RELAYTO Penetration Test Results (86/101)

Pass Cisco Small Business 220 Series Smart Switch Detection 10 Jan 2022 None Pass Gallery Zipcart Module Arbitrary File Disclosure CVE-2005-4023 06 Mar 2006 5 (v2) Medium Pass Gallery Install Log Local Information Disclosure CVE-2005-4021 06 Mar 2006 5 (v2) Medium Pass 4Images <= 1.7.1 index.php template Parameter Traversal Local File Inclusion CVE-2006-0899 06 Mar 2006 7.5 (v2) High Pass Loudblog < 0.42 template Parameter Traversal CVE-2006-1114 08 Mar 2006 6.4 (v2) Medium Pass Owl Intranet Engine lib/OWL_API.php xrms_ﬁle_root Parameter Remote File Inclusion CVE-2006-1149 08 Mar 2006 7.5 (v2) High Pass Geeklog lib-sessions.php Session Cookie Handling Authentication Bypass CVE-2006-1069 09 Mar 2006 7.5 (v2) High Pass SquirrelMail strings.php base_uri Parameter Information Disclosure CVE-2006-3665 09 Mar 2006 4.3 (v2) Medium Pass Easy File Sharing Web Server Multiple Remote Vulnerabilities (FS, XSS, Upload) CVE-2006-1159 CVE-2006-1160 CVE-2006-1161 10 Mar 2006 7.8 (v2) High Pass Gallery stepOrder Parameter Local File Inclusion CVE-2006-1219 10 Mar 2006 5 (v2) Medium Pass Pixelpost < 1.5 RC1 showimage Parameter SQL Injection CVE-2006-1104 13 Mar 2006 7.5 (v2) High Pass Kerio MailServer IMAP Server Crafted LOGIN Command DoS CVE-2006-1158 13 Mar 2006 7.8 (v2) High Pass Ipswitch IMail Server/Collaboration Suite IMAP FETCH Command Overﬂow CVE-2005-3526 13 Mar 2006 6.5 (v2) Medium Pass OTRS WebUI Detection 11 Dec 2017 None Pass Oracle Primavera Gateway Detection 21 Jul 2017 None Pass Advantech WebAccess < 8.2_20170817 Multiple Vulnerabilities CVE-2017-12698 CVE-2017-12702 CVE-2017-12704 CVE-2017-12706 CVE-2017-12708 CVE-2017-12710 CVE-2017-12711 CVE-2017-12713 CVE-2017-1271708 Sep 2017 9.8 (v3) Critical Pass MyBB search.php 'forums' Parameter SQLi CVE-2006-1065 13 Mar 2006 5 (v2) Medium Pass Kaa IoT Administration Server Detection 04 May 2017 None Pass Cisco Prime Infrastructure Detection 19 Apr 2016 None Pass VMware vRealize Automation Web UI Detection 27 Apr 2016 None Pass JBoss Operations Network Server Detection 06 Jun 2016 None Pass Emerson SM-Ethernet Web Interface Detection 01 Dec 2015 None Pass MyBB 'comma' Cookie SQLi CVE-2006-0959 13 Mar 2006 7.5 (v2) High Pass Cisco Identity Services Engine WebUI Detection 30 Dec 2014 None Pass IBM Rational Focal Point Login Detection 06 Mar 2014 None Pass Admbook content-data.php X-Forwarded-For Header Arbitrary PHP Code Injection CVE-2006-0852 15 Mar 2006 8.8 (v3) High Pass NAS4Free Web UI Detection 14 Apr 2014 None Pass IBM Storwize Web Management Interface Detection 03 Jul 2014 None Pass Bitdefender GravityZone User Interface Detection 25 Jul 2014 None Pass TimThumb Detection 28 Jul 2014 None Pass IBM Jazz Team Server Detection 06 Oct 2014 None Pass Barracuda Web Filter Detection 07 Oct 2014 None Pass Cisco TelePresence Conductor WebUI Detection 26 Nov 