RELAYTO Endpoints Penetration Test Results (99/101)

Pass ionCube loader-wizard.php Accessible 04 Apr 2014 5 (v2) Medium Pass Ajax Pagination (twitter Style) Plugin for WordPress Local File Inclusion 07 Apr 2014 5 (v2) Medium Pass ASUS Routers fl ag Parameter XSS 25 Feb 2014 4.3 (v2) Medium Pass HP Universal Con fi guration Management Database Server (UCMDB) Local Information Disclosure (HPSBGN03504) CVE-2015-5440 22 Sep 2015 4.9 (v2) Medium Pass Cisco ONS 15454 Controller Card DoS (CSCug97315) CVE-2014-2139 10 Apr 2014 5 (v2) Medium Pass Canon PIXMA Printer WLAN Credential Disclosure CVE-2013-4614 07 Apr 2014 2.1 (v2) Low Pass OpenSSL Heartbeat Information Disclosure (Heartbleed) CVE-2014-0160 08 Apr 2014 7.5 (v3) High Pass NAS4Free Web UI Default Credentials 14 Apr 2014 10 (v2) Critical Pass CA ERwin Web Portal 9.5 Multiple Directory Traversals CVE-2014-2210 29 Apr 2014 7.5 (v2) High Pass BSD in.lpd File Name Handling Remote Over fl ow CVE-2001-0670 CVE-1999-0061 17 Mar 2003 7.5 (v2) High Pass Symantec Endpoint Protection Manager Java Object Deserialization RCE (SYM15-011) CVE-2015-6554 18 Dec 2015 8.8 (v3) High Pass IBM DB2 9.5 < Fix Pack 6a Multiple Vulnerabilities CVE-2009-3471 CVE-2009-3555 CVE-2010-0462 CVE-2010-3193 CVE-2010-3194 CVE-2010-3195 CVE-2010-3731 CVE-2010-3732 CVE-2010-3733 CVE-2010-3734 CVE-2010-3735 CVE-2010-3736 CVE-2010-3737 CVE-2010-3738 CVE-2010-3739 CVE-2010-3 07 Sep 2010 9.8 (v3) Critical Pass OS Identi fi cation: SinFP with Machine Learning 15 Jan 2020 None Pass OpenSSL < 0.9.6e Multiple Vulnerabilities CVE-2002-0655 CVE-2002-0656 CVE-2002-0659 04 Jan 2012 7.5 (v2) High Pass APC < 3.8.0 apcupsd Multiple Vulnerabilities CVE-2001-0040 CVE-2003-0098 CVE-2003-0099 26 Mar 2003 10 (v2) Critical Pass Microsoft SharePoint Server Unsupported Version Detection 30 May 2014 10 (v3) Critical Pass OpenSSL < 0.9.7h / 0.9.8a Protocol Version Rollback CVE-2005-2969 04 Jan 2012 5 (v2) Medium Pass HP OneView Unspeci fi ed Remote Privilege Escalation (HPSBGN03034) CVE-2014-2602 13 Jun 2014 6.5 (v2) Medium Pass PoPToP PPTP ctrlpacket.c Negative Read Remote Over fl ow CVE-2003-0213 16 Apr 2003 10 (v2) Critical Pass OpenSSH < 3.7.1 Multiple Vulnerabilities CVE-2003-0682 CVE-2003-0693 CVE-2003-0695 CVE-2004-2760 16 Sep 2003 10 (v2) Critical Pass Apache 2.0.x < 2.0.51 Multiple Vulnerabilities (OF, DoS) CVE-2004-0747 CVE-2004-0748 CVE-2004-0751 CVE-2004-0786 CVE-2004-0809 16 Sep 2004 5.6 (v3) Medium Pass Splunk '/en-US/app/' Referer Header XSS CVE-2014-8380 30 May 2014 4.3 (v2) Medium Pass Snitz Forums 2000 < 3.4.03 register.asp Email Parameter SQL Injection CVE-2003-0286 04 Aug 2004 7.5 (v2) High Pass F5 Networks ARX Data Manager Unsupported Version Detection 01 Jul 2014 10 (v2) Critical Pass Unsupported Microsoft DNS