This script determines if some default databases can be read remotely. An anonymous user can retrieve information from this Lotus Domino server: users, databases, configuration of servers (including operating system and hard disk partitioning), logs of access to users (which could expose sensitive data if GET html forms are used).. This issues are discussed in 'Lotus White Paper: A Guide to Developing Secure Domino Applications' (december 1999) http://www.lotus.com/developers/devbase.nsf/articles/doc1999112200
verify all the ACLs for these databases and remove those not needed # This really could be high if, for example some # sensitive data, but same databases do not give # much information. Make separate tests for each?
- Media Player Classic (MPC) Webserver Multiple Vulnerabilities
- JBoss Enterprise Application Platform Multiple Remote Vulnerabilities
- IBM WebSphere Application Server WS-Security Policy Unspecified vulnerability
- RDS / MDAC Vulnerability (msadcs.dll) located
- Apache Open For Business Weak Password security check