RELAYTO Penetration Test Results (59/101)

Pass IBM DB2 9.1 < Fix Pack 6 Multiple Vulnerabilities CVE-2008-4691 CVE-2008-4692 CVE-2008-4693 22 Oct 2008 7.3 (v3) High Pass Condor Service Detection 04 Nov 2008 None Pass HP System Management Homepage < 2.1.15.210 Unspeciﬁed XSS CVE-2008-4411 04 Nov 2008 4.3 (v2) Medium Pass PHPWebAdmin for hMailServer Multiple File Inclusions 09 Nov 2008 6.8 (v2) Medium Pass Yosemite Backup Service Driver Detection 12 Nov 2008 None Pass Apache Struts 2 devMode Information Disclosure 24 Nov 2008 4.3 (v2) Medium Pass CMS Made Simple admin/login.php cms_language Cookie Local File Inclusion CVE-2008-5642 01 Dec 2008 6.8 (v2) Medium Pass OraMon conﬁg/oramon.ini Information Disclosure 03 Dec 2008 5 (v2) Medium Pass Dell Remote Access Controller Default Password (calvin) for 'root' Account 03 Dec 2008 9.8 (v3) Critical Pass Oempro index.php FormValue_Email Parameter SQL Injection Authentication Bypass CVE-2008-3058 05 Dec 2008 7.5 (v2) High Pass PHP 5 < 5.2.7 Multiple Vulnerabilities CVE-2008-2371 CVE-2008-2665 CVE-2008-2666 CVE-2008-2829 CVE-2008-3658 CVE-2008-3659 CVE-2008-3660 CVE-2008-5557 CVE-2008-5624 CVE-2008-5625 CVE-2008-5658 CVE-2008-7068 CVE-2014-862605 Dec 2008 7.5 (v2) High Pass PHP < 5.2.8 Multiple Vulnerabilities CVE-2008-5814 CVE-2008-5844 09 Dec 2008 7.5 (v2) High Pass Moodle 'ﬁlter/tex/texed.php' 'pathname' Parameter Remote Command Execution 14 Dec 2008 5.1 (v2) Medium Pass Live Chat Component for Joomla! 'last' Parameter Multiple SQLi CVE-2008-6881 CVE-2008-6883 15 Dec 2008 7.3 (v3) High Pass Kerio MailServer < 6.6.2 Multiple XSS (KSEC-2008-12-16-01) CVE-2008-5760 CVE-2008-5769 22 Dec 2008 4.3 (v2) Medium Pass phpList cline Parameter Array Remote File Inclusion CVE-2008-5887 22 Dec 2008 7.5 (v2) High Pass OneOrZero Helpdesk tinfo.php Arbitrary File Upload 23 Dec 2008 7.5 (v2) High Pass Pligg evb/check_url.php url Parameter SQL Injection CVE-2008-5739 23 Dec 2008 6.8 (v2) Medium Pass RoundCube Webmail bin/html2text.php Post Request Remote PHP Code Execution CVE-2008-5619 26 Dec 2008 8.8 (v3) High Pass XOOPS xoopsConﬁg[language] Parameter Local File Inclusion (DSECRG-08-040) CVE-2008-6884 29 Dec 2008 6.8 (v2) Medium Pass IceWarp Merak Mail Server < 9.4.0 IMG Tag XSS CVE-2008-5734 30 Dec 2008 4.3 (v2) Medium Pass Apache Roller q Parameter XSS CVE-2008-6879 07 Jan 2009 4.3 (v2) Medium Pass TCL Shell (tclsh) Arbitrary Command Execution CVE-2009-0043 08 Jan 2009 8.8 (v3) High Pass XStandard Lite Plugin for Joomla! X_CMS_LIBRARY_PATH Header Directory Traversal CVE-2009-0113 08 Jan 2009 5.3 (v3) Medium Pass XOOPS Multiple Scripts mydirname Parameter Arbitrary Command Injection 09 Jan 2009 8.8 (v3) High Pass Serv-U 7.x < 7.4.0.0 Multiple Command Remote DoS 09 Jan 2009 4 (v2) Medium Pass HDHomeRun Control Service Detection 13 Jan 2009 None Pass phpList <= 2.10.8 Variable Overwriting 16 Jan 2009 7.5 (v2) High Pass Eventing Component for Joomla! 'catid' Parameter SQLi CVE-2009-0421 21 Jan 2009 7.3 (v3) High Pass Apache Jackrabbit 'q' Parameter XSS CVE-2009-0026 23 Jan 2009 4.3 (v2) Medium Pass PHP 7.1.x < 7.1.29 Heap-based Buﬀer Overﬂow Vulnerability. CVE-2019-11036 10 May 2019 9.1 (v3) Critical Pass gigCalendar Component for Joomla! 