RELAYTO Penetration Test Results (93/101)

Pass Lime Wire Multiple Remote Unauthorized Access CVE-2005-0788 06 Apr 2005 5 (v2) Medium Pass Ability FTP Server Multiple Command Remote Buﬀer Overﬂows CVE-2004-1626 CVE-2004-1627 04 Nov 2004 10 (v2) Critical Pass Western Digital TV Multiple Vulnerabilities 08 Sep 2017 7.5 (v3) High Pass up-imapproxy IMAP Proxy IMAP_Line_Read() Function Literal Size DoS CVE-2004-1035 30 Nov 2004 6.4 (v2) Medium Pass ExtCalendar Detection 26 Jan 2011 None Pass macOS 10.15.x < 10.15.5 / 10.14.x < 10.14.6 Security Update 2020-003 / 10.13.x < 10.13.6 Security Update 2020-003CVE-2019-14868 CVE-2019-20044 CVE-2020-3878 CVE-2020-3882 CVE-2020-9771 CVE-2020-9772 CVE-2020-9788 CVE-2020-9789 CVE-2020-9790 CVE-2020-9791 CVE-2020-9792 CVE-2020-9793 CVE-2020-9794 CVE-2020-9795 CVE-2020-9797 CVE-2020-9804 CVE-2020-9808 CVE-2020-9809 CVE-2020-9811 CVE-2020-9812 CVE-2020-9813 CVE-2020-9814 CVE-2020-9815 CVE-2020-9816 CVE-2020-9817 CVE-2020-9821 CVE-2020-9822 CVE-2020-9824 CVE-2020-9825 CVE-2020-9826 CVE-2020-9827 CVE-2020-9828 CVE-2020-9830 CVE-2020-9831 CVE-2020-9832 CVE-2020-9833 CVE-2020-9834 CVE-2020-9837 CVE-2020-9839 CVE-2020-9841 CVE-2020-9842 CVE-2020-9844 CVE-2020-9847 CVE-2020-9851 CVE-2020-9852 CVE-2020-9855 CVE-2020-9856 CVE-2020-985728 May 2020 8.8 (v3) High Pass IBM Sametime Detection 14 Mar 2011 None Pass PHP 7.0.x < 7.0.25 Multiple Vulnerabilities CVE-2016-1283 CVE-2017-16642 16 Nov 2017 9.8 (v3) Critical Pass HP Client Automation Default Credentials 25 Mar 2011 10 (v2) Critical Pass WU-FTPD ﬁleutils/coreutils ls -w Argument Memory Consumption DoS CVE-2003-0853 CVE-2003-0854 29 Oct 2003 7.5 (v3) High Pass WP Statistics Plugin for WordPress < 12.6.7 Blind SQL Injection 02 Jul 2019 8.3 (v3) High Pass Default Password '1111' for 'admin' Account CVE-1999-0502 28 Oct 2016 9.8 (v3) Critical Pass IMAP pop-2d POP Daemon FOLD Command Remote Overﬂow CVE-1999-0920 22 Jun 1999 10 (v2) Critical Pass HP System Management Homepage < 7.2.5 / 7.4.1 Multiple Vulnerabilities (POODLE) CVE-2014-3508 CVE-2014-3509 CVE-2014-3511 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-5139 CVE-2015-213303 Aug 2015 6.8 (v2) Medium Pass Xerox WorkCentre Multi-Page Document Scan/Fax Information Disclosure (XRX05-002) 16 May 2005 2.6 (v2) Low Pass ePolicy Orchestrator Detection 02 Oct 2006 None Pass pfSense < 2.3.1-p5 Multiple Vulnerabilities (SA-16_07 / SA-16_08) CVE-2013-7456 CVE-2016-5093 CVE-2016-5094 CVE-2016-5096 31 Jan 2018 8.6 (v3) High Pass pfSense < 2.2.2 Multiple Vulnerabilities (SA-15_05) 31 Jan 2018 4.7 (v3) Medium Pass pfSense < 2.2.4 Multiple Vulnerabilities (SA-15_07) CVE-2015-3152 CVE-2015-5358 CVE-2015-8838 31 Jan 2018 