RELAYTO Penetration Test Results (10/101)

Pass Compaq Web-Based Management Agent Remote Overﬂow DoS 06 Jan 2004 5 (v2) Medium Pass KpyM Telnet Server DoS 07 Jan 2004 5 (v2) Medium Pass Bagle Worm Removal 21 Jan 2004 10 (v2) Critical Pass Zope < 2.6.3 Multiple Vulnerabilities 13 Jan 2004 5 (v2) Medium Pass Apache 2.2.x < 2.2.21 mod_proxy_ajp DoS CVE-2011-3348 16 Sep 2011 5.3 (v3) Medium Pass DNS Server Fingerprinting 16 Dec 2003 None Pass APSIS Pound Load Balancer Format String Overﬂow CVE-2004-2026 15 Jun 2004 7.5 (v2) High Pass Finjan SurﬁnGate Proxy FHTTP Command Admin Functions Authentication Bypass CVE-2004-2107 02 Feb 2004 7.5 (v2) High Pass JBrowser _admin/ Direct Request Admin Authentication Bypass CVE-2007-1156 02 Feb 2004 7.5 (v2) High Pass PJ CGI Neo PJreview_Neo.cgi p Parameter Traversal Arbitrary File Access CVE-2004-2132 02 Feb 2004 5 (v2) Medium Pass XTreme ASP Photo Gallery adminlogin.asp Multiple Parameter SQL Injection CVE-2004-2746 16 Jan 2004 7.5 (v2) High Pass Qualiteam X-Cart Multiple Script perl_binary Parameter Arbitrary Command Execution CVE-2004-0241 03 Feb 2004 10 (v2) Critical Pass Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certiﬁcate Forgery CVE-2004-0009 06 Feb 2004 7.3 (v3) High Pass Mambo Site Server itemid Parameter XSS CVE-2004-2072 06 Feb 2004 4.3 (v2) Medium Pass MS04-007: ASN.1 Vulnerability Could Allow Code Execution (828028) (uncredentialed check) (HTTP) CVE-2003-0818 15 Feb 2004 7.5 (v2) High Pass BEA WebLogic conﬁg.xml Operator/Admin Password Disclosure CVE-2004-1757 05 Feb 2004 4.4 (v2) Medium Pass Google Search Appliance proxystylesheet Parameter Multiple Remote Vulnerabilities (XSS, Code Exec, ID)CVE-2005-3754 CVE-2005-3755 CVE-2005-3756 CVE-2005-3757 CVE-2005-3758 22 Nov 2005 7.5 (v2) High Pass vBulletin search.php query Parameter XSS CVE-2004-2076 16 Feb 2004 4.3 (v2) Medium Pass Bagle.B Worm Detection 17 Feb 2004 9.3 (v2) High Pass MS04-007: ASN.1 Vulnerability Could Allow Code Execution (828028) (uncredentialed check) (NTLM) CVE-2003-0818 13 Feb 2004 9.8 (v3) Critical Pass Serv-U MDTM Command Overﬂow CVE-2004-0330 26 Feb 2004 9 (v2) High Pass ASN.1 Multiple Integer Overﬂows (SMTP check) CVE-2003-0818 18 Feb 2004 10 (v2) Critical Pass APC SmartSlot Web/SNMP Management Card Default Password CVE-2004-0311 18 Feb 2004 10 (v2) Critical Pass Crob FTP Server Connection Saturation Remote DoS CVE-2004-0282 17 Feb 2004 5 (v2) Medium Pass Ecommerce Corp. Online Store Kit 3.0 Multiple Vulnerabilities CVE-2004-0300 CVE-2004-0301 17 Feb 2004 7.5 (v2) High Pass TalentSoft Web+ webplus.exe Path Disclosure 24 Feb 2004 5 (v2) Medium Pass TYPSoft FTP Server 1.10 Invalid Path Request DoS CVE-2004-0325 25 Feb 2004 7.8 (v2) High Pass Apache Tomcat Default Files 02 Mar 2004 5.3 (v3) Medium Pass WFTP 3.21 Multiple Vulnerabilities (OF, DoS) CVE-2004-0340 CVE-2004-0341 CVE-2004-0342 29 Feb 2004 7.2 (v2) High Pass DreamFTP Server username Remote Format String CVE-2004-2074 04 Mar 2004 7.3 (v3) High Pass Apache 2.0.x < 2.0.49 mod_ssl Plain HTTP Request DoS CVE-2004-0113 14 Mar 2004 5.3 (v3) Medium Pass Robo-FTP Pre-authentication Command Execution DoS 27 Feb 2004 5 (v2) Medium Pass HotOpentickets Privilege Escalation 04 Mar 2004 6.5 (v2) Medium Pass ShopCartCGI Multiple Script Traversal Arbitrary File Access CVE-2004-0293 17 Feb 2004 5 (v2) Medium Pass Courier < 0.45 Multiple Remote Overﬂows CVE-2004-0224 14 