I just went trough the second report I posted step by step and I noticed that Nessus reported the ports 6666 and 6667 to be webservers. These ports are usually used by IRC.
On port 6666 the webserver of the areca raid card is listening (although the card has its own onboard NIC so this is not needed by everyone).
On port 6667 you can configure some settings (without authentification(!) such as E-Mail alerts, SNMP traps and some general stuff (nothing that could harm the system but could be great for information gathering by people wanting to check your business - maybe some competitor is interested in how moch storage you have?)
And I do not see any switch to turn this off on the open-E GUI?! I would because as I said, the areca controllers I use have their own NIC for management..
Now I am thinking about disabling the NIC to the internet (I could re-enable it on the console when I need it using IPMI, right?).