RELAYTO Endpoints Penetration Test Results (29/101)

Pass Cisco IOS XE Software IOx Application Hosting Privilege Escalation (cisco-sa-iosxe-iox-app-host-mcZcnsBt) CVE-2020-3393 13 Nov 2020 7.8 (v3) High Pass Palo Alto Networks PAN-OS 8.1.x < 8.1.16 / 9.0.x < 9.0.10 / 9.1.x < 9.1.4 Information Exposure CVE-2020-2043 14 Sep 2020 3.3 (v3) Low Pass Debian OpenSSH/OpenSSL Package Random Number Generator Weakness (SSL check) CVE-2008-0166 15 May 2008 10 (v2) Critical Pass Palo Alto Networks PAN-OS 7.1.x < 8.1.17 / 8.x < 8.1.17 / 9.0.x < 9.0.11 / 9.1.x < 9.1.5 Vulnerability CVE-2020-1999 13 Nov 2020 5.3 (v3) Medium Pass SMTP Service Cleartext Login Permitted 19 May 2011 2.6 (v2) Low Pass Cisco Security Manager < 4.22 Static Credential Usage (cisco-sa-csm-rce-8gjUz9fW) CVE-2020-27125 17 Nov 2020 9.8 (v3) Critical Pass PHP-Calendar Multiple Script phpc_root_path Parameter Remote File Inclusion CVE-2004-1423 29 Dec 2004 8.3 (v3) High Pass Coppermine Photo Gallery album Password Cookie SQL Injection CVE-2007-3558 25 Feb 2008 7.5 (v2) High Pass Rockwell Automation MicroLogix 1100 PLC Default Credentials 07 Jul 2015 8.3 (v2) High Pass MyBB <= 1.00 RC4 Multiple SQL Injection Vulnerabilities CVE-2005-2580 CVE-2005-2697 CVE-2005-2778 30 Aug 2005 7.5 (v2) High Pass Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability (cisco-sa-FND-AUTH-vEypBmmR) CVE-2020-26072 24 Nov 2020 8.7 (v3) High Pass Multiple Web Server printenv CGI Information Disclosure 16 Jul 2010 5 (v2) Medium Pass Cisco IOS XE SD-WAN Software Packet Filtering Bypass (cisco-sa-cedge- fi lt-bypass-Y6wZMqm4) CVE-2020-3444 20 Nov 2020 7.5 (v3) High Pass Cisco IOS Access Points DoS (cisco-sa-20190717-aironet-dos) CVE-2019-1920 20 Nov 2020 7.4 (v3) High Pass IBM WebSphere Application Server 7.0.0.x through 7.0.0.45 / 8.0.0.x through 8.0.0.15 / 8.5.x through to 8.5.5.17 / 9.0.x through to 9.0.5.5 XXE (CVE-2020-4643) CVE-2020-4643 25 Sep 2020 7.5 (v3) High Pass ASP.NET DEBUG Method Enabled 27 Jun 2008 4.3 (v3) Medium Pass SAP Gateway 10Kblaze Remote Code Execution Vulnerability. 19 Jun 2019 9.4 (v3) Critical Pass Juniper Junos OS EX4300 / EX4600 / QFX5 Series DoS (JSA11084) CVE-2020-1687 25 Nov 2020 6.5 (v3) Medium Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x <= 8.5.5.13 / 9.0.x <= 9.0.0.7 Information Disclosure (715271) CVE-2018-1621 10 Sep 2020 6.7 (v3) Medium Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.18 / 9.0.x < 9.0.5.6 XSS (CVE-2020-4578) CVE-2020-4578 15 Oct 2020 5.4 (v3) Medium Pass IBM WebSphere Application Server 8.0.0.x < 8.0.0.15 / 8.5.x < 8.5.5.13 Multiple Vulnerabilities (296865) CVE-2011-4343 CVE-2017-1583 20 Oct 2020 7.5 (v3) High Pass IBM WebSphere Application Server 7.0.0.x < 7.0.0.43 / 8.0.0.x < 8.0.0.13 / 8.5.x < 8.5.5.11 / 9.0.x < 9.0.0.1 FileUpload DoS (CVE-2016-3092) CVE-2017-1503 23 Oct 2020 6.1 (v3) Medium Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.14 / 9.0.x < 9.0.0.8 Information Disclosure (CVE-2012-5783) CVE-2012-5783 27 Oct 2020 6.1 (v3) Medium Pass IBM WebSphere Application Server 6.1.0.x <= 6.1.0.47 / 7.0.0.x < 7.0.0.39 / 8.0.0.x < 8.0.0.12 / 8.5.x < 8.5.5.8 HTTP Response Splitting (CVE-2015-2017) CVE-2015-2017 03 Nov 2020 4.3 (v3) Medium Pass Cisco IoT Field Network Director Unauthenticated REST API (cisco-sa-FND-BCK-GHkPNZ5F) CVE-2020-3531 24 Nov 2020 9.8 (v3) Critical Pass Junos OS malformed IPv6 packet DoS (JSA11083) CVE-2020-1686 01 Dec 2020 7.5 (v3) High Pass Cisco DNA Spaces Connector Web Detection. 