Port(s) |
Protocol |
Service |
Scan level |
Description |
593 |
tcp |
|
Members scan |
MS Security Bulletin [MS03-026] outlines a critical Buffer Overrun RPC vulnerability that can be exploited via ports 135, 139, 445, 593 (or any other specifically configured RPC port). You should filter the above mentioned ports at the firewall level and not allow RPC over an unsecure network, such as the Internet. |
1338 |
tcp |
|
Premium scan |
Millenium Worm, affects Unix/Linux. |
511 |
tcp |
|
Premium scan |
Part of rootkit t0rn, a program called "leeto's socket daemon" runs at this port. |
0 |
tcp,udp |
|
not scanned |
Port 0 is reserved by IANA, it is technically invalid to use, but possible. It is sometimes used to fingerprint machines, because different operating systems respond to this port in different ways. Some ISPs may block it because of exploits. Port 0 can be used by applications when calling the bind() command to request the next available dynamically allocated source port number. |
3872 |
tcp |
|
not scanned |
Oracle Management Remote Agent |
1526 |
tcp |
|
not scanned |
Oracle database common alternative for listener |
7308 |
tcp |
|
Premium scan |
NetMonitor trojan (a.k.a. NetSpy, NTMonitor, BackDoor-E.srv., Backdoor.Netspy, Backdoor.NetMonitor) |
1700 |
tcp |
|
Premium scan |
Fortinet FortiGate uses the following ports (in addition to standard ports 53, 80, 443):
514 tcp - FortiAP logging and reporting
541 tcp, 542 tcp - FortiGuard management
703 tcp/udp. 730 udp - FortiGate heartbeat
1000 tcp, 1003 tcp - policy override keepalive
1700 tcp - FortiAuthenticator RADIUS disconnect
5246 udp - FortiAP-S event logs
8000, 8001 tcp - FortiClient SSO mobility agent
8008, 8010 tcp - policy override authentication
8013 tcp - FortiClient v.5.4
8014 tcp - Forticlient v.6
8890 tcp - AV/IPS updates, management, firmware
9443 udp - AV/IPS
9582 tcp - FortiGuard Cloud App DB (flow.fortinet.net)
Rux.Tick trojan horse |
28 |
tcp |
|
Premium scan |
Palo Alto Networks Panorama HA (High Availability) uses these ports:
28/tcp - HA1 control link for SSH over TCP encrypted communication
28260/tcp, 28769/tcp - used for HA1 control link for clear text communication between HA peer firewalls
28770/tcp - Panorama HA1 backup sync port
28771/tcp - heartbeat backups
29781/udp - HA2 link to synchronize sessions, table forwarding, IPSec, ARP tables
AltaVista Firewall97 accepts connections on ports 26,27,28 and 29, this can be used to fingerprint the type of firewall in use.
Amanda trojan uses port 28/tcp. |
9117 |
tcp |
|
Premium scan |
Jackett (Linux proxy server for http query translations) uses port 9117 by default
Massaker trojan [Symantec-2003-011614-4100-99] |
8889 |
tcp |
|
Premium scan |
Siemens Polarion ALM, NeterraProxy (Netera IPTV Proxy), MAMP Server, Earthland Relams 2 Server (AU1_1)
Games using this port: Command & Conquer Theater of War, Blitzkrieg (TCP/UDP)
W32.Axatak [Symantec-2002-082217-5638-99] - password stealing virus with remote access trojan capabilities. Affects all current Windows versions, uses ports 8888 and 8889.
3Com NBX V3000 could allow a remote attacker to gain unauthorized access to the device using an open port. Port 8889 is open by default and provides access to the VxWorks WDB debug service (wdbrpc). An attacker could connect to this port to obtain sensitive information.
References: [XFDB-84786]
Google Chrome OS could allow a local attacker to execute arbitrary commands on the system, caused by improper access control in the garcon service control. By sending specially-crafted arguments to TCP port 8889, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
References: [XFDB-149836], [EDB-45407]
ddi-tcp-1 NewsEDGE server (IANA official) |
41014 |
tcp |
|
not scanned |
The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port).
References: [CVE-2012-2607] |
61460 |
tcp |
|
not scanned |
An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382.
