RELAYTO Endpoints Penetration Test Results (58/101)

Pass Dokeos main/inc/lib/events.lib.inc.php Referer HTTP Header SQL Injection CVE-2008-0850 19 Feb 2008 7.5 (v2) High Pass ProjectPier index.php Multiple Parameter XSS CVE-2008-5584 19 Feb 2008 4.3 (v2) Medium Pass Kerio MailServer < 6.5.0 Multiple Vulnerabilities CVE-2008-0858 CVE-2008-0859 CVE-2008-0860 20 Feb 2008 10 (v2) Critical Pass BEA Plumtree portal/ server.pt name Parameter XSS 20 Feb 2008 4.3 (v2) Medium Pass SAPlpd < 6.29 Multiple Vulnerabilities CVE-2008-0620 CVE-2008-0621 20 Feb 2008 10 (v2) Critical Pass SMPP Server Detection 21 Feb 2008 None Pass OSSIM Framework session/login.php dest Parameter XSS CVE-2008-0919 22 Feb 2008 4.3 (v2) Medium Pass Hosting Controller hosting/addreseller.asp reseller Parameter Authentication Bypass CVE-2007-6494 27 Feb 2008 7.5 (v2) High Pass Nukedit utilities/login.asp email Parameter SQL Injection CVE-2008-5582 27 Feb 2008 7.5 (v2) High Pass Centreon include/doc/get_image.php 'img' Parameter Traversal Arbitrary File Access CVE-2008-1119 28 Feb 2008 5 (v2) Medium Pass netO ffi ce Dwins demoSession Parameter Authentication Bypass CVE-2008-2044 04 Mar 2008 8.8 (v3) High Pass MediaWiki JSON Callback Crafted API Request Information Disclosure CVE-2008-1318 04 Mar 2008 4.3 (v2) Medium Pass StarTeam Server Detection 05 Mar 2008 None Pass Versant Connection Services Daemon Detection 10 Mar 2008 None Pass IBM WebSphere MQ Listener Detection 10 Mar 2008 None Pass RAPI Manager Detection 11 Mar 2008 None Pass Reverse NAT/Intercepting Proxy Detection 12 Mar 2008 None Pass KiSS PC-Link Server Detection (TCP) 14 Mar 2008 None Pass Dovecot passdbs Argument Injection Authentication Bypass CVE-2008-1218 14 Mar 2008 5.8 (v2) Medium Pass XOOPS Dictionary Module print.php id Parameter SQL Injection 19 Mar 2008 7.5 (v2) High Pass PHPAuction Multiple Script include_path Parameter File Inclusion CVE-2008-1416 19 Mar 2008 7.5 (v2) High Pass MDaemon IMAP Server FETCH Command Remote Bu ff er Over fl ow CVE-2008-1358 21 Mar 2008 9 (v2) High Pass DNN (DotNetNuke) Upgrade Process ValidationKey Generation Weakness Privilege Escalation CVE-2008-6540 25 Mar 2008 7.5 (v2) High Pass Acronis Agent Detection (TCP) 25 Mar 2008 None Pass Custom Pages for Joomla! 'cpage' Parameter Local File Include CVE-2008-1505 25 Mar 2008 7.3 (v3) High Pass my_gallery Plugin for e107 dload.php fi le Parameter Arbitrary File PHP Source Disclosure CVE-2008-1702 26 Mar 2008 5 (v2) Medium Pass XSTUNT Server Detection 26 Mar 2008 None Pass eggBlog _lib/user.php eb_login Function Cookie Handling SQL Injection CVE-2008-1626 01 Apr 2008 6.8 (v2) Medium Pass Site Sift Listings detail.php id Parameter SQL Injection CVE-2008-1869 08 Apr 2008 7.5 (v2) High Pass Coppermine Photo Gallery bridge/coppermine.inc.php Bridge Wizard Session Cookie SQL Injection CVE-2008-1841 14 Apr 2008 7.5 (v2) High Pass ActualAnalyzer Lite style Parameter Traversal Local File Inclusion CVE-2008-2076 02 May 2008 6.8 (v2) Medium Pass PHP < 5.2.6 Multiple Vulnerabilities CVE-2007-4850 CVE-2007-6039 CVE-2008-0599 CVE-2008-1384 CVE-2008-2050 CVE-2008-2051 02 May 2008 7.5 (v2) High Pass Webhosting Component for Joomla! 