Server Detection 12 Jun 2014 10 (v3) Critical Pass EMC Documentum D2 Privilege Escalation (ESA-2014-045) CVE-2014-2504 06 Jun 2014 9 (v2) High Pass McAfee Cloud Single Sign On WebUI Default Credentials 25 Mar 2014 7.5 (v2) High Pass IBM WebSphere Application Server 7.0 < Fix Pack 13 Multiple Vulnerabilities CVE-2010-0781 CVE-2010-0783 CVE-2010-0784 CVE-2010-0785 CVE-2010-0786 CVE-2010-1632 CVE-2010-3186 CVE-2010-4220 11 Nov 2010 7.5 (v2) High Pass Puppet Enterprise 3.x < 3.1.3 LibYAML Heap-Based Bu ff er Over fl ow CVE-2013-6393 21 Mar 2014 6.8 (v2) Medium Pass Tivoli Provisioning Manager Express for Software Distribution Detection 29 Mar 2012 None Pass Oracle iPlanet Web Server 7.0.x < 7.0.9 Multiple Vulnerabilities CVE-2010-3512 CVE-2010-3514 CVE-2010-3544 CVE-2010-3545 13 Dec 2010 5.8 (v2) Medium Pass Cisco TelePresence Supervisor MSE 8050 Multiple Vulnerabilities in OpenSSL CVE-2014-0224 CVE-2014-3470 18 Jun 2014 5.8 (v2) Medium Pass Cisco ONS 15400 Series Devices Multiple Vulnerabilities in OpenSSL CVE-2014-0076 CVE-2014-3470 18 Jun 2014 1.9 (v2) Low Pass Woltlab Burning Board pms.php folderid Parameter XSS CVE-2005-1327 12 May 2005 4.3 (v2) Medium Pass Better WP Security Plugin for WordPress Multiple XSS CVE-2012-4263 CVE-2012-4264 31 Mar 2014 4.3 (v2) Medium Pass SSH Tectia Server SFTP Filename Logging Format String CVE-2006-0705 15 Feb 2006 5 (v2) Medium Pass Cloudera Manager Default Credentials 26 Jun 2014 10 (v2) Critical Pass Apache Tomcat 6.0.x < 6.0.43 Multiple Vulnerabilities (POODLE) CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-3513 CVE-2014-3 05 Mar 2015 7.3 (v3) High Pass Serv-U FTP Server < 15.1.0.458 Multiple Vulnerabilities 04 Jul 2014 6.4 (v2) Medium Pass OSSIM < 4.3.3.1 tele_stats.php SQL Injection 25 Jun 2014 7.5 (v2) High Pass IMAP Service STARTTLS Plaintext Command Injection CVE-2011-0411 CVE-2011-1926 10 Mar 2011 4 (v2) Medium Pass Symantec Data Insight < 4.5 Multiple Vulnerabilities (SYM14-012) CVE-2014-3432 CVE-2014-3433 03 Jul 2014 4.3 (v2) Medium Pass NETGEAR GS105PE Pro Safe Switch Hard-coded Credentials CVE-2014-2969 11 Jul 2014 8.3 (v2) High Pass SNMP 'GETBULK' Re fl ection DDoS 11 Jul 2014 5 (v2) Medium Pass VMware ESX / ESXi NFC Tra ffi c Handling DoS (VMSA-2013-0011) (remote check) CVE-2013-1661 04 Mar 2016 4.3 (v2) Medium Pass ManageEngine Desktop Central < 9 build 90103 XSRF CVE-2014-9331 25 Mar 2015 6.8 (v2) Medium Pass HP SiteScope Unspeci fi ed Authentication Bypass CVE-2014-2614 09 Jul 2014 7.5 (v2) High Pass MailPoet Newsletters for WordPress Arbitrary File Upload CVE-2014-4725 16 Jul 2014 8.8 (v3) High Pass IBM Storwize V7000 Uni fi ed Service Account Unspeci fi ed Local Privilege Escalation CVE-2014-3043 24 Jul 2014 6.5 (v2) Medium Pass WebTitan 'categories-x.php' 