RELAYTO Endpoints Penetration Test Results (101/101)

Pass HP Managed Printing Administration < 2.7.0 XSS CVE-2012-5219 30 Apr 2013 4.3 (v2) Medium Pass Lexmark Markvision Enterprise Default Credentials 06 May 2013 7.5 (v2) High Pass Lexmark Markvision Enterprise Remote Command Execution CVE-2013-3055 06 May 2013 9.3 (v2) High Pass Groovy Shell Unauthenticated Remote Command Execution CVE-2013-3055 06 May 2013 9.3 (v2) High Pass Android Emulator Telnet Port on Remote Host 11 May 2013 7.5 (v2) High Pass IBM SPSS SamplePower 3.0 < 3.0 FP 1 Multiple ActiveX Controls Arbitrary Code Execution CVE-2012-5945 CVE-2012-5946 CVE-2012-5947 CVE-2013-0593 16 May 2013 9.3 (v2) High Pass Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities CVE-2008-4546 CVE-2009-0796 CVE-2009-0946 CVE-2009-2473 CVE-2009-2474 CVE-2009-2624 CVE-2009-3793 CVE-2009-4134 CVE-2010-0001 CVE-2010-0105 CVE-2010-0205 CVE-2010-0209 CVE-2010-0211 CVE-2010-0212 CVE-2010-0397 CVE-2010-0 10 Nov 2010 10 (v2) Critical Pass VMware vCenter Server 5.5.x / 6.0.x / 6.5.x / 6.7.x Speculative Execution Side Channel Vulnerability (Foreshadow) (VMSA-2018-0020) CVE-2018-3646 15 Aug 2018 5.6 (v3) Medium Pass Xerox ColorQube 92XX Multiple OpenSSL Vulnerabilities (XRX15AD) (FREAK) (GHOST) (POODLE) CVE-2014-3566 CVE-2015-0204 CVE-2015-0235 11 Dec 2015 10 (v2) Critical Pass Palo Alto Networks PAN-OS 6.0.x < 6.0.14 Multiple Vulnerabilities 26 Aug 2016 8.8 (v3) High Pass Mac OS X 10.6.x < 10.6.7 Multiple Vulnerabilities CVE-2006-7243 CVE-2010-0405 CVE-2010-1323 CVE-2010-1324 CVE-2010-1452 CVE-2010-2068 CVE-2010-2950 CVE-2010-3069 CVE-2010-3089 CVE-2010-3315 CVE-2010-3434 CVE-2010-3709 CVE-2010-3710 CVE-2010-3801 CVE-2010-3802 CVE-2010-3 22 Mar 2011 7.6 (v2) High Pass Junos Space WebUI Default Credentials 31 May 2013 7.5 (v2) High Pass mDNS Detection (Local Network) 31 May 2013 None Pass HP System Management Homepage < 7.2.0.14 iprange Parameter Code Execution 22 May 2013 9.3 (v2) High Pass Splunk Enterprise < 5.0.17 / 6.0.13 / 6.1.12 / 6.2.12 / 6.3.8 / 6.4.4 or Splunk Light < 6.5.0 Multiple Vulnerabilities CVE-2016-0772 CVE-2016-5636 CVE-2016-5699 17 Nov 2016 9.8 (v3) Critical Pass VMware vCenter Server Multiple Vulnerabilities (VMSA-2012-0005) CVE-2011-3190 CVE-2011-3375 CVE-2012-0022 05 Jun 2013 7.5 (v2) High Pass Mac OS X 10.7 / 10.8 Unauthorized File Access (remote check) CVE-2013-0990 06 Jun 2013 4.9 (v2) Medium Pass SAP Control SOAP Web Service Remote Code Execution (SAP Note 1414444) 05 Jun 2013 10 (v2) Critical Pass Novell ZENworks Control Center File Upload Remote Code Execution (intrusive check) CVE-2013-1080 18 Jun 2013 10 (v2) Critical Pass ESXi 6.0 / 6.5 / 6.7 Multiple Vulnerabilities (VMSA-2018-0027) (Remote Check) CVE-2018-6981 CVE-2018-6982 12 Nov 2018 8.8 (v3) High Pass Elasticsearch ESA-2017-18 CVE-2017-8447 22 Aug 2018 6.5 (v3) Medium Pass GroundWork Monitor Enterprise Default Credentials 28 Jun 2013 7.5 (v2) High Pass Cisco IOS XE Bu ff er Over fl ow Vulnerabilities (cisco-sa-sdwan-bufovulns-B5NrSHbj) CVE-2021-1300 CVE-2021-1301 23 Mar 2021 9.8 (v3) Critical Pass Joomla! Unsupported Version Detection 07 Nov 2014 10 (v3) Critical Pass Xerox ColorQube 8570 / 8870 Multiple Vulnerabilities (XRX15OA) CVE-2014-0076 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 03 Nov 2015 5.8 (v2) Medium Pass Acunetix Web Vulnerability Scanner 4 < 4.0.20060717 Denial of Service CVE-2007-0120 02 Apr 2014 1.9 (v2) Low Pass Cisco IOS XE SD-WAN Bu ff er Over fl ow Vulnerabilities (cisco-sa-sdwan-bufovulns-B5NrSHbj) CVE-2021-1300 CVE-2021-1301 23 Mar 2021 9.8 (v3) Critical Pass Mac OS X 10.6.x < 10.6.8 Multiple Vulnerabilities CVE-2009-3245 CVE-2010-0740 CVE-2010-2632 CVE-2010-3677 CVE-2010-3682 CVE-2010-3790 CVE-2010-3833 CVE-2010-3834 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3864 CVE-2010-4180 CVE-2010-4651 CVE-2011-0 24 Jun 2011 10 (v2) Critical Pass Axon