'catid' Parameter SQLi CVE-2008-6653 02 May 2008 7.3 (v3) High Pass SAP MaxDB Multiple Vulnerabilities CVE-2008-0244 CVE-2008-0306 CVE-2008-0307 09 May 2008 10 (v2) Critical Pass Firebird Default Credentials 14 May 2008 7.5 (v2) High Pass Firebird on Gentoo Linux /etc/conf.d/ fi rebird Invocation ISC_PASSWORD Authentication Bypass CVE-2008-1880 14 May 2008 7.5 (v2) High Pass DatsoGallery Component for Joomla! sub_votepic.php User-Agent HTTP Header SQLi CVE-2008-5208 14 May 2008 7.3 (v3) High Pass Web Site Cross-Domain Policy File Detection 15 May 2008 None Pass Mantis manage_user_create.php CSRF New User Creation CVE-2008-2276 15 May 2008 4.3 (v2) Medium Pass Site Documentation Module for Drupal Database Tables Access Content Permission Information Disclosure CVE-2008-2271 16 May 2008 7.5 (v2) High Pass IBM Lotus Domino < 8.0.1 / 7.0.3 FP1 Multiple Vulnerabilities CVE-2008-2240 CVE-2008-2410 23 May 2008 10 (v2) Critical Pass Xerox DocuShare dsweb Servlet Multiple XSS CVE-2008-5225 02 Jun 2008 4.3 (v2) Medium Pass AEC Subscription Manager Component for Mambo / Joomla! 'usage' Parameter SQLi 04 Jun 2008 7.3 (v3) High Pass PHP 7.3.x < 7.3.4 Multiple vulnerabilities. CVE-2019-11034 CVE-2019-11035 04 Apr 2019 9.1 (v3) Critical Pass PHP 7.2.x < 7.2.17 Multiple vulnerabilities. CVE-2019-11034 CVE-2019-11035 04 Apr 2019 9.1 (v3) Critical Pass PHP 7.1.x < 7.1.28 Multiple vulnerabilities. CVE-2019-11034 CVE-2019-11035 04 Apr 2019 9.1 (v3) Critical Pass LifeType for Drupal (pLog) index.php albumId Parameter SQL Injection CVE-2008-2629 06 Jun 2008 7.5 (v2) High Pass Skype fi le: URI Handling Security Bypass Arbitrary Code Execution (uncredentialed check) CVE-2008-1805 CVE-2008-2545 06 Jun 2008 9.3 (v2) High Pass IBM DB2 < 9 Fix Pack 5 Multiple Vulnerabilities CVE-2008-2154 CVE-2008-3852 CVE-2008-3854 CVE-2008-3855 CVE-2008-3856 CVE-2008-3857 CVE-2008-6821 10 Jun 2008 9.8 (v3) Critical Pass LISa Detection 17 Jun 2008 None Pass Ektron CMS400.NET WorkArea/ContentRatingGraph.aspx res Parameter SQL Injection CVE-2008-5122 26 Jun 2008 7.5 (v2) High Pass Trac quickjump Search Script q Parameter Arbitrary Site Redirect CVE-2008-2951 30 Jun 2008 5.4 (v3) Medium Pass nBill component for Joomla! 