PORT      STATE SERVICE         VERSION
80/tcp    open  http            Microsoft IIS httpd 10.0
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-server-header: Microsoft-IIS/10.0
| http-slowloris-check: 
|   VULNERABLE:
|   Slowloris DOS attack
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2007-6750
|       Slowloris tries to keep many connections to the target web server open and hold
|       them open as long as possible.  It accomplishes this by opening connections to
|       the target web server and sending a partial request. By doing so, it starves
|       the http server's resources causing Denial Of Service.
|       
|     Disclosure date: 2009-09-17
|     References:
|       http://ha.ckers.org/slowloris/
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
135/tcp   open  msrpc           Microsoft Windows RPC
139/tcp   open  netbios-ssn     Microsoft Windows netbios-ssn
445/tcp   open  microsoft-ds?
514/tcp   open  shell?
2000/tcp  open  cisco-sccp?
3000/tcp  open  ssl/http        Grafana http
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| http-slowloris-check: 
|   VULNERABLE:
|   Slowloris DOS attack
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2007-6750
|       Slowloris tries to keep many connections to the target web server open and hold
|       them open as long as possible.  It accomplishes this by opening connections to
|       the target web server and sending a partial request. By doing so, it starves
|       the http server's resources causing Denial Of Service.
|       
|     Disclosure date: 2009-09-17
|     References:
|       http://ha.ckers.org/slowloris/
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
| http-enum: 
|   /login/: Login page
|   /robots.txt: Robots file
|   /api/: Potentially interesting folder (401 Unauthorized)
|_  /api-docs/: Potentially interesting folder (401 Unauthorized)
3306/tcp  open  mysql           MySQL (blocked - too many connection errors)
3307/tcp  open  mysql           MariaDB 10.3.24 or later (unauthorized)
| vulners: 
|   MariaDB 10.3.24 or later: 
|     	PACKETSTORM:162177	9.0	https://vulners.com/packetstorm/PACKETSTORM:162177	*EXPLOIT*
|     	EDB-ID:49765	9.0	https://vulners.com/exploitdb/EDB-ID:49765	*EXPLOIT*
|     	CVE-2021-27928	9.0	https://vulners.com/cve/CVE-2021-27928
|     	CVE-2020-15180	9.0	https://vulners.com/cve/CVE-2020-15180
|     	BB888EE2-B352-529F-91F8-6EA5BA6E1DC7	9.0	https://vulners.com/githubexploit/BB888EE2-B352-529F-91F8-6EA5BA6E1DC7	*EXPLOIT*
|     	ADC11B61-18F7-5937-A880-2EA089532DD2	9.0	https://vulners.com/githubexploit/ADC11B61-18F7-5937-A880-2EA089532DD2	*EXPLOIT*
|     	6197722F-1A68-5649-98B9-835D23DEB2FA	9.0	https://vulners.com/githubexploit/6197722F-1A68-5649-98B9-835D23DEB2FA	*EXPLOIT*
|     	40675E99-5463-5FDD-AAA5-DD4A37DE8A2B	9.0	https://vulners.com/githubexploit/40675E99-5463-5FDD-AAA5-DD4A37DE8A2B	*EXPLOIT*
|     	CVE-2022-24052	7.8	https://vulners.com/cve/CVE-2022-24052
|     	CVE-2022-24051	7.8	https://vulners.com/cve/CVE-2022-24051
|     	CVE-2022-24050	7.8	https://vulners.com/cve/CVE-2022-24050
|     	CVE-2022-24048	7.8	https://vulners.com/cve/CVE-2022-24048
|     	CVE-2023-5157	7.5	https://vulners.com/cve/CVE-2023-5157
|     	CVE-2022-32091	7.5	https://vulners.com/cve/CVE-2022-32091
|     	CVE-2022-32088	7.5	https://vulners.com/cve/CVE-2022-32088
|     	CVE-2022-32087	7.5	https://vulners.com/cve/CVE-2022-32087
|     	CVE-2022-32085	7.5	https://vulners.com/cve/CVE-2022-32085
|     	CVE-2022-32084	7.5	https://vulners.com/cve/CVE-2022-32084
|     	CVE-2022-32083	7.5	https://vulners.com/cve/CVE-2022-32083
|     	CVE-2022-27456	7.5	https://vulners.com/cve/CVE-2022-27456
|     	CVE-2022-27452	7.5	https://vulners.com/cve/CVE-2022-27452