Virtual PBX /logon Multiple Parameter XSS CVE-2009-4038 12 Nov 2009 4.3 (v2) Medium Pass Zimbra Collaboration Server aspell.php dictionary Parameter XSS CVE-2013-1938 24 Feb 2014 4.3 (v2) Medium Pass VLC Web Interface XML Services XSS CVE-2013-3564 23 Jul 2013 4.3 (v2) Medium Pass OpenSSL 1.0.2 < 1.0.2e Multiple Vulnerabilities CVE-2015-1794 CVE-2015-3193 CVE-2015-3194 CVE-2015-3195 07 Dec 2015 5 (v2) Medium Pass SAXoPRESS pbcs.dll url Parameter Traversal Arbitrary File Access CVE-2006-1771 17 Apr 2006 5 (v2) Medium Pass Cisco ONS Products Remote DoS CVE-2008-3818 25 Jul 2013 7.8 (v2) High Pass Juniper Junos IPv6 over IPv4 Security Policy Bypass (PSN-2011-07-299) 22 Aug 2011 5 (v2) Medium Pass Serv-U < 14.0.2.0 FTP Server SSL Renegotiation DoS 25 Jul 2013 5 (v2) Medium Pass Xerox WorkCentre 4260 / 4265 Multiple Vulnerabilities (XRX15AV) (FREAK) (Logjam) CVE-2015-0204 CVE-2015-3963 CVE-2015-4000 11 Dec 2015 5.8 (v2) Medium Pass BigTree CMS Detection 15 Aug 2013 None Pass ZTE F460 / F660 Cable Modems web_shell_cmd.gch Administrative Backdoor CVE-2014-2321 19 Mar 2014 10 (v2) Critical Pass Mac OS X 10.7.x < 10.7.2 Multiple Vulnerabilities CVE-2010-1634 CVE-2010-2089 CVE-2011-0185 CVE-2011-0187 CVE-2011-0226 CVE-2011-0230 CVE-2011-0260 CVE-2011-1521 CVE-2011-1755 CVE-2011-1910 CVE-2011-2464 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 CVE-2011-3192 CVE-2011-3 13 Oct 2011 10 (v2) Critical Pass Puppet Enterprise 3.x < 3.1.2 DTLS Retransmission DoS CVE-2013-6450 21 Mar 2014 5.8 (v2) Medium Pass MailEnable < 1.7 IMAP Server Multiple Vulnerabilities (ME-100008) CVE-2005-3690 CVE-2005-3691 20 Nov 2005 7.5 (v2) High Pass IBM WebSphere Application Server 6.0 < 6.0.2.39 Multiple Vulnerabilities CVE-2009-2747 11 Feb 2010 5 (v2) Medium Pass Splunk < 5.0.8 Unspeci fi ed XSS CVE-2014-2578 28 Mar 2014 4.3 (v2) Medium Pass Cisco Video Surveillance Manager Default Administrator Credentials 12 Sep 2013 9.8 (v3) Critical Pass PatchLink Update Server nwupload.asp Traversal Arbitrary File Write CVE-2006-3426 28 Jul 2006 5 (v2) Medium Pass Cisco Digital Media Manager < 5.3 Privilege Escalation CVE-2012-0329 18 Sep 2013 9 (v2) High Pass QNAP Photo Station < 5.7.0 Cross-Site Scripting Vulnerability CVE-2018-0715 03 Oct 2018 6.1 (v3) Medium Pass HP SiteScope SOAP Call runOMAgentCommand SOAP Request Arbitrary Remote Code Execution CVE-2013-2367 19 Sep 2013 10 (v2) Critical Pass PHP 5.5.x < 5.5.32 Multiple Vulnerabilities CVE-2015-8383 CVE-2015-8386 CVE-2015-8387 CVE-2015-8389 CVE-2015-8390 CVE-2015-8391 CVE-2015-8393 CVE-2015-8394 CVE-2016-2554 CVE-2016-4342 11 Feb 2016 9.8 (v3) Critical Pass VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0009) (remote check) CVE-2012-1516 CVE-2012-1517 CVE-2012-2448 CVE-2012-2449 CVE-2012-2450 29 Feb 2016 9 (v2) High Pass Artica mailattach Parameter Directory Traversal 25 Oct 2010 7.8 (v2) High Pass Canon PIXMA Printer Administration Authentication Bypass CVE-2013-4613 07 Apr 2014 7.5 (v2) High Pass macOS < 10.14 Multiple Vulnerabilities CVE-2016-0702 CVE-2015-3194 CVE-2015-5333 CVE-2015-5334 CVE-2016-1777 CVE-2017-12613 CVE-2017-12618 CVE-2018-3639 CVE-2018-3646 CVE-2018-4126 CVE-2018-4153 CVE-2018-4203 CVE-2018-4295 CVE-2018-4304 CVE-2018-4308 CVE-2018 18 Oct 2018 9.8 (v3) Critical Pass Default Password (artica) for 'root' Account CVE-1999-0502 25 Oct 2010 9.8 (v3) Critical Pass Mac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST) CVE-2011-1148 CVE-2011-1167 CVE-2011-1657 CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 CVE-2011-1938 CVE-2011-2192 CVE-2011-2202 CVE-2011-2483 CVE-2011-2895 CVE-2011-2937 CVE-2011-3182 CVE-2011-3189 CVE-2011-3246 CVE-2011-3 02 Feb 2012 10 (v2) Critical Pass Artica Detection 25 Oct 2010 None Pass Revive Adserver Detection 26 Jun 2014 None 101

RELAYTO Endpoints Penetration Test Results - Page 101

RELAYTO Endpoints Penetration Test Results Page 100