'cid' Parameter SQLi CVE-2008-3498 30 Jun 2008 7.3 (v3) High Pass TrailScout Module For Drupal Session Cookie SQL Injection CVE-2008-2850 30 Jun 2008 7.5 (v2) High Pass Call Of Duty Server Detection 30 Jun 2008 None Pass EMC AlphaStor Library Manager Detection 01 Jul 2008 None Pass EMC AlphaStor Device Manager Detection 01 Jul 2008 None Pass Sun Java System ASP Server Detection 08 Jul 2008 None Pass Sun Java System ASP < 4.0.3 Multiple Vulnerabilities CVE-2008-2401 CVE-2008-2402 CVE-2008-2403 CVE-2008-2404 CVE-2008-2405 08 Jul 2008 10 (v2) Critical Pass trixbox Dashboard user/index.php langChoice Parameter Local File Inclusion CVE-2008-6825 09 Jul 2008 7.5 (v2) High Pass Dolphin Multiple Scripts Remote File Inclusion CVE-2008-3166 CVE-2008-3167 09 Jul 2008 6.8 (v2) Medium Pass Xerox CentreWare Web < 4.6.46 Multiple Vulnerabilities (XRX08-008) CVE-2008-3121 CVE-2008-3122 11 Jul 2008 6.5 (v2) Medium Pass Maian Scripts Cookie Manipulation Authentication Bypass CVE-2008-3317 CVE-2008-3318 CVE-2008-3319 CVE-2008-3320 CVE-2008-3321 CVE-2008-3322 CVE-2008-7086 15 Jul 2008 7.5 (v2) High Pass CGI::Session File Driver CGISESSID Cookie Traversal Authentication Bypass 18 Jul 2008 5.1 (v2) Medium Pass fuzzylime (cms) comssrss.php fi les[] Parameter Traversal Local File Inclusion CVE-2008-6833 18 Jul 2008 7.5 (v2) High Pass HP System Management Homepage < 2.1.12 Unspeci fi ed XSS CVE-2008-1663 21 Jul 2008 4.3 (v2) Medium Pass Gregarius ajax.php rsargs[] Parameter Array SQL Injection CVE-2008-3374 29 Jul 2008 7.5 (v2) High Pass IBM DB2 < 9.5 Fix Pack 1 Multiple Vulnerabilities CVE-2008-1966 CVE-2008-1997 CVE-2008-1998 CVE-2008-3852 CVE-2008-3854 30 Jul 2008 9.8 (v3) Critical Pass Symphony sym_auth Cookie SQL Injection CVE-2008-3591 04 Aug 2008 7.5 (v2) High Pass PHP 7.3.x < 7.3.5 Heap-based Bu ff er Over fl ow Vulnerability. CVE-2019-11036 10 May 2019 9.1 (v3) Critical Pass Plogger plog-download.php checked[] Parameter SQL Injection CVE-2008-3563 06 Aug 2008 6.8 (v2) Medium Pass Pligg settemplate.php template Parameter Local File Inclusion CVE-2008-7090 08 Aug 2008 5.1 (v2) Medium Pass PHP < 4.4.9 Multiple Vulnerabilities CVE-2007-4850 CVE-2008-3658 CVE-2008-3659 CVE-2008-3660 CVE-2009-0754 08 Aug 2008 7.5 (v2) High Pass e107 download.php extract() Function Variable Overwrite 10 Aug 2008 8.8 (v3) High Pass RTH login.php uname Parameter SQL Injection 11 Aug 2008 6.8 (v2) Medium Pass Joomla! reset.php Reset Token Validation Forgery CVE-2008-3681 13 Aug 2008 9.8 (v3) Critical Pass PHP 7.2.x < 7.2.18 Heap-based Bu ff er Over fl ow Vulnerability. CVE-2019-11036 10 May 2019 9.1 (v3) Critical Pass dotCMS Multiple Script id Parameter Traversal Local File Inclusion CVE-2008-3708 18 Aug 2008 5 (v2) Medium Pass Serv-U 7.x < 7.2.0.1 SFTP Directory Creation Logging DoS CVE-2008-3731 20 Aug 2008 5 (v2) Medium Pass Kayako SupportSuite < 3.30.01 Multiple Vulnerabilities CVE-2008-3700 CVE-2008-3701 22 Aug 2008 4.3 (v2) Medium Pass TWiki bin/con fi gure 'image' Parameter Traversal Arbitrary File Access/Execution CVE-2008-3195 23 Aug 2008 8.8 (v3) High Pass IBM DB2 9.5 < Fix Pack 2 Multiple Vulnerabilities CVE-2008-2154 CVE-2008-3852 