oracle Enterprise Linux gstreamer-plugins-good Security Update (ELSA-2009-0271) |
155005 |
Oracle Enterprise Linux gstreamer-plugins Security Update (ELSA-2009-0270) |
This category consists of QIDs that detect vulnerabilities or gather information about various Office applications.
QID |
TITLE |
110000 |
Malformed Word Document Could Enable Macro to Run Automatically (MS01-034) |
110001 |
Microsoft Outlook Update 300550 is Missing |
110002 |
Microsoft Outlook Update 300551 is Missing |
110003 |
Microsoft Excel and PowerPoint Malformed Document Can Bypass Macro Security (MS01-050) |
110004 |
Microsoft Office XP SP1 Not Installed |
This category consists of user-created OVAL vulnerabilities. See Adding OVAL Vulnerabilities for information.
This category consists of QIDs that detect vulnerabilities or gather information in proxy servers. Typically a proxy server acts as an intermediary for requests from clients seeking resources from other servers.
QID |
TITLE |
62000 |
Wingate Bounce Misconfiguration |
62001 |
Socks Server |
62002 |
Unauthenticated/Open Web Proxy Detected |
62003 |
HTTP Proxy Supports non-HTTP Protocols |
62004 |
Proxy Allows Directory Traversal Vulnerability |
62005 |
TinyProxy buffer overflow vulnerability |
This category consists of QIDs that detect vulnerabilities or gather information about remote procedure call related applications.
QID |
TITLE |
66001 |
mountd NFS Service Buffer Overflow Vulnerability |
66002 |
NFS Exported Filesystems List Vulnerability |
66003 |
NFS Exported Directories Mountable by Unauthorized Users |
66004 |
ToolTalk Buffer Overflow Vulnerability |
This category consists of QIDs that detect vulnerabilities or gather information about security policies. These are generally informational types of checks that detect the presence of anti-virus or various other settings that could be pushed with a windows group policy.
QID |
TITLE |
105000 |
Sophos Antivirus Scanner Detected |
105001 |
McAfee Antivirus Scanner Detected |
105002 |
Kaspersky Antivirus Detected |
105003 |
Symantec Norton Antivirus Corporate Edition Detected |
105004 |
Trend Micro Antivirus Detected |
This category consists of QIDs that detect vulnerabilities or gather information about server message block or the netbios protocol.
QID |
TITLE |
70000 |
NetBIOS Name Accessible |
70001 |
NetBIOS Shared Folder List Available |
70002 |
NetBIOS Access to Shared Folders |
70003 |
Null Session/Password NetBIOS Access |
70004 |
NetBIOS Bindings Information |
This category consists of QIDs that detect vulnerabilities or gather information about SNMP-based applications.
QID |
TITLE |
78000 |
General information about this host |
78001 |
Interface list |
78002 |
IP addresses |
78003 |
Routing table |
78004 |
ARP table |
This is a platform-specific category for all vulnerabilities and informational checks that belong to SUSE Linux.
QID |
TITLE |
165000 |
SUSE Security Update for acroread (SUSE-SA:2007:011) |
165001 |
SUSE Security Update for Sun Java 5 and 6 (SUSE-SA:2009:016) |
165002 |
SUSE Security Update for krb5 (SUSE-SA:2009:019) |
165003 |
SUSE Security Update for Mozilla Firefox (SUSE-SA:2009:023) |
165005 |
SUSE Security Update for Mozilla Firefox (SUSE-SA:2009:012) |
This category consists of QIDs that detect vulnerabilities or gather information about protocols that fall under the generic TCP/IP protocol suite.
QID |
TITLE |
82001 |
ICMP Mask Reply |
82002 |
Host Responds to One ICMP Request Multiple Times (Smurf Variant) |
82003 |
ICMP Timestamp Request |
82004 |
Open UDP Services List |
82005 |
Predictable TCP Initial Sequence Numbers Vulnerability |
This is a platform-specific category for all vulnerabilities and informational checks that belong to Ubuntu Linux.
QID |
TITLE |
195002 |
Ubuntu Security Notification for Apache2 Vulnerabilities (USN-860-1) |
195003 |
Ubuntu Security Notification for Libvorbis Vulnerabilities (USN-861-1) |
195004 |
Ubuntu Security Notification for PHP5 Vulnerabilities (USN-862-1) |
195005 |
Ubuntu Security Notification for Qemu-kvm Vulnerability (USN-863-1) |
This category consists of web application vulnerabilities. See Web Application Vulnerabilities for information.
This category consists of QIDs that detect vulnerabilities or gather information about web servers.
QID |
TITLE |
86000 |
Web Server Version |
86001 |
SSL Web Server Version |
86002 |
SSL Certificate - Information |
86003 |
Microsoft IIS 4.0 Filter Extensions Buffer Overflow Vulnerability (MS99-019) |
86004 |
Enterprise Server "PageServices" File Disclosure Vulnerability |
This category consists of QIDs that detect vulnerabilities or gather information about Microsoft Windows.
QID |
TITLE |
90000 |
Microsoft Media Server Denial of Service Vulnerability |
90001 |
Microsoft NetMeeting Remote Desktop Sharing DoS Vulnerability (MS00-077) |
90002 |
Microsoft Windows Media Unicast Services DoS Vulnerability (MS00-064) |
90003 |
Microsoft Windows Media Services Severed Connection DoS Vulnerability (MS00-097) |
90005 |
Disabled Windows File Protection |
This category consists of QIDs that detect vulnerabilities or gather information about x-windows systems.
QID |
TITLE |
95000 |
Accessible X-Window Server |
95001 |
X-Window Sniffing |
95002 |
X Windows Font Server Denial of Service Vulnerability |
95003 |
X11 Banner |
95004 |
Sun Solaris fs.auto Remote Buffer Overrun Vulnerability |