|     	CVE-2022-27449	7.5	https://vulners.com/cve/CVE-2022-27449
|     	CVE-2022-27448	7.5	https://vulners.com/cve/CVE-2022-27448
|     	CVE-2022-27447	7.5	https://vulners.com/cve/CVE-2022-27447
|     	CVE-2022-27445	7.5	https://vulners.com/cve/CVE-2022-27445
|     	CVE-2022-27387	7.5	https://vulners.com/cve/CVE-2022-27387
|     	CVE-2022-27386	7.5	https://vulners.com/cve/CVE-2022-27386
|     	CVE-2022-27385	7.5	https://vulners.com/cve/CVE-2022-27385
|     	CVE-2022-27384	7.5	https://vulners.com/cve/CVE-2022-27384
|     	CVE-2022-27383	7.5	https://vulners.com/cve/CVE-2022-27383
|     	CVE-2022-27381	7.5	https://vulners.com/cve/CVE-2022-27381
|     	CVE-2022-27380	7.5	https://vulners.com/cve/CVE-2022-27380
|     	CVE-2022-27379	7.5	https://vulners.com/cve/CVE-2022-27379
|     	CVE-2022-27378	7.5	https://vulners.com/cve/CVE-2022-27378
|     	CVE-2022-27377	7.5	https://vulners.com/cve/CVE-2022-27377
|     	CVE-2022-27376	7.5	https://vulners.com/cve/CVE-2022-27376
|     	CVE-2022-0778	7.5	https://vulners.com/cve/CVE-2022-0778
|     	CVE-2021-46669	7.5	https://vulners.com/cve/CVE-2021-46669
|     	CVE-2018-25032	7.5	https://vulners.com/cve/CVE-2018-25032
|     	658B3734-0DA9-5332-A307-23C1967D9C0A	7.5	https://vulners.com/githubexploit/658B3734-0DA9-5332-A307-23C1967D9C0A	*EXPLOIT*
|     	588C33E5-7CDF-5EC7-9294-74B308DC6535	7.5	https://vulners.com/githubexploit/588C33E5-7CDF-5EC7-9294-74B308DC6535	*EXPLOIT*
|     	0C866B2A-86E3-5C5A-AA62-622683A9A0DA	7.5	https://vulners.com/githubexploit/0C866B2A-86E3-5C5A-AA62-622683A9A0DA	*EXPLOIT*
|     	1337DAY-ID-36107	7.2	https://vulners.com/zdt/1337DAY-ID-36107	*EXPLOIT*
|     	CVE-2021-2389	7.1	https://vulners.com/cve/CVE-2021-2389
|     	CVE-2020-28912	7.0	https://vulners.com/cve/CVE-2020-28912
|     	CVE-2020-14812	6.8	https://vulners.com/cve/CVE-2020-14812
|     	CVE-2020-14765	6.8	https://vulners.com/cve/CVE-2020-14765
|     	CVE-2022-47015	6.5	https://vulners.com/cve/CVE-2022-47015
|     	CVE-2021-2022	6.3	https://vulners.com/cve/CVE-2021-2022
|     	CVE-2022-38791	5.5	https://vulners.com/cve/CVE-2022-38791
|     	CVE-2022-31624	5.5	https://vulners.com/cve/CVE-2022-31624
|     	CVE-2022-31623	5.5	https://vulners.com/cve/CVE-2022-31623
|     	CVE-2022-31622	5.5	https://vulners.com/cve/CVE-2022-31622
|     	CVE-2022-31621	5.5	https://vulners.com/cve/CVE-2022-31621
|     	CVE-2021-46668	5.5	https://vulners.com/cve/CVE-2021-46668
|     	CVE-2021-46667	5.5	https://vulners.com/cve/CVE-2021-46667
|     	CVE-2021-46666	5.5	https://vulners.com/cve/CVE-2021-46666
|     	CVE-2021-46665	5.5	https://vulners.com/cve/CVE-2021-46665
|     	CVE-2021-46664	5.5	https://vulners.com/cve/CVE-2021-46664
|     	CVE-2021-46662	5.5	https://vulners.com/cve/CVE-2021-46662
|     	CVE-2021-46661	5.5	https://vulners.com/cve/CVE-2021-46661
|     	CVE-2021-46659	5.5	https://vulners.com/cve/CVE-2021-46659
|     	CVE-2021-46658	5.5	https://vulners.com/cve/CVE-2021-46658
|     	CVE-2021-46657	5.5	https://vulners.com/cve/CVE-2021-46657
|     	CVE-2021-35604	5.5	https://vulners.com/cve/CVE-2021-35604
|     	CNVD-2022-65012	5.5	https://vulners.com/cnvd/CNVD-2022-65012
|     	CVE-2022-21427	4.9	https://vulners.com/cve/CVE-2022-21427
|     	CVE-2021-2194	4.9	https://vulners.com/cve/CVE-2021-2194
|     	CVE-2021-2166	4.9	https://vulners.com/cve/CVE-2021-2166
|     	CVE-2021-2154	4.9	https://vulners.com/cve/CVE-2021-2154
|     	CVE-2020-14789	4.9	https://vulners.com/cve/CVE-2020-14789
|     	CVE-2020-14776	4.9	https://vulners.com/cve/CVE-2020-14776
|     	CVE-2022-21595	4.4	https://vulners.com/cve/CVE-2022-21595
|     	CVE-2022-21451	4.4	https://vulners.com/cve/CVE-2022-21451
|_    	CVE-2021-2372	4.4	https://vulners.com/cve/CVE-2021-2372
3389/tcp  open  ms-wbt-server   Microsoft Terminal Services