'gigcal_gigs_id' Parameter SQLi CVE-2009-0726 29 Jan 2009 5.6 (v3) Medium Pass Horde Horde_Image::factory driver Argument Local File Inclusion CVE-2009-0932 29 Jan 2009 7.5 (v2) High Pass OpenX fc.php MAX_type Parameter Traversal Local File Inclusion CVE-2009-0291 30 Jan 2009 7.5 (v2) High Pass phpSlash ﬁelds Parameter PHP Code Injection CVE-2009-0517 04 Feb 2009 8.8 (v3) High Pass Meeting Room Booking System (MRBS) month.php area Parameter SQL Injection CVE-2008-4620 05 Feb 2009 7.5 (v2) High Pass Jaws language Parameter Multiple Local File Includes CVE-2009-0645 06 Feb 2009 7.5 (v2) High Pass Sun OpenSSO / Java System Access Manager Login Module User Account Enumeration Weakness CVE-2009-0348 09 Feb 2009 5 (v2) Medium Pass TYPO3 'jumpUrl' Mechanism Information Disclosure CVE-2009-0815 12 Feb 2009 5 (v2) Medium Pass Default Password (password) for 'admin' Account CVE-1999-0501 CVE-1999-0502 12 Feb 2009 9.8 (v3) Critical Pass SquirrelMail HTTPS Session Cookie Secure Flag Weakness CVE-2008-3663 12 Feb 2009 5 (v2) Medium Pass Novell GroupWise < 7.03HP2 / 8.0HP1 WebAccess Multiple XSS CVE-2009-0273 21 Feb 2009 4.3 (v2) Medium Pass Moodle Forum 'post.php' Unauthorized Post Deletion CSRF CVE-2009-0499 27 Feb 2009 4.3 (v2) Medium Pass PHP < 5.2.9 Multiple Vulnerabilities CVE-2008-5498 CVE-2009-1271 CVE-2009-1272 27 Feb 2009 5 (v2) Medium Pass Drupal Theme System Template Local File Inclusion 28 Feb 2009 7.5 (v2) High Pass Default Password (toor) for 'root' Account CVE-1999-0502 05 Mar 2009 9.8 (v3) Critical Pass Zabbix Web Interface extlang[] Parameter Remote Code Execution 07 Mar 2009 8.8 (v3) High Pass OneOrZero Helpdesk default_language Local File Inclusion CVE-2009-0886 09 Mar 2009 6.8 (v2) Medium Pass AWStats 'awstats.pl' Path Disclosure 20 Mar 2009 5 (v2) Medium Pass NextApp Echo XML Parsing Information Disclosure Vulnerability 26 Mar 2009 8.5 (v2) High Pass Serv-U < 8.0.0.1 Multiple Vulnerabilities (DoS, Traversal) CVE-2009-0967 CVE-2009-1031 27 Mar 2009 4 (v2) Medium Pass Moodle LaTeX Information Disclosure CVE-2009-1171 30 Mar 2009 4.3 (v2) Medium Pass SAP DB / MaxDB WebDBM Multiple Parameter XSS 01 Apr 2009 4.3 (v2) Medium Pass phpMyAdmin ﬁle_path Parameter Vulnerabilities (PMASA-2009-1) 03 Apr 2009 5 (v2) Medium Pass ZENworks Remote Management Agent Detection 06 Apr 2009 None Pass mod_perl Apache::Status URI XSS CVE-2009-0796 07 Apr 2009 2.6 (v2) Low Pass Jinzora name Parameter Local File Inclusion CVE-2009-2313 07 Apr 2009 6.8 (v2) Medium Pass Geeklog SEC_authenticate Function SQL Injection 13 Apr 2009 7.5 (v2) High Pass phpMyAdmin Setup Script Conﬁguration Parameters Arbitrary PHP Code Injection (PMASA-2009-4) CVE-2009-1285 16 Apr 2009 7.5 (v2) High Pass Atlassian JIRA < 3.13.3 DWR 'c0-id' XSS 17 Apr 2009 4.3 (v2) Medium Pass Novell Teaming Login User Account Enumeration Weakness CVE-2009-1293 21 Apr 2009 5 (v2) Medium Pass IBM DB2 9.1 < Fix Pack 7 Multiple Vulnerabilities CVE-2009-1239 CVE-2009-1905 CVE-2009-1906 22 Apr 2009 5.3 (v3) Medium Pass Conﬁcker P2P Service Detection 22 Apr 2009 10 (v2) Critical Pass Sun Java System Identity Manager Account Disclosure CVE-2009-1075 CVE-2009-1076 28 Apr 2009 5 (v2) Medium Pass Apache Struts 2 s:a / s:url Tag href Element XSS CVE-2008-6682 29 Apr 2009 3.7 (v3) Low Pass Intel Common Base Agent CreateProcessA() Function Remote Command Execution CVE-2009-1429 03 May 2009 10 (v2) Critical Pass OpenCart route Parameter Local File Inclusion CVE-2009-1621 03 May 2009 6.8 (v2) Medium Pass LimeSurvey sUser Parameter SQL Injection CVE-2009-1604 06 May 2009 7.5 (v2) High Pass Sun Java System Identity Manager