5.9 (v3) Medium Pass pfSense < 2.3.1-p1 Multiple Vulnerabilities (SA-16_05) 31 Jan 2018 8.8 (v3) High Pass pfSense < 2.4.2 Multiple Vulnerabilities (SA-17_07) CVE-2017-1086 CVE-2017-1088 CVE-2017-3735 CVE-2017-3736 21 Mar 2018 5.3 (v3) Medium Pass pfSense < 2.1.4 Multiple Vulnerabilities ( SA-14_07 ) CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 21 Mar 2018 7.4 (v3) High Pass Multiple FTP Server Command Handling Overﬂow CVE-1999-0219 CVE-2000-0870 CVE-2000-0943 CVE-2000-1035 CVE-2000-1194 CVE-2002-0126 CVE-2003-0271 CVE-2005-0634 CVE-2005-141522 Jun 1999 9.8 (v3) Critical Pass pfSense Default SSH Credentials 24 Jan 2018 9.8 (v3) Critical Pass GuildFTPd Traversal Arbitrary File Enumeration CVE-2000-0640 16 Jul 2000 7.3 (v3) High Pass Samba Badlock Vulnerability CVE-2016-2118 13 Apr 2016 7.5 (v3) High Pass OS Identiﬁcation : SinFP 19 May 2007 None Pass Unsupported Windows OS (remote) 03 Apr 2018 10 (v3) Critical Pass Dell iDRAC9 Directory Traversal (DSA-2020-128) CVE-2020-5366 31 Jul 2020 6.5 (v3) Medium Pass Sendmail < 8.14.4 SSL Certiﬁcate NULL Character Spooﬁng CVE-2009-4565 05 Jan 2010 7.3 (v3) High Pass PHP 8.1.x < 8.1.3 CVE-2021-21708 18 Feb 2022 9.8 (v3) Critical Pass OTRS Unspeciﬁed Remote Code Execution (OSA-2017-04) CVE-2017-14635 11 Dec 2017 8.8 (v3) High Pass OTRS Authenticated Remote Code Execution (OSA-2017-07) CVE-2017-16664 11 Dec 2017 8.8 (v3) High Pass Cisco IOS XE Software IOx Application Environment Path Traversal (cisco-sa-iox-pt-hWGcPf7g) CVE-2021-1385 08 Sep 2021 6.5 (v3) Medium Pass Palo Alto Networks PAN-OS 9.0.10 < 9.0.15 / 9.1.4 < 9.1.11 / 10.0.x < 10.0.8 / 10.1.x < 10.1.2 OS Command InjectionCVE-2021-3050 10 Sep 2021 8.8 (v3) High Pass Pulse Connect Secure < 9.1R8 (SA44516) CVE-2020-8204 CVE-2020-8206 CVE-2020-8216 CVE-2020-8217 CVE-2020-8218 CVE-2020-8219 CVE-2020-8220 CVE-2020-8221 CVE-2020-8222 CVE-2020-12880 CVE-2020-1540831 Jul 2020 8.1 (v3) High Pass MariaDB 10.3.x < 10.3.1 Multiple DoS Vulnerabilities 07 Dec 2017 4.3 (v3) Medium Pass OpenSSL < 0.9.6e / 0.9.7b3 Multiple Remote Vulnerabilities CVE-2000-0535 CVE-2001-1141 CVE-2002-0655 CVE-2002-0656 CVE-2002-0657 CVE-2002-0659 05 Aug 2002 10 (v2) Critical Pass SSH Secure Shell without PTY setsid() Function Privilege Escalation CVE-2002-1644 25 Nov 2002 7.1 (v2) High Pass pfSense Unsupported Version Detection 30 Jan 2019 10 (v3) Critical Pass Allied Telesyn Router/Switch Web Interface Default Password CVE-1999-0508 03 Jun 2005 7.5 (v2) High Pass Micro Focus Operations Orchestration JMiniX Multiple Vulnerabilities CVE-2018-6490 02 Mar 2018 7.5 (v3) High Pass Arista CloudVision Portal Web Detection 26 Jun 2020 None Pass Cisco Uniﬁed Communications