01 Dec 2020 None Pass Cisco IOS Software Internet Key Exchange Denial of Service Vulnerability CVE-2017-12237 06 Oct 2017 7.5 (v3) High Pass Cisco DNA Spaces Connector Command Injection Vulnerability (cisco-sa-dna-cmd-injection-rrAYzOwc) CVE-2020-3586 02 Dec 2020 9.8 (v3) Critical Pass PostNuke <= 0.760 RC4b Multiple Vulnerabilities CVE-2005-2689 CVE-2005-2690 30 Aug 2005 4.6 (v2) Medium Pass FTP Daemon Long Command XSRF 17 Jun 2010 5.3 (v3) Medium Pass VMware Workspace ONE Access HTTP Detection 08 Dec 2020 None Pass Netopia Router Crafted SNMP Request Remote Admin Password Disclosure 20 Sep 2006 10 (v2) Critical Pass Remote Help Default Credentials 24 Mar 2010 10 (v2) Critical Pass CMS Made Simple admin/lang.php nls Parameter Remote File Inclusion CVE-2005-2846 01 Sep 2005 6.8 (v2) Medium Pass Phorum register.php Username Field XSS CVE-2005-2836 06 Sep 2005 4.3 (v2) Medium Pass Web Server PROPFIND Method Internal IP Disclosure CVE-2002-0422 18 Mar 2004 2.6 (v2) Low Pass JBoss Administration Console Default Credentials 14 Jul 2010 7.5 (v2) High Pass X11 Server Unauthenticated Access CVE-1999-0526 10 Oct 2005 10 (v2) Critical Pass AttachmateWRQ Re fl ection for Secure IT Server SFTP Format String CVE-2006-0705 14 Feb 2006 5 (v2) Medium Pass Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password (cisco-sa-20181003-cpcp-password) CVE-2018-15389 21 Dec 2020 9.8 (v3) Critical Pass PHP-Fusion < 6.00.108 BBCode Nested URL Tag XSS CVE-2005-2783 08 Sep 2005 4.3 (v2) Medium Pass AMember Multiple Script con fi g[root_dir] Parameter Remote File Inclusion CVE-2005-2865 08 Sep 2005 6.8 (v2) Medium Pass Tetrinet server detection 11 Sep 2005 None Pass Apache mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String CVE-2004-0700 16 Jul 2004 7.5 (v2) High Pass Cisco IOS XE Software Wireless Controller for the Catalyst 9000 Family WLAN Local Pro fi ling DoS (cisco-sa-dclass-dos-VKh9D8k3) CVE-2020-3428 21 Dec 2020 6.5 (v3) Medium Pass Zorum <= 3.5 Multiple Remote Vulnerabilities CVE-2005-0675 CVE-2005-0676 CVE-2005-0677 CVE-2005-2651 CVE-2005-4619 CVE-2006-3332 11 Mar 2005 7.5 (v2) High Pass VMware ESX / ESXi Tools Folder Incorrect ACL Privilege Escalation (VMSA-2012-0007) (remote check) CVE-2012-1518 03 Mar 2016 8.3 (v2) High Pass VMware ESX / ESXi Tools Update Privilege Escalation (VMSA-2010-0018) (remote check) CVE-2010-4297 08 Mar 2016 7.2 (v2) High Pass Dada Mail Archived Message XSS CVE-2005-2595 12 Sep 2005 4.3 (v2) Medium Pass Cisco TelePresence Conductor Default Credentials (Web UI) 26 Nov 2014 7.5 (v2) High Pass Trend Micro Worry-Free Business Security Path Traversal Authentication Bypass (000245572) CVE-2020-8600 18 Aug 2020 9.8 (v3) Critical Pass WordPress Plugin 'Email Subscribers & Newsletters' < 