References: [CVE-2012-3074] |
5492 |
tcp,udp |
|
not scanned |
Soti Pocket Controller-Professional 5.0 allows remote attackers to turn off, reboot, or hard reset a PDA via a series of initialization, command, and reset packets sent to port 5492.
References: [CVE-2005-4152] [BID-15775] [SECUNIA-17966] |
9833 |
udp |
|
not scanned |
Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext.
References: [CVE-2002-0949] [BID-4946] |
9099 |
tcp |
|
not scanned |
HP Laserjet printers with JetDirect cards, when configured with TCP/IP, allow remote attackers to bypass print filters by directly sending PostScript documents to TCP ports 9099 and 9100.
References: [CVE-1999-1062] |
7074 |
tcp,udp |
|
not scanned |
Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or (2) %2E%2E (encoded dot dot) in the default URI to port 7074 on the Update Server.
References: [CVE-2014-5350]
|
51410 |
tcp |
|
not scanned |
VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response.
References: [CVE-2014-9577] |
4750 |
tcp |
|
not scanned |
BladeLogic Agent
QlikView (Business Intelligence software)
Simple Service Auto Discovery (IANA official) |
34100 |
tcp,udp |
|
not scanned |
The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a crafted pid, pwd, or usr key in a GET request on port 34100.
References: [CVE-2018-12640]
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.
References: [CVE-2018-11560] |
32633 |
tcp |
|
not scanned |
Microsoft Edge Console |
50050 |
tcp |
|
not scanned |
Cobalt Strike (network security assessment tool) default port. See: www.cobaltstrike.com/help-setup-collaboration |
15998 |
udp |
2ping |
not scanned |
IANA registered for: 2ping Bi-Directional Ping Service |
2323 |
tcp,udp |
3d-nfsd |
not scanned |
Often used as alternate telnet port instead of 23 TCP
Philips TVs based on jointSPACE use port 2323 TCP
Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to the device via telnet. The telnet service is running on port 2323; it cannot be turned off and the credentials cannot be changed.
References: [CVE-2019-12327], [XFDB-164224]
IANA registered for: 3d-nfsd |
48049 |
tcp,udp |
3gpp |
not scanned |
3GPP Cell Broadcast Service Protocol |
8809 |
udp |
3gpp-monp |
not scanned |
IANA registered for: MCPTT Off-Network Protocol (MONP) |
37472 |
sctp |
3gpp-w1ap |
not scanned |
IANA registered for: W1 signalling transport |
1550 |
tcp,udp |
3m-image-lm |
not scanned |
Gadu-Gadu (direct client-to-client)
IANA registered for: Image Storage license manager 3M Company |
8550 |
tcp,udp |
4psa |
not scanned |
Primary/Master 4PSA DNS Manager server - http://www.4psa.com/
Port is used for master/slave connection between servers, also uses ports 53 and 953 tcp/udp. |
23294 |
tcp |
5afe-dir |
not scanned |
IANA registered for: 5AFE SDN Directory |
23294 |
udp |
5afe-disc |
not scanned |
IANA registered for: 5AFE SDN Directory discovery |
1027 |
udp |
6a44 |
not scanned |
IPv6 behind IPv4-to-IPv4 NAT Customer Premises Equipment CPEs [IESG] (IANA official) [RFC 6751] |
13832 |
tcp |
a-trust-rpc |
not scanned |
Certificate Management and Issuing (IANA official) |
4598 |
tcp,udp |
a16-an-an |
not scanned |
A16 (AN-AN) |
4599 |
tcp,udp |
a17-an-an |
not scanned |
A17 (AN-AN) |
4502 |
tcp |
a25-fap-fgw |
not scanned |
Multiple Cogent products are vulnerable to a denial of service, caused by a NULL pointer dereference when handling formatted text commands. By sending a specially-crafted command containing a backslash to TCP ports 4502 or 4503, a remote attacker could exploit this vulnerability to cause the application to crash.
