diff --git a/scripts/http-vmware-path-vuln.nse b/scripts/http-vmware-path-vuln.nse
index ad65b8df4..62cf4168a 100644
--- a/scripts/http-vmware-path-vuln.nse
+++ b/scripts/http-vmware-path-vuln.nse
@@ -22,7 +22,7 @@ The vulnerability was originally released by Justin Morehouse and Tony Flick, wh
 
 author = "Ron Bowes"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"vuln", "safe", "default"}
+categories = {"vuln", "safe"}
 
 require "http"
 require "shortport"
diff --git a/scripts/http-vuln-cve2011-3192.nse b/scripts/http-vuln-cve2011-3192.nse
index 972270219..b926d3703 100644
--- a/scripts/http-vuln-cve2011-3192.nse
+++ b/scripts/http-vuln-cve2011-3192.nse
@@ -31,7 +31,7 @@ References:
 
 author = "Duarte Silva <duarte.silva@serializing.me>"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"vuln", "safe", "default"}
+categories = {"vuln", "safe"}
 
 require "shortport"
 require "http"
diff --git a/scripts/realvnc-auth-bypass.nse b/scripts/realvnc-auth-bypass.nse
index ffb3bda96..b5dada97f 100644
--- a/scripts/realvnc-auth-bypass.nse
+++ b/scripts/realvnc-auth-bypass.nse
@@ -11,7 +11,7 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 -- 5900/tcp open  vnc     VNC (protocol 3.8)
 -- |_realvnc-auth-bypass: Vulnerable
 
-categories = {"auth", "default", "vuln", "safe"}
+categories = {"auth", "default", "safe"}
 
 require "shortport"
 
diff --git a/scripts/script.db b/scripts/script.db
index 48c42e829..ae2035204 100644
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -97,8 +97,8 @@ Entry { filename = "http-title.nse", categories = { "default", "discovery", "saf
 Entry { filename = "http-trace.nse", categories = { "discovery", "safe", "vuln", } }
 Entry { filename = "http-userdir-enum.nse", categories = { "discovery", "intrusive", } }
 Entry { filename = "http-vhosts.nse", categories = { "discovery", "intrusive", } }
-Entry { filename = "http-vmware-path-vuln.nse", categories = { "default", "safe", "vuln", } }
-Entry { filename = "http-vuln-cve2011-3192.nse", categories = { "default", "safe", "vuln", } }
+Entry { filename = "http-vmware-path-vuln.nse", categories = { "safe", "vuln", } }
+Entry { filename = "http-vuln-cve2011-3192.nse", categories = { "safe", "vuln", } }
 Entry { filename = "http-waf-detect.nse", categories = { "discovery", "intrusive", } }
 Entry { filename = "http-wordpress-brute.nse", categories = { "auth", "intrusive", } }
 Entry { filename = "http-wp-enum.nse", categories = { "auth", "discovery", "intrusive", "vuln", } }
@@ -172,7 +172,7 @@ Entry { filename = "pop3-capabilities.nse", categories = { "default", "discovery
 Entry { filename = "pptp-version.nse", categories = { "version", } }
 Entry { filename = "qscan.nse", categories = { "discovery", "safe", } }
 Entry { filename = "quake3-master-getservers.nse", categories = { "default", "discovery", "safe", } }
-Entry { filename = "realvnc-auth-bypass.nse", categories = { "auth", "default", "safe", "vuln", } }
+Entry { filename = "realvnc-auth-bypass.nse", categories = { "auth", "default", "safe", } }
 Entry { filename = "resolveall.nse", categories = { "discovery", "safe", } }
 Entry { filename = "rmi-dumpregistry.nse", categories = { "default", "discovery", "safe", } }
 Entry { filename = "rpcinfo.nse", categories = { "default", "discovery", "safe", } }