4.5.6 Email Forgery/Spoo fi ng Vulnerability. CVE-2020-5780 14 Sep 2020 5.3 (v3) Medium Pass VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0006) (remote check) CVE-2011-2482 CVE-2011-3191 CVE-2011-4348 CVE-2011-4862 CVE-2012-1515 03 Mar 2016 10 (v2) Critical Pass Trend Micro Apex One Management Web Console Detection 03 May 2022 None Pass VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check) CVE-2008-7270 CVE-2010-1321 CVE-2010-2054 CVE-2010-3170 CVE-2010-3173 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553 CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3 04 Mar 2016 10 (v2) Critical Pass VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0012) (remote check) CVE-2010-0296 CVE-2010-1083 CVE-2010-1323 CVE-2010-2492 CVE-2010-2798 CVE-2010-2938 CVE-2010-2942 CVE-2010-2943 CVE-2010-3015 CVE-2010-3066 CVE-2010-3067 CVE-2010-3078 CVE-2010-3086 CVE-2010-3296 CVE-2010-3432 CVE-2010-3 04 Mar 2016 7.9 (v2) High Pass VMware ESX Third-Party Libraries and Components Multiple Vulnerabilities (VMSA-2010-0006) (remote check) CVE-2009-0798 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 08 Mar 2016 6 (v2) Medium Pass VMware ESXi Tools Guest OS Privilege Escalation (VMSA-2014-0005) CVE-2014-3793 30 Dec 2015 5.8 (v2) Medium Pass VMware ESX / ESXi vSphere Client RCE (VMSA-2014-0003) CVE-2014-1209 30 Dec 2015 9.3 (v2) High Pass VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0016) (remote check) CVE-2011-4940 CVE-2011-4944 CVE-2012-0441 CVE-2012-0876 CVE-2012-1033 CVE-2012-1148 CVE-2012-1150 CVE-2012-1667 CVE-2012-3817 CVE-2012-5703 29 Feb 2016 8.5 (v2) High Pass VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0014) (remote check) CVE-2007-6063 CVE-2008-0598 CVE-2008-2086 CVE-2008-2136 CVE-2008-2812 CVE-2008-3275 CVE-2008-3525 CVE-2008-4210 CVE-2008-5339 CVE-2008-5340 CVE-2008-5341 CVE-2008-5342 CVE-2008-5343 CVE-2008-5344 CVE-2008-5345 CVE-2008-5 03 Mar 2016 10 (v2) Critical Pass VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check) CVE-2007-2052 CVE-2007-4965 CVE-2007-5333 CVE-2007-5342 CVE-2007-5461 CVE-2007-5966 CVE-2007-6286 CVE-2008-0002 CVE-2008-1232 CVE-2008-1721 CVE-2008-1887 CVE-2008-1947 CVE-2008-2315 CVE-2008-2370 CVE-2008-3142 CVE-2008-3 03 Mar 2016 10 (v2) Critical Pass VMware ESXi Multiple OpenSSL Vulnerabilities (VMSA-2014-0006) CVE-2010-5298 CVE-2014-0198 CVE-2014-0224 CVE-2014-3470 30 Dec 2015 5.8 (v2) Medium Pass VMware ESX Multiple Vulnerabilities (VMSA-2009-0008) (remote check) CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 03 Mar 2016 10 (v2) Critical Pass VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2014-0002) CVE-2013-4332 CVE-2013-5211 30 Dec 2015 5 (v2) Medium Pass VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0007) (remote check) CVE-2010-1323 CVE-2010-1324 CVE-2010-2240 CVE-2010-4020 CVE-2010-4021 CVE-2011-1785 CVE-2011-1786 04 Mar 2016 7.2 (v2) High Pass VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check) CVE-2006-6304 CVE-2007-4567 CVE-2009-0590 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1384 CVE-2009-1386 CVE-2009-1387 CVE-2009-2409 CVE-2009-2695 