Mar 2004 10 (v2) Critical Pass Apache Tomcat source.jsp Arbitrary Directory Listing CVE-2002-2007 31 Mar 2004 5.3 (v3) Medium Pass Agobot.FO Backdoor Detection 05 Apr 2004 10 (v2) Critical Pass Invision Power Board index.php pop Parameter XSS CVE-2004-2279 14 Mar 2004 4.3 (v2) Medium Pass Oracle 9iAS iSQLplus XSS 17 Mar 2004 4.3 (v2) Medium Pass oftpd PORT Command Remote DoS CVE-2004-0376 04 Apr 2004 5 (v2) Medium Pass Web Server Incomplete Basic Authentication DoS (deprecated) 11 Apr 2004 7.5 (v2) High Pass Novell NetWare Web Handler Multiple Vulnerabilities CVE-2002-1436 CVE-2002-1437 CVE-2002-1438 21 Nov 2002 7.5 (v2) High Pass Novell Groupwise Servlet Manager Default Password CVE-2001-1195 31 Mar 2004 5 (v2) Medium Pass Aborior Encore WebForum display.cgi ﬁle Parameter Command Execution CVE-2004-1888 04 Apr 2004 7.5 (v2) High Pass Ultimate PHP Board add.php Direct Request Information Disclosure CVE-2002-2276 05 Apr 2004 5 (v2) Medium Pass XOOPS Article Module article.php id Parameter SQL Injection CVE-2008-2094 23 Apr 2008 7.5 (v2) High Pass CVS Client Traversal Arbitrary File Retrieval CVE-2004-0405 16 Apr 2004 5 (v2) Medium Pass TCP/IP Sequence Prediction Blind Reset Spooﬁng DoS CVE-2004-0230 25 Apr 2004 5 (v2) Medium Pass Web Server Load Balancer Detection 04 May 2004 2.6 (v2) Low Pass Web Server Reverse Proxy Detection 04 May 2004 5 (v2) Medium Pass MS04-011: Security Update for Microsoft Windows (835732) (uncredentialed check) CVE-2003-0533 15 Apr 2004 9.8 (v3) Critical Pass Helix RealServer HTTP GET Request DoS CVE-2004-0389 15 Apr 2004 7.8 (v2) High Pass Xerox WorkCentre Extensible Interface Platform Unspeciﬁed Security Bypass (XRX08-006) CVE-2008-2824 13 Jun 2008 10 (v2) Critical Pass Microsoft IIS Cookie information disclosure 06 May 2004 5 (v2) Medium Pass AppSocket & socketAPI Printers - Do Not Scan 19 May 2004 None Pass RPC bootparamd NIS Domain Name Disclosure 13 May 2004 5 (v2) Medium Pass NIS passwd.byname Map Disclosure 13 May 2004 5 (v2) Medium Pass IBM Lotus Domino ?ReadDesign Request Design Element Disclosure 26 May 2004 5 (v2) Medium Pass UoW imap Server (uw-imapd) Arbitrary Remote File Access CVE-2002-1782 26 May 2004 2.1 (v2) Low Pass mod_ssl ssl_util_uuencode_binary Remote Overﬂow CVE-2004-0488 29 May 2004 7.5 (v2) High Pass Terminal Services Web Detection 07 May 2004 None Pass H323 Protocol / VoIP Application Detection 20 May 2004 None Pass Subversion < 1.0.4 Pre-Commit-Hook Remote Overﬂow 08 Jun 2004 7.5 (v2) High Pass jPortal print.inc.php id Parameter SQL Injection CVE-2004-2036 29 May 2004 7.5 (v2) High Pass Qpopper Authentication Timing Response Account Enumeration 16 Jun 2004 5 (v2) Medium Pass Record Route 09 Jun 2004 None Pass US Robotics Broadband Router 8003 menu.htm Admin Password Disclosure 11 Jun 2004 10 (v2) Critical Pass MS04-017: Crystal Reports Web Viewer Could Allow Information Disclosure and DoS (842689) (uncredentialed check)CVE-2004-0204 11 Jun 2004 7.5 (v2) High Pass EDIMAX Wireless AP Default Password Check 11 Jun 2004 10 (v2) Critical Pass WordPress < 0.72 RC1 Multiple Vulnerabilities CVE-2003-1599 09 Jun 2003 7.3 (v3) High Pass Microsoft IIS Download.Ject Trojan Detection 25 Jun 2004 7.5 (v2) High Pass JetBrains TeamCity Agent XML-RPC Port RCE 10 Nov 2016 9.8 (v3) Critical Pass Unreal Engine Secure Query Remote Overﬂow CVE-2004-0608 22 Jun 2004 10 (v2) Critical Pass Horde Chora CVS Viewer