'sortkey' Parameter SQL Injection CVE-2014-4307 18 Jul 2014 7.5 (v2) High Pass Autodesk VRED Python API Remote Code Execution CVE-2014-2967 24 Jul 2014 10 (v2) Critical Pass VMware Harbor 1.8.x < 1.8.4 (VMSA-2019-0016) CVE-2019-16919 22 Oct 2019 7.5 (v3) High Pass Junos OS: Cross-Site Scripting (XSS) in J-Web (JSA10986) CVE-2020-1607 17 Jan 2020 7.5 (v3) High Pass OpenSSL 1.0.2 < 1.0.2k Multiple Vulnerabilities CVE-2016-7055 CVE-2017-3731 CVE-2017-3732 30 Jan 2017 5.9 (v3) Medium Pass Cisco ONS 15454 Controller Card DoS (CSCug97416) CVE-2014-2141 10 Apr 2014 4 (v2) Medium Pass VMware ESX Multiple Vulnerabilities (VMSA-2010-0015) (remote check) CVE-2009-2409 CVE-2009-3245 CVE-2009-3555 CVE-2009-3767 CVE-2010-0433 CVE-2010-0734 CVE-2010-0826 CVE-2010-1646 08 Mar 2016 10 (v2) Critical Pass NetIQ Sentinel < 7.4.1 Multiple Vulnerabilities CVE-2014-3576 CVE-2015-0851 26 Apr 2016 5 (v2) Medium Pass IBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple Vulnerabilities CVE-2013-6323 CVE-2013-6329 CVE-2013-6438 CVE-2013-6738 CVE-2013-6747 CVE-2014-0050 CVE-2014-0076 CVE-2014-0098 CVE-2014-0453 CVE-2014-0460 CVE-2014-0823 CVE-2014-0857 CVE-2014-0859 CVE-2014-0878 CVE-2014-0891 CVE-2014-0 04 Aug 2014 7.5 (v2) High Pass EMC Documentum D2 Privilege Escalation (ESA-2014-067) CVE-2014-2515 21 Aug 2014 8.5 (v2) High Pass HP LaserJet Printers Unspeci fi ed Information Disclosure (HPSBPI03546) CVE-2016-2244 15 Mar 2016 5.9 (v3) Medium Pass Juniper Junos Fragmented TCP Packet Sequence Handling DoS (JSA10696) CVE-2014-6449 21 Oct 2015 5 (v2) Medium Pass Allegro RomPager HTTP Cookie Management Remote Code Execution Vulnerability (Misfortune Cookie) CVE-2014-9222 CVE-2014-9223 30 Dec 2014 10 (v2) Critical Pass Juniper Junos jdhcpd crash denial of service (JSA10926) CVE-2019-0037 19 Apr 2019 7.5 (v3) High Pass HP StoreVirtual Storage Remote Unauthorized Access CVE-2013-2352 10 Apr 2014 9.4 (v2) High Pass Barco ClickShare Device Default Credentials 19 Aug 2014 10 (v2) Critical Pass Apache Tra ffi c Server 4.x < 4.2.1.1 / 5.x < 5.0.1 Synthetic Health Check Vulnerability CVE-2014-3525 22 Jan 2015 10 (v2) Critical Pass IBM Rational License Key Server Administration and Reporting Tool Default Credentials 16 Sep 2014 7.5 (v2) High Pass Fortinet FortiOS User Interface Default Credentials 15 Apr 2014 10 (v2) Critical Pass Splunk 6.x < 6.0.3 Multiple OpenSSL Vulnerabilities (Heartbleed) CVE-2013-4353 CVE-2014-0160 16 Apr 2014 7.5 (v3) High Pass phpMyAdmin 3.4.x < 3.4.6 XSS (PMASA-2011-16) CVE-2011-4064 26 Oct 2011 4.3 (v2) Medium Pass Oracle Real User Experience Insight October 2014 CPU CVE-2014-6557 26 Jan 2015 4.9 (v2) Medium Pass Palo Alto Networks PAN-OS HTTP Header Handling URL Filter Bypass (PAN-SA-2016-0006) 28 Apr 2016 5 (v2) Medium Pass SYAC DigiEye