CVE-2009-2908 CVE-2009-2910 CVE-2009-3080 CVE-2009-3228 CVE-2009-3 08 Mar 2016 10 (v2) Critical Pass VMware ESXi Multiple DoS (VMSA-2014-0008) CVE-2013-0242 CVE-2013-1914 30 Dec 2015 5 (v2) Medium Pass VMware ESX / ESXi libxml2 Multiple Vulnerabilities (VMSA-2012-0012) (remote check) CVE-2010-4008 CVE-2011-0216 CVE-2011-1944 CVE-2011-2834 CVE-2011-3905 CVE-2011-3919 CVE-2012-0841 29 Feb 2016 9.3 (v2) High Pass VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0004) (remote check) CVE-2005-4889 CVE-2010-2059 CVE-2010-2199 CVE-2010-3316 CVE-2010-3435 CVE-2010-3609 CVE-2010-3613 CVE-2010-3614 CVE-2010-3762 CVE-2010-3853 04 Mar 2016 7.2 (v2) High Pass VMware ESXi Multiple Vulnerabilities (VMSA-2014-0012) CVE-2013-1752 CVE-2013-2877 CVE-2013-4238 CVE-2014-0015 CVE-2014-0138 CVE-2014-0191 30 Dec 2015 6.4 (v2) Medium Pass VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0008) (remote check) CVE-2011-0426 CVE-2011-1788 CVE-2011-1789 04 Mar 2016 5 (v2) Medium Pass VMware ESX / ESXi Multiple DoS (VMSA-2014-0001) CVE-2014-1207 CVE-2014-1208 30 Dec 2015 4.3 (v2) Medium Pass VMware ESX Multiple Vulnerabilities (VMSA-2009-0004) (remote check) CVE-2007-2953 CVE-2008-2712 CVE-2008-3432 CVE-2008-4101 CVE-2008-5077 CVE-2009-0025 03 Mar 2016 9.3 (v2) High Pass VMware ESX / ESXi Service Console and Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0001) (remote check) CVE-2009-3560 CVE-2009-3720 CVE-2010-0547 CVE-2010-0787 CVE-2010-1634 CVE-2010-2059 CVE-2010-2089 CVE-2010-3493 CVE-2010-4649 CVE-2011-0695 CVE-2011-0711 CVE-2011-0726 CVE-2011-1015 CVE-2011-1044 CVE-2011-1078 CVE-2011-1 03 Mar 2016 9.3 (v2) High Pass VMware ESX Multiple Vulnerabilities (VMSA-2009-0009) (remote check) CVE-2009-0034 CVE-2009-0037 CVE-2009-1185 03 Mar 2016 7.2 (v2) High Pass VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0011) (remote check) CVE-2012-3288 CVE-2012-3289 29 Feb 2016 9.3 (v2) High Pass VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0009) (remote check) CVE-2009-3080 CVE-2009-4536 CVE-2010-1188 CVE-2010-2240 CVE-2011-1787 CVE-2011-2145 CVE-2011-2146 CVE-2011-2217 04 Mar 2016 9.3 (v2) High Pass VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check) CVE-2009-5029 CVE-2009-5064 CVE-2010-0830 CVE-2010-2761 CVE-2010-4180 CVE-2010-4252 CVE-2010-4410 CVE-2011-0014 CVE-2011-1020 CVE-2011-1089 CVE-2011-1833 CVE-2011-2484 CVE-2011-2496 CVE-2011-2699 CVE-2011-3188 CVE-2011-3 29 Feb 2016 9.3 (v2) High Pass VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check) CVE-2008-0085 CVE-2008-0086 CVE-2008-0106 CVE-2008-0107 CVE-2008-3825 CVE-2008-5416 CVE-2009-1384 CVE-2009-2693 CVE-2009-2901 CVE-2009-2902 CVE-2009-3548 CVE-2009-3555 CVE-2009-4308 CVE-2010-0003 CVE-2010-0007 CVE-2010-0 04 Mar 2016 7.8 (v3) High Pass VMware ESX Java Runtime Environment (JRE) Multiple Vulnerabilities (VMSA-2010-0002) (remote check) CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1101 CVE-2009-1102 CVE-2009-1103 CVE-2009-1104 CVE-2009-1105 CVE-2009-1106 CVE-2009-1107 CVE-2009-2 08 Mar 2016 10 (v2) Critical Pass ManageEngine Applications Manager REST API SQLi CVE-2020-15394 07 Jan 2021 