Manager Express Denial of Service Vulnerabilities (cisco-sa-20100324-cucme)CVE-2010-0585 CVE-2010-0586 01 Sep 2010 7.8 (v2) High Pass Unauthenticated OpenVPN Server Detection 28 Feb 2018 None Pass Cisco IOS Software IPsec Vulnerability (cisco-sa-20100324-ipsec) CVE-2010-0578 01 Sep 2010 7.8 (v2) High Pass Oracle Portal Demo Organization Chart SQL Injection CVE-2013-3831 22 Nov 2013 5.5 (v2) Medium Pass PHP 7.3.x < 7.3.21 Use-After-Free Vulnerability CVE-2020-7068 13 Aug 2020 3.6 (v3) Low Pass Juniper Junos PIM rpd Crafted Boot Message Remote DoS (PSN-2011-07-296) 22 Aug 2011 5.4 (v2) Medium Pass PHP 7.4.x < 7.4.9 Use-After-Free Vulnerability CVE-2020-7068 13 Aug 2020 3.6 (v3) Low Pass PHP 7.2.x < 7.2.33 Use-After-Free Vulnerability CVE-2020-7068 13 Aug 2020 3.6 (v3) Low Pass Juniper Junos J-Web Component Unspeciﬁed CSRF (PSN-2012-01-474) 23 Jan 2012 9.3 (v2) High Pass Novell NetWare 6.0 Tomcat source.jsp Traversal Arbitrary File Access CVE-2000-1210 30 Mar 2004 7.8 (v2) High Pass Allegro Software RomPager 2.10 Malformed Authentication Request DoS CVE-2000-0470 27 Jul 2005 7.8 (v2) High Pass WinComLPD LPD Monitoring Server Default Credentials 06 Feb 2008 7.5 (v2) High Pass JQuery 1.2 < 3.5.0 Multiple XSS CVE-2020-11022 CVE-2020-11023 28 May 2020 6.1 (v3) Medium Pass Cisco IOS XR BGP Additional Paths DoS (cisco-sa-bgp-ErKEqAer) CVE-2020-3449 14 Aug 2020 4.3 (v3) Medium Pass Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities (cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz)CVE-2020-3566 CVE-2020-3569 01 Sep 2020 7.5 (v3) High Pass Apache for Windows Multiple Forward Slash Directory Listing CVE-2000-0505 CVE-2001-0729 13 Jun 2000 5.3 (v3) Medium Pass Novell eDirectory < 8.8.5 ftf1/8.7.3.10 ftf2 NULL Base DN DoS CVE-2009-3862 06 Nov 2009 5 (v2) Medium Pass Juniper Junos OS DoS (JSA11187) CVE-2021-0285 08 Sep 2021 7.5 (v3) High Pass Palo Alto Networks PAN-OS 8.1.x < 8.1.20 / 9.0.x < 9.0.14 / 9.1.x < 9.1.9 / 10.0.x < 10.0.5 Vulnerability CVE-2021-3053 08 Sep 2021 7.5 (v3) High Pass WP Symposium Plugin for WordPress forum.php 'show' Parameter SQL Injection (Version Check) CVE-2015-3325 18 May 2015 7.5 (v2) High Pass Palo Alto Networks PAN-OS 8.1.x < 8.1.20 / 9.0.x < 9.0.14 / 9.1.x < 9.1.10 / 10.0.x < 10.0.2 Vulnerability CVE-2021-3052 08 Sep 2021 5.4 (v3) Medium Pass Palo Alto Networks PAN-OS 5.0.x < 5.0.20 / 5.1.x < 5.1.13 / 6.0.x < 6.0.15 / 6.1.x < 6.1.15 / 7.0.x < 7.0.11 / 7.1.x < 7.1.6 Multiple VCVE-2016-9149 CVE-2016-9150 CVE-2016-9151ulnerabilities (PAN-SA-2016-0033 / PAN-SA-2016-0034 / PAN-SA-2016-0035 / PAN-SA-2016-0037) 02 Dec 2016 9.8 (v3) Critical Pass EMC RSA Authentication Manager < 8.3 Patch 3 Multiple Vulnerabilities (DSA-2018-152) CVE-2018-11073 CVE-2018-11074 CVE-2018-11075 27 Sep 2018 6.1 (v3) Medium Pass Barracuda Spam Firewall cgi-bin/ldap_test.cgi email Parameter XSS CVE-2008-2333 23 May 2008 4.3 (v2) Medium Pass ColdFusion on IIS cfm/dbm Diagnostic Error Path Disclosure CVE-2002-0576 15 Mar 2003 5 (v2) Medium Pass ManageEngine Applications Manager Invalid URL Remote Information Disclosure CVE-2008-0475 26 Jan 2008 5 (v2) Medium Pass WP Super Cache Plugin for WordPress wp-cache.php Cache List Content Handling XSS 16 Apr 2015 4.3 (v2) Medium Pass GateCrasher Backdoor Detection 09 Jul 1999 10 (v2) Critical Pass MDaemon WorldClient < 12.5.7 Multiple XSS Vulnerabilities CVE-2012-2584 17 Sep 2012 4.3 (v2) Medium Pass Xerver HTTP Response Splitting CVE-2009-4086 25 Nov 2009 4.3 (v2) Medium Pass Kubernetes info API access 28 Jun 2018 5.3 (v3) Medium Pass Puppet Enterprise 3.7.x < 3.8.1 / 3.8.x < 3.8.1 Multiple Vulnerabilities CVE-2015-3900 CVE-2015-4020 CVE-2015-4100 23 Jul 2015 5 (v2) Medium Pass Zabbix Server send_history_last_id() SQL Injection 22 Dec 2009 7.5 (v2) High Pass Splunk < 5.0.5 Multiple Code Execution Vulnerabilities CVE-2013-6771 CVE-2013-7394 30 Sep 2013 9.3 (v2) High Pass IBM WebSphere Application Server < 6.1.0.23 Multiple Flaws CVE-2008-4284 CVE-2009-0508 CVE-2009-0855 CVE-2009-0856 CVE-2009-0891 CVE-2009-0892 CVE-2009-1172 15 Apr 2009 7.5 (v2) High Pass Cisco IOS Software Multiprotocol Label Switching Packet Vulnerability (cisco-sa-20100324-ldp) CVE-2010-0576 01 Sep 2010 7.8 (v2) High Pass OpenSSH < 1.2.3 xauth Session Highjacking CVE-2000-0217 04 Oct 2011 5.1 (v2) Medium Pass Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities (cisco-sa-20100324-sip) CVE-2010-0579 CVE-2010-0580 CVE-2010-0581 01 Sep 2010 10 (v2) Critical Pass HP Ink Printers Multiple Vulnerabilities (HPSBHF03589) CVE-2018-5924 CVE-2018-5925 13 Aug 2018 7.8 (v3) High Pass Cisco IOS Software Crafted TCP Packet Denial of Service Vulnerability (cisco-sa-20100324-tcp) CVE-2010-0577 01 Sep 2010 7.1 (v2) High Pass PHP Code Snippet Library index.php Multiple Parameter XSS CVE-2004-1746 25 Aug 2004 4.3 (v2) Medium Pass Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10775) CVE-2016-7055 CVE-2017-3731 CVE-2017-3732 23 Aug 2017 7.5 (v3) High Pass Nimda Worm Infected HTML File Detection 19 Sep 2001 10 (v2) Critical Pass EMC RSA Authentication Manager 7.x < 7.1 SP4 Patch 32 Unspeciﬁed XSS CVE-2014-0623 04 Apr 2014 4.3 (v2) Medium Noise OS Identiﬁcation Failed 26 Oct 2010 None Pass Apache 2.2.x < 2.2.25 Multiple Vulnerabilities CVE-2013-1862 CVE-2013-1896 16 Jul 2013 5.6 (v3) Medium Pass HP Operations Orchestration 10.x Authentication Bypass CVE-2015-2109 07 