Backdoor Detection 10 Sep 2014 9.3 (v2) High Pass Oracle GlassFish Server 3.0.1 / 3.1.2 / Enterprise 2.1.1 DoS CVE-2012-3155 05 Sep 2014 5 (v2) Medium Pass F5 Networks rsync RCE CVE-2014-2927 14 Oct 2014 9.3 (v2) High Pass ManageEngine DeviceExpert Unauthorized Information Disclosure CVE-2014-5377 04 Sep 2014 5 (v2) Medium Pass OpenSSL 1.x < 1.0.0f Multiple Vulnerabilities CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 09 Jan 2012 5 (v2) Medium Pass FreeNAS WebGUI Blank Password CVE-2014-5334 18 Sep 2014 9.8 (v3) Critical Pass ManageEngine EventLog Analyzer Default Credentials 02 Sep 2014 7.5 (v2) High Pass Palo Alto Networks PAN-OS 7.0.x < 7.0.14 / 7.1.x < 7.1.9 Multiple Vulnerabilities (PAN-SA-2017-0008 - PAN-SA-2017-0010) CVE-2017-7126 CVE-2017-7217 CVE-2017-7218 18 Apr 2017 7.8 (v3) High Pass Cisco Content Security Management Appliance Open Redirect Multiple Vulnerabilities (cisco-sa-sma-opn-rdrct-yPPMdsMQ) CVE-2020-3178 21 May 2020 6.1 (v3) Medium Pass Juniper Junos libgd Compressed GD2 Data RCE (JSA10798) CVE-2016-3074 31 Jul 2017 9.8 (v3) Critical Pass macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown) CVE-2017-1000254 CVE-2017-13847 CVE-2017-13848 CVE-2017-13855 CVE-2017-13858 CVE-2017-13860 CVE-2017-13862 CVE-2017-13865 CVE-2017-13867 CVE-2017-13868 CVE-2017-13869 CVE-2017-13871 CVE-2017-13872 CVE-2017-13875 CVE-201 07 Dec 2017 7.8 (v3) High Pass ESXi 5.5 < Build 1980513 glibc Library Multiple Vulnerabilities (remote check) CVE-2013-0242 CVE-2013-1914 09 Oct 2014 5 (v2) Medium Pass HP Printers Security Bypass (HPSBPI03107) CVE-2014-0224 09 Oct 2014 5.8 (v2) Medium Pass TIBCO Spot fi re Analytics Server Authentication Module Unspeci fi ed Information Disclosure CVE-2012-0690 13 Oct 2014 5 (v2) Medium Pass TIBCO Spot fi re Server Authentication Module Unspeci fi ed Remote Code Execution CVE-2014-2544 13 Oct 2014 7.5 (v2) High Pass TIBCO Spot fi re Server Unsupported Version Detection 13 Oct 2014 10 (v3) Critical Pass TIBCO Spot fi re Server Authentication Module Unspeci fi ed Privilege Escalation CVE-2014-5285 13 Oct 2014 7.5 (v2) High Pass Lexmark Printer con fi g.html Administrator Authentication Bypass (FREAK) CVE-2015-0204 CVE-2015-1637 19 Oct 2015 4.3 (v2) Medium Pass Apple iTunes < 12.0.1 Multiple Vulnerabilities (uncredentialed check) CVE-2013-2871 CVE-2013-2875 CVE-2013-2909 CVE-2013-2926 CVE-2013-2927 CVE-2013-2928 CVE-2013-5195 CVE-2013-5196 CVE-2013-5197 CVE-2013-5198 CVE-2013-5199 CVE-2013-5225 CVE-2013-5228 CVE-2013-6625 CVE-2013-6635 CVE-2013-6 21 Oct 2014 10 (v2) Critical Pass macOS 10.13.x < 10.13.5 Multiple Vulnerabilities CVE-2018-4141 CVE-2018-4159 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 CVE-2018-4184 CVE-2018-4193 CVE-2018-4194 CVE-2018-4196 CVE-2018-4198 CVE-2018-4202 