References: [XFDB-83280], [BID-58910]
A25 (FAP-FGW) [ThreeGPP2] (SCTP, IANA official) |
28119 |
udp |
a27-ran-ran |
not scanned |
A27 cdma2000 RAN Management [ThreeGPP2] (IANA official) |
3655 |
tcp,udp |
abatemgr |
not scanned |
ActiveBatch Exec Agent (IANA official) |
10020 |
tcp |
abb-hw |
not scanned |
IANA registered for: Hardware configuration and maintenance |
674 |
tcp |
ACAP |
Premium scan |
ACAP -- Application Configuration Access Protocol
References: RFC2244, RFC2595, RFC2636 |
62 |
tcp,udp |
acas |
not scanned |
ACA Services (IANA official) |
1182 |
tcp |
accelenet |
not scanned |
IANA registered for: AcceleNet Control |
1182 |
udp |
accelenet-data |
not scanned |
Heroes of Might and Magic IV
IANA registered for: AcceleNet Data |
888 |
tcp,udp |
accessbuilder |
not scanned |
Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932.
References: [CVE-2022-28381]
AccessBuilder (IANA official) |
6868 |
udp |
acctopus-st |
not scanned |
Acctopus Status |
187 |
tcp,udp |
aci |
not scanned |
Application Communication Interface (IANA official) |
774 |
udp |
acmaint-dbd |
not scanned |
Acmaint_dbd (IANA official) |
775 |
udp |
acmaint-transd |
not scanned |
Acmaint_transd (IANA official) |
6969 |
tcp |
acmsoda |
Members scan |
BitTorrent tracker
Backdoor.Assasin.D trojan - opens a backdoor on one of the following ports: 5695,6595,6969,27589. Backdoor.Assasin opens port 27589, Backdoor.Assasin.B opens port 6969, Backdoor.Assasin.C opens port 6595, and Backdoor.Assasin.D opens port 5695 to listen for commands from the attacker.
Other trojans that use this port: GateCrasher, IRC 3/IRC Hack, Net Controller, Priority, Danton, 2000Cracks.
Backdoor.Win32.BlueAdept.02.a / Remote Buffer Overflow - the malware listens on TCP port 6969, after connecting to the infected host TCP ports 6970, 6971 are then opened. The newly opened port 6970 is vulnerable allowing third party attackers who can reach an infected host ability to trigger a buffer overflow overwriting EAX, ECX and EDX registers.
References: [MVID-2021-0408]
Backdoor.Win32.Destrukor.20 / Authentication Bypass - the malware listens on TCP port 6969. However, after sending a specific cmd "rozmiar" the backdoor returns "moznasciagac" in Polish "you can download" and port 21 opens. Third-party attackers who can reach infected systems can logon using any username/password combination. Intruders may then upload executables using ftp PASV, STOR commands, this can result in remote code execution.
References: [MVID-2022-0626]
Backdoor.Win32.Destrukor.20 / Unauthenticated Remote Command Execution - the malware listens on TCP port 6969. Third-party adversaries who can reach infected hosts can run commands made available by the backdoor. Remote attackers can read anything the victim types by starting the remote key log command "key_on". Some commands in Polish include "podglad", "dyski", "procesy", "wywiad", "rej_klucze1", "offserver" and many others.
References: [MVID-2022-0627]
acmsoda (IANA official) (TCP/UDP) |
6801 |
tcp,udp |
acnet |
not scanned |
Net2Phone CommCenter
ACNET Control System Protocol (IANA official) |
3823 |
tcp,udp |
acp-conduit |
not scanned |
Compute Pool Conduit |
3822 |
tcp,udp |
acp-discovery |
not scanned |
Compute Pool Discovery |
3824 |
tcp,udp |
acp-policy |
not scanned |
Compute Pool Policy |
7509 |
tcp |
acplt |
not scanned |
IANA registered for: ACPLT - process automation service |
44445 |
tcp |
acronis-backup |
not scanned |
Acronis Backup Gateway service port (IANA registered)
Malware: W32.Kibuv |
5103 |
tcp |
actifio-c2c |
not scanned |
IANA registered for: Actifio C2C |
61616 |
tcp,udp |
activemq |
not scanned |
Apache ActiveMQ, Java Message Service (JMS)
Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port (1) 61615 or (2) 61616, aka Bug ID CSCtz90114.