2014 None Pass MongoDB Detection 10 Apr 2013 None Pass Trend Micro Message Routing Framework Detection 14 Mar 2011 None Pass ManageEngine SharePoint Manager Plus Detection 05 May 2022 None Pass Horde go.php url Parameter Arbitrary File Access CVE-2006-1260 15 Mar 2006 5 (v2) Medium Pass PHP iCalendar Cookie Data Traversal Local File Inclusion CVE-2006-1292 16 Mar 2006 5.1 (v2) Medium Pass 3S CODESYS CmpWebServerHandlerV3 Heap-based Buﬀer Overﬂow CVE-2019-18858 04 Dec 2019 9.8 (v3) Critical Pass OpenSMTPD Critical LPE / RCE (CVE-2020-7247) CVE-2020-7247 14 Feb 2020 9.8 (v3) Critical Pass Cisco Uniﬁed Communications Manager Information Disclosure (cisco-sa-cucm-inf-disc-wCxZNjL2) CVE-2021-1406 16 Apr 2021 4.9 (v3) Medium Pass Juniper Junos OS DoS (JSA11212) CVE-2021-0298 26 Apr 2022 4.7 (v3) Medium Pass QNAP QTS / QuTS Hero Default Credentials 26 Apr 2022 9.8 (v3) Critical Pass PHP iCalendar publish.ical.php Arbitrary File Upload CVE-2006-1291 17 Mar 2006 8.8 (v3) High Pass MailEnable POP3 Server Authentication Vulnerabilities CVE-2006-1337 22 Mar 2006 7.5 (v2) High Pass MailEnable POP3 Server APOP Command Remote Buﬀer Overﬂow CVE-2006-1792 23 Mar 2006 10 (v2) Critical Pass Joomla! Detection 24 Mar 2006 None Pass Joomla! < 1.0.8 Information Disclosure CVE-2006-1027 24 Mar 2006 5.3 (v3) Medium Pass PostNuke PNphpBB2 includes/functions_admin.php phpbb_root_path Parameter Remote File Inclusion CVE-2006-4968 27 Mar 2006 6.8 (v2) Medium Pass Free Articles Directory index.php page Parameter Remote File Inclusion CVE-2006-1350 27 Mar 2006 7.5 (v2) High Pass phpBannerExchange Template Class Local File Inclusion CVE-2006-1201 27 Mar 2006 5 (v2) Medium Pass Pubcookie Login Server index.cgi XSS CVE-2006-1392 28 Mar 2006 4.3 (v2) Medium Pass PHP Live Helper Multiple Remote File Inclusions CVE-2006-1477 CVE-2006-4051 28 Mar 2006 7.5 (v2) High Pass Horde Help Viewer Arbitrary Code Execution CVE-2006-1491 29 Mar 2006 7.5 (v2) High Pass gCards < 1.46 Multiple Vulnerabilities CVE-2006-1346 CVE-2006-1347 CVE-2006-1348 03 Apr 2006 7.5 (v2) High Pass BASE base_maintenance.php Authentication Bypass CVE-2006-1505 03 Apr 2006 5 (v2) Medium Pass AngelineCMS loadkernel.php installPath Parameter Remote File Inclusion CVE-2006-1653 05 Apr 2006 7.5 (v2) High Pass CubeCart FCKeditor connector.php Arbitrary File Upload CVE-2006-0922 05 Apr 2006 7.5 (v2) High Pass PHProjekt authform.inc.php path_pre Parameter Remote File Inclusion CVE-2004-2740 07 Apr 2006 6.8 (v2) Medium Pass Skype < 1.4.0.84 Multiple Vulnerabilities (uncredentialed check) CVE-2005-3265 CVE-2005-3267 11 Apr 2006 10 (v2) Critical Pass Dokeos < 1.6.4 / 2.0.3 Multiple Scripts Remote File Inclusion CVE-2006-2286 12 Apr 2006 6.8 (v2) Medium Pass Clever Copy connect.inc Direct Request Information Disclosure CVE-2006-1718 12 Apr 2006 5 (v2) Medium Pass Plone Unprotected MembershipTool Methods Arbitrary Portrait