CVE-2008-4692 CVE-2008-4693 CVE-2008-6821 28 Aug 2008 7.3 (v3) High Pass Unpassworded 'r00t' account CVE-1999-0502 04 Sep 2008 9.8 (v3) Critical Pass Moodle 'lib/kses.php' 'kses_bad_protocol_once' Function Arbitrary PHP Code Execution 05 Sep 2008 7.5 (v2) High Pass Zen Cart products_id[] Array SQL Injection CVE-2008-6986 08 Sep 2008 6.8 (v2) Medium Pass pluck < 4.5.3 Multiple Local File Include Vulnerabilities CVE-2008-3851 11 Sep 2008 6.8 (v2) Medium Pass IBM DB2 8 < Fix Pack 17 Multiple Vulnerabilities CVE-2008-2154 CVE-2008-3856 CVE-2008-3958 CVE-2008-3960 CVE-2008-6820 CVE-2008-6821 12 Sep 2008 9.8 (v3) Critical Pass Calendarix Basic cal_cat.php catview Parameter SQL Injection CVE-2008-2429 14 Sep 2008 7.5 (v2) High Pass Simple Machines Forum Validation Code Prediction Arbitrary Password Reset CVE-2008-6971 15 Sep 2008 7.5 (v2) High Pass BNC Detection 17 Sep 2008 None Pass ezbounce Detection 17 Sep 2008 None Pass Observer <= 0.3.2.1 Multiple Remote Command Execution Vulnerabilities 25 Sep 2008 7.5 (v2) High Pass Pluck update.php Remote Privilege Escalation 28 Sep 2008 6.4 (v2) Medium Pass Default Password (rootme) for 'root' Account CVE-1999-0502 01 Oct 2008 9.8 (v3) Critical Pass Dns2TCP Service Detection 02 Oct 2008 None Pass OpenNMS Web Console Detection 07 Oct 2008 None Pass TOM-Skype Detection 07 Oct 2008 None Pass Trend Micro O ffi ceScan Client Traversal Arbitrary File Access CVE-2008-2439 08 Oct 2008 5 (v2) Medium Pass Zebedee Server Detection 08 Oct 2008 None Pass echoServer Detection 09 Oct 2008 None Pass Openads Delivery Engine OA_Delivery_Cache_store() Function name Argument Arbitrary PHP Code Execution CVE-2008-0635 09 Oct 2008 7.5 (v2) High Pass OpenX ac.php bannerid Parameter SQL Injection CVE-2008-6163 09 Oct 2008 7.5 (v2) High Pass ASG-Sentry CGI Detection 14 Oct 2008 None Pass Serv-U 7.x < 7.3.0.1 Multiple Remote Vulnerabilities (DoS, Traversal) CVE-2008-4500 CVE-2008-4501 14 Oct 2008 9 (v2) High Pass GForge top/topusers.php o ff set Parameter SQL Injection CVE-2008-6189 14 Oct 2008 7.5 (v2) High Pass Default Password (gforge) for 'root' Account CVE-1999-0502 15 Oct 2008 9.8 (v3) Critical Pass Default Password (testpass123) for 'root' Account CVE-1999-0502 15 Oct 2008 9.8 (v3) Critical Pass PhpWebGallery comments.php sort_by Parameter SQL Injection CVE-2008-4645 15 Oct 2008 7.5 (v2) High Pass Ignite Gallery Component for Joomla! 'gallery' Parameter SQLi CVE-2008-6182 15 Oct 2008 7.3 (v3) High Pass Apache mod_proxy_ftp Directory Component Wildcard Character Globbing XSS CVE-2008-2939 16 Oct 2008 5.3 (v3) Medium Pass yappa-ng index.php album Parameter Local File Inclusion CVE-2008-4626 21 Oct 2008 6.8 (v2) Medium Pass HTTP CONNECT Proxy Detection 22 Oct 2008 None 58

RELAYTO Endpoints Penetration Test Results - Page 58

RELAYTO Endpoints Penetration Test Results Page 57 Page 59