References: [CVE-2013-3389] |
64320 |
tcp,udp |
activepdf |
not scanned |
Port used by ActivePDF software - automates PDF generation process from different sources, such as a website
ActivePDF WebGrabber - port 64320
ActivePDF Server - port 53535
ActivePDF DocConverter - port 53540 and port 53541 |
53535,53540,53541 |
tcp,udp |
activepdf |
not scanned |
ESET Live Grid, Antispam and Web Control
ActivePDF software - automates PDF generation process from different sources, such as a website
ActivePDF WebGrabber - port 64320
ActivePDF Server - port 53535
ActivePDF DocConverter - port 53540 and port 53541 |
6350 |
tcp,udp |
adap |
not scanned |
App Discovery and Access Protocol |
34570 |
udp |
adaptec |
not scanned |
Adaptec Storage Manager |
7508 |
tcp |
adcp |
not scanned |
Automation Device Configuration Protocol [Festo AG] (IANA official) |
8800 |
tcp |
address book |
not scanned |
Apple Address Book (Mac OS X Server v10.6 and later)
Sun Java System Web Server could allow a remote attacker to execute arbitrary code on the system, caused by a format string error in the WebDAV functionality. By sending a specially-crafted HTTP request on TCP port 8800 containing malicious format specifiers, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the webservd process to crash.
References: [XFDB-55812], [BID-37910] |
7935 |
tcp |
adobe |
not scanned |
Fixed port used for Adobe Flash Debug Player to communicate with a debugger (Flash IDE, Flex Builder or fdb). |
3703 |
tcp,udp |
adobeserver-3 |
not scanned |
Adobe Server 3 |
3704 |
tcp,udp |
adobeserver-4 |
not scanned |
Adobe Server 4 |
3705 |
tcp,udp |
adobeserver-5 |
not scanned |
Adobe Server 5 |
5913 |
sctp |
ads-c |
not scanned |
Automatic Dependent Surveillance (IANA official) |
149 |
tcp,udp |
aed-512 |
not scanned |
AED 512 Emulation Service (IANA official) |
8060 |
udp |
aero |
not scanned |
Asymmetric Extended Route Optimization (AERO) [IESG] [RFC 6706] (IANA official) |
7107 |
udp |
aes-x170 |
not scanned |
IANA registered for: AES-X170 |
8202 |
udp |
aesop |
not scanned |
Audio+Ethernet Standard Open Protocol [POWERSOFT SRL] (IANA official) |
4362 |
udp |
afore-vdp-disc |
not scanned |
IANA registered for: AFORE vNode Discovery protocol |
548 |
tcp |
afpovertcp |
not scanned |
AppleShare, Personal File Sharing, Apple File Service
ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allows remote attackers to cause a denial of service (daemon crash) via an invalid UAM field in a request to the Apple Filing Protocol (AFP) service on TCP port 548.
References: [CVE-2008-0759], [BID-27718]
Novell Netware is vulnerable to a denial of service, caused by a NULL pointer dereference in the AFPTCP.nlm module. By sending a specially-crafted AFP request to TCP port 548, a remote attacker could exploit this vulnerability to cause the application to crash.
References: [CVE-2010-0317], [XFDB-55389], [BID-37616], [OSVDB-61604] |
7000 |
tcp |
afs-fileserver |
Members scan |
AFS fileserver, Command and Conquer Renegade, Avira Server Management Console, Rumble Fighter (TCP/UDP)
Default for Vuze's built in HTTPS Bittorrent Tracker.
The game Aliens vs Predator 2 uses ports 7000-10000 (TCP).
W32.Gaobot.BQJ [Symantec-2004-110816-5549-99] (2004.11.08) - network-aware worm taht opens a backdoor and can be controlled via IRC. It can affect all current Windows versions. Connects to an IRC server on port 7000/tcp.
W32.Mydoom.BQ@mm [Symantec-2005-050910-1159-99] (2005.05.09) - mass-mailing worm with backdoor capabilities, that uses its own SMTP engine. It communicates with an IRC server and listens for remote commands on port 7000/tcp.
W32.Mytob.GC@mm [Symantec-2005-062415-4022-99] (2005.06.24) - mass-mailing worm that opens a backdoor on port 7000/tcp.