Manipulation CVE-2006-1711 14 Apr 2006 5 (v2) Medium Pass Adobe Document Server for Reader Extensions < 6.1 Multiple Vulnerabilities CVE-2006-1627 CVE-2006-1785 CVE-2006-1786 CVE-2006-1787 CVE-2006-1788 14 Apr 2006 7.5 (v2) High Pass phpList index.php database_module Parameter Local File Inclusion CVE-2006-1746 14 Apr 2006 5 (v2) Medium Pass Simplog <= 0.9.2 Multiple Vulnerabilities CVE-2006-1776 CVE-2006-1777 CVE-2006-1778 CVE-2006-1779 14 Apr 2006 7.5 (v2) High Pass PAJAX < 0.5.2 Multiple Vulnerabilities CVE-2006-1551 CVE-2006-1789 16 Apr 2006 7.5 (v2) High Pass phpWebSite index.php hub_dir Parameter Local File Inclusion CVE-2006-1819 16 Apr 2006 7.5 (v2) High Pass Sphider conﬁgset.php settings_dir Parameter Remote File Inclusion CVE-2006-1784 16 Apr 2006 5.1 (v2) Medium Pass phpAlbum language.php data_dir Parameter Remote File Inclusion CVE-2006-1839 17 Apr 2006 7.5 (v2) High Pass Sysinfo name Parameter Arbitrary Code Execution CVE-2006-1831 17 Apr 2006 7.5 (v2) High Pass phpWebFTP index.php language Parameter Local File Inclusion CVE-2006-1813 17 Apr 2006 6.4 (v2) Medium Pass MyBB global.php 'KILL_GLOBAL' Overwrite SQL Injection CVE-2006-1912 17 Apr 2006 5.8 (v2) Medium Pass ActualAnalyzer direct.php rf Parameter Remote File Inclusion CVE-2006-1959 19 Apr 2006 7.5 (v2) High Pass GDB Server Detection 19 Apr 2006 7.5 (v2) High Pass OpenSSL 1.0.2 < 1.0.2zc-dev Vulnerability CVE-2021-4160 29 Jan 2022 5.9 (v3) Medium Pass phpBB Advanced GuestBook addentry.php phpbb_root_path Parameter Remote File Inclusion CVE-2006-2152 03 May 2006 7.5 (v2) High Pass Asterisk Recording Interface (ARI) includes/main.conf Remote Credential Disclosure CVE-2006-2020 03 May 2006 7.8 (v2) High Pass Asterisk Recording Interface (ARI) misc/audio.php recording Parameter Traversal Arbitrary File Access CVE-2006-2021 03 May 2006 5 (v2) Medium Pass Help Center Live osTicket Module Multiple Unspeciﬁed SQL Injections CVE-2006-2039 03 May 2006 7.5 (v2) High Pass Invision Power Board 2.x.x < 04-25-06 Multiple Vulnerabilities CVE-2006-2059 CVE-2006-2060 CVE-2006-2061 03 May 2006 6.4 (v2) Medium Pass Monster Top List sources/functions.php root_path Parameter Remote File Inclusion CVE-2006-1781 03 May 2006 7.5 (v2) High Pass phpListPro Multiple Script returnpath Parameter Remote File Inclusions CVE-2006-1749 CVE-2006-2323 03 May 2006 7.5 (v2) High Pass sBLOG search.php keyword Parameter SQL Injection CVE-2006-2189 03 May 2006 10 (v2) Critical Pass phpBB Multiple Module phpbb_root_path Parameter Remote File Inclusion CVE-2006-2245 CVE-2006-5301 CVE-2006-5306 CVE-2006-5390 CVE-2006-5418 CVE-2006-7090 CVE-2006-7100 CVE-2006-7147 CVE-2007-5009 CVE-2007-510004 May 2006 6.8 (v2) Medium Pass AWStats migrate Parameter Arbitrary Command Execution CVE-2006-2237 08 May 2006 5.1 (v2) Medium Pass Aardvark Topsites CONFIG[path] Parameter Remote File Inclusion CVE-2006-2149 08 May 2006 6.4 (v2) Medium Pass Juniper Junos OS DoS (JSA11168) CVE-2021-0240 CVE-2021-0241 07 May 2021 6.5 (v3) Medium Pass Claroline ldap.inc.php clarolineRepositorySys Parameter Remote File Inclusion CVE-2006-2284 11 May 2006 6.8 (v2) Medium Pass Dell EMC iDRAC8 < 2.80.80.80 / Dell EMC iDRAC9 < 4.40.40.00 (DSA-2021-177) CVE-2021-36301 03 Jun 2022 7.2 (v3) High Pass Dell EMC iDRAC9 4.40.x < 4.40.29.00 (DSA-2021-177) CVE-2021-36299 03 Jun 2022 8.1 (v3) High Pass IdealBB < 1.5.4b Multiple Vulnerabilities (XSS, SQLi, Upload, Traversal) CVE-2006-2317 CVE-2006-2318 CVE-2006-2319 CVE-2006-2320 CVE-2006-2321 11 May 2006 7.5 (v2) High Pass Dell EMC iDRAC9 < 5.00.00.00 (DSA-2021-177) CVE-2021-36300 03 Jun 2022 8.2 (v3) High Pass Stadtaus Gaestebuch-Script index.php include_ﬁles Parameter Remote File Inclusion CVE-2006-2158 11 May 2006 6.4 (v2) Medium Pass Cisco NX-OS Software Unidirectional Link Detection DoS / Code Execution (cisco-sa-nxos-udld-rce-xetH6w35)CVE-2021-1368 19 May 2021 8.8 (v3) High Pass e107 e107_cookie Parameter SQL Injection CVE-2006-2416 15 May 2006 5.1 (v2) Medium Pass Cisco Web Security Appliance Stored XSS (cisco-sa-wsa-xss-RuB5WGqL) CVE-2021-1271 20 May 2021 4.8 (v3) Medium Pass Citrix ADC Authentication Bypass (CTX261055) CVE-2019-18225 25 May 2021 9.8 (v3) Critical Pass Juniper Junos OS DoS (JSA11132) CVE-2021-0237 26 May 2021 6.5 (v3) Medium Pass ACal embed/day.php path Parameter Remote File Inclusion CVE-2006-2261 15 May 2006 7.5 (v2) High Pass EMC RSA Archer 6.6 < 6.6 P8 / 6.7 < 6.7 P8 / 6.8 < 6.8 P5 / 6.9 < 6.9 P2 Insecure Credential Storage CVE-2021-29253 28 May 2021 5.5 (v3) Medium Pass Limbo weblinks.html.php catid Parameter SQL Injection CVE-2006-2363 15 May 2006 5.1 (v2) Medium Pass Dovecot Multiple Command Traversal Arbitrary Directory Listing CVE-2006-2414 15 May 2006 5 (v2) Medium Pass Squirrelcart cart_content.php cart_isp_root Parameter Remote File Inclusion CVE-2006-2483 17 May 2006 6.4 (v2) Medium Pass Skype URI Handling Arbitrary File Download (uncredentialed check) CVE-2006-2312 19 May 2006 2.6 (v2) Low Pass Nucleus CMS PLUGINADMIN.php DIR_LIBS Parameter Remote File Inclusion CVE-2006-2583 25 May 2006 5.1 (v2) Medium Pass BASE Multiple Script BASE_path Parameter Remote File Inclusion CVE-2006-2685 27 May 2006 4 (v2) Medium Pass e107 email.php Arbitrary Mail Relay CVE-2006-2591 31 May 2006 5 (v2) Medium Pass SquirrelMail plugin.php plugins Parameter Local File Inclusion CVE-2006-2842 03 Jun 2006 7.5 (v2) High Pass LifeType index.php articleId Parameter SQL Injection CVE-2006-2857 04 Jun 2006 7.5 (v2) High Pass MySQL Anonymous Login Handshake Remote Information Disclosure CVE-2006-1516 04 Jun 2006 5 (v2) Medium Pass Claroline Multiple Script includePath Parameter Remote File Inclusion CVE-2006-2868 05 Jun 2006 5.1 (v2) Medium 86

RELAYTO Penetration Test Results - Page 86

RELAYTO Penetration Test Results Page 85 Page 87