CVE-2018-4211 CVE-2018-4217 CVE-2018-4219 CVE-2018-4 05 Jun 2018 9.8 (v3) Critical Pass HP Operations Manager / Operations Agent < 11.13 XSS (HPSBMU03126) CVE-2014-2647 22 Oct 2014 4.3 (v2) Medium Pass Oracle Business Transaction Management 'FlashTunnelService' 'WriteToFile' Message RCE 31 Oct 2014 10 (v2) Critical Pass macOS 10.13.x < 10.13.6 Multiple Vulnerabilities CVE-2017-0898 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2018-3665 CVE-2018-4178 CVE-2018-4248 CVE-2018-4259 CVE-2018-4268 CVE-2018-4269 CVE-2018-4276 CVE-2018-4277 CVE-2018-4280 CVE-2 17 Jul 2018 9.8 (v3) Critical Pass Cisco Nexus 3000 Series and 9000 Series Switches in NX-OS Mode CLI Command Software Image Signature Veri fi cation Vulnerability CVE-2019-1810 07 Jun 2019 6.7 (v3) Medium Pass SolarWinds Log and Event Manager Unsupported Version Detection 07 Nov 2014 10 (v2) Critical Pass SolarWinds Log and Event Manager Default Credentials 07 Nov 2014 10 (v2) Critical Pass IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass CVE-2014-0224 19 Nov 2014 5.8 (v2) Medium Pass AFP Server Network Interface Enumeration CVE-2014-4426 24 Nov 2014 4.3 (v2) Medium Pass Google Calendar Events Plugin for WordPress 'admin-ajax.php' XSS CVE-2014-7138 21 Nov 2014 4.3 (v2) Medium Pass IBM WebSphere Application Server 8.0 < Fix Pack 2 Multiple Vulnerabilities CVE-2011-1376 CVE-2011-1377 CVE-2011-4889 04 Apr 2012 4.6 (v2) Medium Pass Apache Tra ffi c Server Host HTTP XSS 28 Nov 2014 4.3 (v2) Medium Pass IlohaMail read_message.php Attachment Multiple Field XSS CVE-2005-1120 14 Apr 2005 4.3 (v2) Medium Pass Splunk Enterprise 6.0.x < 6.0.6 Multiple Vulnerabilities CVE-2014-3511 CVE-2014-8303 04 Dec 2014 4.3 (v2) Medium Pass Isilon OneFS SNMP Detection 14 Aug 2018 None Pass Mac OS X < 10.11.1 Multiple Vulnerabilities CVE-2012-6151 CVE-2014-3565 CVE-2015-0235 CVE-2015-0273 CVE-2015-5924 CVE-2015-5925 CVE-2015-5926 CVE-2015-5927 CVE-2015-5932 CVE-2015-5933 CVE-2015-5934 CVE-2015-5935 CVE-2015-5936 CVE-2015-5937 CVE-2015-5938 CVE-2015-5 29 Oct 2015 10 (v2) Critical Pass IBM WebSphere Application Server 6.1 < 6.1.0.33 Multiple Vulnerabilities CVE-2010-0778 CVE-2010-0779 CVE-2010-0781 CVE-2010-3186 28 Sep 2010 10 (v2) Critical Pass SSL Certi fi cate Chain Contains Weak RSA Keys 24 Jul 2012 4 (v2) Medium Pass Cisco TelePresence Multipoint Switch XML-RPC DoS (cisco-sa-20110223-telepresence-ctms) CVE-2011-0390 27 Jul 2012 7.8 (v2) High Pass MySQL Authentication Protocol Token Comparison Casting Failure Password Bypass CVE-2012-2122 02 Aug 2012 5.6 (v3) Medium Pass sipXtapi INVITE Message CSeq Field Header Remote Over fl ow CVE-2006-3524 25 Jul 2006 7.5 (v2) High 99

RELAYTO Endpoints Penetration Test Results - Page 99

RELAYTO Endpoints Penetration Test Results Page 98 Page 100