Some older trojan horses/backdoors that also use this port: Exploit Translation Server, Kazimas, Remote Grab, SubSeven, BackDoor-G
The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted packets to TCP port 7000, aka Bug ID CSCui67394.
References: [CVE-2014-0719], [BID-65667], [XFDB-91195] |
7001 |
tcp,udp |
afs3-callback |
Premium scan |
Callback To Cache Manager, MSN Messenger, Avira Server Management Console
Default for BEA WebLogic Server's HTTP server, though often changed during installation (TCP).
Command and Conquer Renegade also uses this port (TCP).
Trojans that use this port: Freak2k, Freak88, NetSnooper Gold.
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.
References: [CVE-2015-4852] |
7006 |
tcp,udp |
afs3-errors |
not scanned |
RealAudio, Error interpretation service, BMC Software CONTROL-M/Server and CONTROL-M/AgentServer-to-Agent, City of Heroes, City of Villains
Trojan.JBosser opens command and control communication on port 7006. |
7004 |
tcp,udp |
afs3-kaserver |
not scanned |
AFS/Kerberos authentication service, City of Heroes, City of Villains, RealAudio |
7002 |
tcp,udp |
afs3-pserver |
not scanned |
users & groups database
Default for BEA WebLogic Server's HTTP server, though often changed during installation (TCP).
Command and Conquer Renegade also uses this port (TCP). |
7003 |
tcp,udp |
afs3-vlserver |
not scanned |
Volume location database, City of Heroes, City of Villains, RealAudio
MA Lighting Technology grandMA onPC is vulnerable to a denial of service, caused by an error when processing socket connection negotiation. By sending a single malicious packet to TCP port 7003, an attacker could exploit this vulnerability to cause the device to crash.
References: [BID-66645], [XFDB-92300] |
7005 |
tcp,udp |
afs3-volser |
not scanned |
VMware vCenter Single Sign On base shutdown port.
Volume management server
RealAudio
BMC Control-M/Server
BMC Control-M/Agent
Oracle HTTP
Games: City of Heroes, City of Villains |
5904 |
tcp,udp,sctp |
ag-swim |
not scanned |
Air-Ground SWIM (IANA official) |
705 |
tcp |
agentx |
not scanned |
RealNetworks Helix Server is vulnerable to a denial of service, caused by an error in the SNMP Master Agent process (master.exe). By establishing and immediately closing a TCP connection on port 705, a remote attacker could exploit this vulnerability to cause the service to terminate.
References: [XFDB-74674], [BID-52929]
An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of specific traffic may lead to a partial Denial of Service (DoS) as the CPU utilization of the RE is significantly increased. The SNMP Agent Extensibility (agentx) process should only be listening to TCP port 705 on the internal routing instance. External connections destined to port 705 should not be allowed. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R2. Juniper Networks Junos OS Evolved versions prior to 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 13.2R1.
References: [CVE-2021-0291]
IANA registered for: AgentX |
5909 |
tcp,udp,sctp |
agma |
not scanned |
Air-ground media advisory (IANA official) |
2070 |
tcp,udp |
ah-esp-encap |
not scanned |
In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system.
References: [CVE-2019-16758]
IANA registered for: AH and ESP Encapsulated in UDP packet |
21221 |
tcp |
aigairserver |
not scanned |
IANA registered for: Services for Air Server |
17555 |
tcp |
ailith |
not scanned |
Ailith management of routers (IANA official) |
5190 |
tcp,udp |
aim |
Members scan |
ICQ, AIM (AOL Instant Messenger), Apple iChat
Malicious services using this port: MBomber, W32.hllw.anig
AOL Instant Messenger (AIM) allows remote attackers to steal files that are being transferred to other clients by connecting to port 4443 (Direct Connection) or port 5190 (file transfer) before the intended user.
References: [CVE-2002-0592], [BID-4574]
Trojan.Kalshi [Symantec-2003-100916-2311-99] (2003.10.10) - a trojan program that is designed to allow spammers to anonymously send email spam via a compromised system. The trojan may install a rootkit (MCID 1300) to obscure its activities.