May 2015 7.5 (v2) High Pass AFP Server Directory Traversal CVE-2010-0533 29 Mar 2010 5 (v2) Medium Pass IBM WebSphere Application Server 6.0 < 6.0.2.21 Multiple Vulnerabilities CVE-2007-3397 CVE-2007-3960 05 Apr 2010 9.3 (v2) High Pass IBM WebSphere Application Server < 6.1.0.25 Multiple Vulnerabilities CVE-2009-0899 CVE-2009-0903 CVE-2009-0904 CVE-2009-1174 CVE-2009-1899 CVE-2009-1900 CVE-2009-1901 CVE-2009-2085 CVE-2009-2087 CVE-2009-2088 CVE-2009-208919 Jun 2009 5 (v2) Medium Pass Juniper Junos SRX MACsec Feature Secure Link Failure Silent Fallback Information Disclosure (JSA10790)CVE-2017-2342 23 Aug 2017 5.4 (v3) Medium Pass TANDBERG Video Communication Server Static SSH Host Keys CVE-2009-4510 14 Apr 2010 9.3 (v2) High Pass SSL Self-Signed Certiﬁcate 17 Jan 2012 6.4 (v2) Medium Pass Juniper Junos Extended DHCP Relay Agent Traﬃc Redirection (PSN-2011-07-300) 22 Aug 2011 2.9 (v2) Low Pass Subversion Cleartext Authentication 05 Jan 2016 4.3 (v2) Medium Pass Juniper Junos Fragmented ICMP Packet Handling Remote DoS (PSN-2011-07-298) 22 Aug 2011 6.1 (v2) Medium Pass Juniper Junos ICMP Ping 'composite next-hop' Remote DoS (PSN-2011-07-297) 22 Aug 2011 7.8 (v2) High Pass Cisco Video Surveillance Manager Multiple Vulnerabilities (cisco-sa-20130724-vsm) CVE-2013-3429 CVE-2013-3430 CVE-2013-3431 12 Sep 2013 8.6 (v3) High Pass Cisco IOS Software Network Address Translation Vulnerabilities (cisco-sa-20110928-nat) CVE-2011-3276 CVE-2011-3277 CVE-2011-3278 CVE-2011-3279 CVE-2011-3280 29 Sep 2011 7.8 (v2) High Pass Juniper Junos Next-Gen MVPN Senario Malformed Message Handling Remote DoS (PSN-2011-10-391) 10 Nov 2011 7.1 (v2) High Pass Novell eDirectory < 8.8 SP5 Patch 4 Multiple Vulnerabilities CVE-2009-4653 15 Jun 2010 9 (v2) High Pass Apache 2.2.x < 2.2.17 Multiple Vulnerabilities CVE-2009-3560 CVE-2009-3720 CVE-2010-1623 20 Oct 2010 5.3 (v3) Medium Pass thttpd ssi Servlet Encoded Traversal Arbitrary File Access CVE-2000-0900 03 Oct 2000 5 (v2) Medium Pass PatchLink Update Server checkproﬁle.asp checkid Parameter SQL Injection CVE-2006-3430 28 Jul 2006 7.5 (v2) High Pass Juniper Junos Remote Execution Vulnerability (JSA10818) CVE-2017-10615 20 Oct 2017 7.5 (v3) High Pass IA eMailServer IMAP4 LIST Command Format String Remote DoS CVE-2005-2083 28 Jun 2005 4 (v2) Medium Pass Juniper Junos HTTPS Server Certiﬁcate AV Vulnerability (JSA10822) CVE-2017-10620 20 Oct 2017 7.5 (v3) High Pass Juniper JSA10960 CVE-2019-0061 13 Dec 2019 7.8 (v3) High Pass Cisco MSE <= 8.0.120.7 Multiple Vulnerabilities CVE-2015-4282 CVE-2015-6316 18 Nov 2015 6.9 (v2) Medium 93

RELAYTO Penetration Test Results - Page 93

RELAYTO Penetration Test Results Page 92 Page 94