diﬀ Utility Arbitrary Command Execution 21 Jun 2004 7.5 (v2) High Pass Citrix MetaFrame XP login.asp NFuse_Message Parameter XSS CVE-2003-1157 06 Jul 2004 4.3 (v2) Medium Pass Inktomi Search MS-DOS Device Name Request Path Disclosure CVE-2004-0050 06 Jul 2004 5 (v2) Medium Pass osTicket Arbitrary Attachment Disclosure CVE-2004-0613 14 Jul 2004 5 (v2) Medium Pass IMP Software Detection 10 Jul 2004 None Pass osTicket Form Field Modiﬁcation File Upload Size Restriction Bypass CVE-2004-0614 14 Jul 2004 5 (v2) Medium Pass osTicket Attachment Handling File Upload Arbitrary Code Execution CVE-2004-0613 14 Jul 2004 7.5 (v2) High Pass Splunk Enterprise 6.1.x < 6.1.3 Multiple Vulnerabilities CVE-2014-5197 CVE-2014-5198 18 Aug 2014 4.3 (v2) Medium Pass SquirrelMail Detection 11 Jul 2004 None Pass Mensajeitor Tag Board Admin Bypass 26 Jul 2004 5 (v2) Medium Pass Subversion < 1.0.6 mod_authz_svn Restricted File Access Bypass CVE-2004-1438 27 Jul 2004 5 (v2) Medium Pass Citadel/UX USER Command Remote Overﬂow CVE-2004-1705 30 Jul 2004 10 (v2) Critical Pass Horde Chora Software Detection 28 Jul 2004 None Pass RiSearch show.pl Open Proxy Relay CVE-2004-2061 02 Aug 2004 7.5 (v2) High Pass PowerPortal modules/private_messages/index.php Multiple Parameter XSS CVE-2004-2514 01 Aug 2004 4.3 (v2) Medium Pass Samba < 3.0.7 Multiple Remote DoS CVE-2004-0807 CVE-2004-0808 13 Sep 2004 5 (v2) Medium Pass Medal of Honor Multiple Remote Overﬂows CVE-2004-0735 10 Aug 2004 10 (v2) Critical Pass MySQL < 3.23.59 / 4.0.21 Multiple Vulnerabilities CVE-2004-0835 CVE-2004-0837 11 Oct 2004 7.5 (v2) High Pass Zincite.A (MyDoom.M) Backdoor Detection 02 Aug 2004 10 (v2) Critical Pass WebCam Watchdog sresult.exe XSS CVE-2004-2528 02 Aug 2004 4.3 (v2) Medium Pass Juniper Junos OS Multiple Vulnerabilities (JSA11171) CVE-2013-5211 CVE-2016-9310 15 Apr 2021 6.5 (v3) Medium Pass thttpd 2.0.7 Directory Traversal (Windows) CVE-2004-2628 09 Aug 2004 5 (v2) Medium Pass Polar HelpDesk Authentication Bypass CVE-2004-2736 02 Aug 2004 7.5 (v2) High Pass BasiliX Message Content XSS CVE-2002-1708 09 Aug 2004 4.3 (v2) Medium Pass Basilix Webmail id Variable SQL Injection CVE-2002-1709 09 Aug 2004 6.4 (v2) Medium Pass RiSearch show.pl Arbitrary File Access CVE-2004-2061 04 Aug 2004 5 (v2) Medium Pass BreakCalendar < 1.3 XSS 09 Aug 2004 4.3 (v2) Medium Pass Dropbear SSH Server DSS Veriﬁcation Failure Remote Privilege Escalation CVE-2004-2486 09 Aug 2004 7.5 (v2) High Pass GoScript go.cgi Arbitrary Command Execution CVE-2004-2776 09 Aug 2004 7.5 (v2) High Pass Knox Arkeia Network Backup Agent Default Account CVE-2005-0496 21 Feb 2005 10 (v2) Critical Pass CVSTrac cgi.c Multiple Overﬂows 17 Aug 2004 7.5 (v2) High Pass CVSTrac Database Plaintext Password Storage 17 Aug 2004 5 (v2) Medium Pass SNMP Scanner 15 Aug 2004 None Pass CVSTrac Invalid Ticket DoS 17 Aug 2004 5 (v2) Medium Pass BasiliX login.php3 username Variable Arbitrary Command Execution 09 Aug 2004 6.8 (v2) Medium Pass phpGroupWare Unspeciﬁed Remote File Inclusion 17 Aug 2004 7.5 (v2) High Pass CVS history.c File Existence Information Disclosure CVE-2004-0778 20 Aug 2004 5 (v2) Medium Pass CVSTrac Ticket Title Arbitrary Command Execution 17 Aug 2004 7.5 (v2) High Pass CVSTrac timeline.c timeline_page Function Overﬂow 17 Aug 2004 7.5 (v2) High 10

RELAYTO Penetration Test Results - Page 10

RELAYTO Penetration Test Results Page 9 Page 11