9.8 (v3) Critical Pass Juniper Junos OS DoS (JSA11107) CVE-2021-0217 13 Jan 2021 7.4 (v3) High Pass OpenSSL 1.0.2 < 1.0.2zd Vulnerability CVE-2022-0778 16 Mar 2022 7.5 (v3) High Pass Cisco IOS DHCP Multiple Vulnerabilities CVE-2018-0172 CVE-2018-0173 CVE-2018-0174 17 Apr 2018 8.6 (v3) High Pass PHP 7.3.x < 7.3.26 / 7.4.x < 7.4.14 / 8.x < 8.0.1 Input Validation Error CVE-2020-7071 14 Jan 2021 5.3 (v3) Medium Pass SolarWinds Orion Platform 2019.4 HF5 / 2020.2.x < 2020.2.1 SUNBURST Malware Backdoor 14 Dec 2020 8.1 (v3) High Pass Juniper Junos OS Denial of Service (JSA11105) CVE-2021-0215 14 Jan 2021 6.5 (v3) Medium Pass X Server Unauthenticated Access: Screenshot CVE-1999-0526 08 May 2013 10 (v2) Critical Pass OS Identi fi cation : RDP 17 Oct 2007 None Pass OpenSSL 3.0.0 < 3.0.2 Vulnerability CVE-2022-0778 16 Mar 2022 7.5 (v3) High Pass HP Power Manager Default Credentials 17 Nov 2009 7.5 (v2) High Pass Sawmill < 7.1.14 GET Request Query String XSS CVE-2005-2950 12 Sep 2005 4.3 (v2) Medium Pass CMSimple index.php search Function XSS CVE-2005-2392 14 Sep 2005 4.3 (v2) Medium Pass AVEVA InduSoft Web Studio / InTouch Edge HMI UniSoft.dll wcscpy() Stack Over fl ow CVE-2018-17916 31 Oct 2018 9.8 (v3) Critical Pass Schneider Electric IGSS Data Server Path Traversal (CVE-2022-24312) CVE-2022-24312 17 Mar 2022 9.8 (v3) Critical Pass Jumi Component for Joomla! ' fi leid' Parameter SQLi CVE-2009-2102 16 Nov 2009 7.3 (v3) High Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x <= 8.5.5.18 / 9.0.x <= 9.0.5.5 Information Disclosure (6339255) CVE-2020-4629 19 Jan 2021 3.3 (v3) Low Pass OSSIM 'host/draw_tree.php' Access Restriction Weakness Information Disclosure CVE-2009-3441 02 Nov 2009 5 (v2) Medium Pass 4D WebSTAR Tomcat Plugin Remote Bu ff er Over fl ow CVE-2005-1507 09 May 2005 5.1 (v2) Medium Pass Aprox PHP Portal index.php Arbitrary File View CVE-2004-0237 02 Feb 2004 5 (v2) Medium Pass HP OpenView Network Node Manager webappmon.exe Command Injection (c01661610) CVE-2008-4559 12 Feb 2009 7.5 (v2) High Pass CodeThatShoppingCart Multiple Remote Vulnerabilities (SQLi, XSS, ID) CVE-2005-1593 CVE-2005-1594 CVE-2005-1595 14 May 2005 7.5 (v2) High Pass Novell iManager < 2.7.6 Patch 1 Multiple Vulnerabilities CVE-2013-1088 CVE-2013-3268 19 Apr 2013 10 (v2) Critical Pass Puppet Multiple Vulnerabilities (2013/03/12) CVE-2013-1640 CVE-2013-1652 CVE-2013-1654 CVE-2013-2275 26 Apr 2013 9 (v2) High Pass McAfee ePolicy Orchestrator 4.6.x Multiple Vulnerabilities (SB10042) CVE-2013-0140 CVE-2013-0141 04 May 2013 7.9 (v2) High Pass IBM Multiple Products login.php Query String XSS CVE-2010-0714 15 Mar 2010 4.3 (v2) Medium Pass OSSIM download.php Directory Traversal 17 Mar 2010 5 (v2) Medium Pass VMware ESX WebAccess Context Data XSS (VMSA-2010-0005) CVE-2009-2277 05 Apr 2010 4.3 (v2) Medium Pass Apache Tomcat 4.1 XSS CVE-2002-1567 14 Jul 2010 5.3 (v3) Medium Pass NetSupport Manager Gateway HTTP Protocol Information Disclosure CVE-2010-4184 10 Nov 2010 4.3 (v2) Medium 29

RELAYTO Endpoints Penetration Test Results - Page 29

RELAYTO Endpoints Penetration Test Results Page 28 Page 30