W32.HLLW.Anig [Symantec-2004-012912-1745-99] (2004.01.28) - a worm that propagates over network shares. The worm also contains a keylogger and backdoor component. |
5191 |
tcp,udp |
aim |
not scanned |
ICQ, AIM (AOL Instant Messenger) |
5192 |
tcp,udp |
aim |
not scanned |
ICQ, AIM (AOL Instant Messenger) |
5193 |
tcp,udp |
aim |
not scanned |
ICQ, AIM (AOL Instant Messenger) |
1481 |
tcp,udp |
airs |
not scanned |
AIRS data interchange |
4804 |
udp |
aja-ntv4-disc |
not scanned |
AJA ntv4 Video System Discovery
Vertica (big data analytics platform) uses the following ports:
22 TCP sshd admin tools and management console
4803 TCP/UDP - Spread client connections
4804 UDP - Spread daemon connections
5433 TCP - Vertica client (vsql, ODBC, JDBC, etc) port
5433 UDP - Vertica spread monitoring
5434 TCP - Vertica intra- and inter-cluster communication
5444 TCP - Vertica management console
5450 TCP - Vertica management console
6543 UDP - Spread monitor to daemon connection |
8007 |
tcp |
ajp12 |
not scanned |
Apache JServ Protocol v12
Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
References: [CVE-2005-0808], [BID-12795]
IANA registered for: I/O oriented cluster computing software (TCP/UDP) |
16003 |
udp |
alfin |
not scanned |
IANA registered for: Automation and Control by REGULACE.ORG |
9956 |
udp |
alljoyn |
not scanned |
Alljoyn Name Service [Qualcomm Innovation Center] (IANA official) |
9955 |
udp |
alljoyn-mcm |
not scanned |
Contact Port for AllJoyn multiplexed constrained messages [Qualcomm Innovation Center] (IANA official) |
9955 |
tcp |
alljoyn-stm |
not scanned |
Contact Port for AllJoyn standard messaging [Qualcomm Innovation Center] (IANA official) |
8888 |
tcp |
althttpd |
Members scan |
Used by some applications as an alt http port.
Applications using this port:
AirDroid
Freenet nodes
FortiNet's enterprise UTM client software
MAMP on macOS default Apache port
GNUmp3d HTTP music streaming and Web interface
LoLo Catcher HTTP web interface (www.optiform.com)
SimpleCam v2.0
Sun Answerbook HTTP server
Winpower Manager for UPS (internal server)
HyperVM HTTPS
D2GS Admin Console Telnet administration console for D2GS servers (Diablo 2)
Earthland Relams 2 Server (AU1_2)
NewsEDGE server (IANA official)
Games using port 8888:
Evil Islands
Heroes of Might and Magic 5
Splinter Cell (Chaos Theory, Double Agent, Pandora Tomorrow)
Ultima Online
Vulnerabilities/Malware:
Napster
W32.Axatak
Dark IRC (trojan)
W32.Axatak [Symantec-2002-082217-5638-99] - password stealing virus with remote access trojan capabilities. Affects all current Windows versions, uses ports 8888 and 8889.
Autodesk VRED Professional 2014 contains an unauthenticated remote code execution vulnerability. Autodesk VRED Professional 2014 contains an integrated web server that binds to port tcp/8888 which is accessible remotely. It has been reported that this web server gives access to a Python API which provides users with a vast amount of libraries which could allow an attacker to execute operating system commands. Through this API, Python code can be executed on the target system, the output is returned in the web server response. By importing the Python "os" library, arbitrary operating system commands can be executed on the target system with the privileges of the user running VRED Professional 2014.
References: [CVE-2014-2967]
An issue was discovered in CloudMe 1.11.0. An unauthenticated local attacker that can connect to the "CloudMe Sync" client application listening on 127.0.0.1 port 8888 can send a malicious payload causing a buffer overflow condition. This will result in code execution, as demonstrated by a TCP reverse shell, or a crash. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-6892.
References: [CVE-2018-7886], [EDB-44470]
A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888.
References: [CVE-2019-7678]
XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888.
References: [CVE-2019-7677]
A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account.
References: [CVE-2019-7676] |
50200 |
tcp,udp |
altiris-wol |
not scanned |
Symantec Altiris Notification and Task Server WOL magic packets use this port.
libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201.
References: [CVE-2022-32985] |