ext Parameter Arbitrary File Retrieval CVE-2008-5116 06 May 2009 7.8 (v2) High Pass Adobe Flash Media Server RPC Privilege Escalation (APSB09-05) CVE-2009-1365 07 May 2009 7.5 (v2) High Pass IceWarp Merak WebMail Server < 9.4.2 Multiple Vulnerabilities CVE-2009-1467 CVE-2009-1468 CVE-2009-1469 08 May 2009 5.8 (v2) Medium Pass SquirrelMail contrib/decrypt_headers.php XSS CVE-2009-1578 15 May 2009 4.3 (v2) Medium Pass Flyspeck lang Parameter Local File Inclusion CVE-2009-1770 19 May 2009 6.8 (v2) Medium Pass HP System Management Homepage < 3.0.1.73 Multiple Flaws CVE-2008-5077 CVE-2008-5814 CVE-2009-1418 20 May 2009 5 (v2) Medium Pass Coppermine Photo Gallery GLOBALS[USER[lang] Parameter Local File Inclusion 25 May 2009 6.8 (v2) Medium Pass Novell GroupWise WebAccess Login Page User.lang Parameter XSS CVE-2009-1635 27 May 2009 4.3 (v2) Medium Pass DNN (DotNetNuke) ErrorPage.aspx XSS 27 May 2009 4.3 (v2) Medium Pass JVideo! Component for Joomla! 'user_id' Parameter SQLi CVE-2009-4938 01 Jun 2009 7.3 (v3) High Pass CactuShop 5.x Multiple Remote Vulnerabilities (XSS, SQLi) CVE-2004-1881 CVE-2004-1882 12 Oct 2004 7.5 (v2) High Pass IBM DB2 < 9.5 Fix Pack 4 Multiple Vulnerabilities CVE-2009-1905 CVE-2009-1906 CVE-2009-3471 CVE-2009-3472 03 Jun 2009 6.5 (v3) Medium Pass Joomla! < 1.5.11 JA_Purity Template Multiple XSS CVE-2009-1939 09 Jun 2009 4.7 (v3) Medium Pass Kerio MailServer < 6.6.2 Patch 3 / 6.7.0 Patch 1 XSS (KSEC-2009-06-08-01) CVE-2009-2636 11 Jun 2009 4.3 (v2) Medium Pass Drupal SA-CONTRIB-2009-036: Services Module Key-Based Access Bypass CVE-2009-2035 11 Jun 2009 6.4 (v2) Medium Pass CGI Generic XSS (quick test) 19 Jun 2009 4.3 (v2) Medium Pass PHP < 5.2.10 Multiple Vulnerabilities CVE-2009-2687 22 Jun 2009 5.1 (v2) Medium Pass Acajoom Component for Joomla! <= 3.2.6 Backdoor Detection 23 Jun 2009 7.3 (v3) High Pass Zen Cart password_forgotten.php Admin Access Bypass CVE-2009-2254 CVE-2009-2255 24 Jun 2009 7.5 (v2) High Pass Movable Type mt-wizard.cgi set_static_uri_to Parameter XSS CVE-2009-2480 26 Jun 2009 4.3 (v2) Medium Pass IBM Rational ClearQuest Multiple XSS Flaws CVE-2007-4592 02 Jul 2009 4.3 (v2) Medium Pass HP DDMI Web Interface Default Credentials 06 Jul 2009 7.5 (v2) High Pass FireStats < 1.6.2 Multiple Vulnerabilities CVE-2009-2143 CVE-2009-2144 07 Jul 2009 7.5 (v2) High Pass FCKeditor 'CurrentFolder' Arbitrary File Upload CVE-2009-2265 15 Jul 2009 8.8 (v3) High Pass BackOriﬁce Software Detection 29 Jul 1999 10 (v2) Critical Pass cﬁngerd Wildcard Argument Information Disclosure CVE-1999-0259 22 Jun 1999 5 (v2) Medium Pass CVS pserver Detection 12 Oct 1999 None Pass DeepThroat Backdoor Detection 08 Jul 1999 10 (v2) Critical Pass IBM Lotus Domino ?open Forced Directory Listing 09 Jul 1999 6.8 (v2) Medium Pass IBM Lotus Domino HTTP Server Filesystem Setup Disclosure CVE-2000-0021 21 Dec 1999 5 (v2) Medium Pass IBM Lotus Domino HTTP /cgi-bin Relative URL Request DoS CVE-2000-0023 21 Dec 1999 5 (v2) Medium Pass Microsoft FrontPage Extensions Check CVE-2000-0114 22 Aug 1999 5.3 (v3) Medium Pass GirlFriend Backdoor Detection 09 Jul 1999 10 (v2) Critical Pass HP LaserJet LCD Display Modiﬁcation 22 Jun 1999 5 (v2) Medium Pass HP LaserJet Direct Print Filter Bypass CVE-1999-1062 22 Jun 1999 5 (v2) Medium Pass Microsoft IIS Traversal GET Request Remote DoS CVE-1999-0229 22 Jun 1999 5 (v2) Medium Pass Microsoft IIS perl.exe HTTP Path Disclosure CVE-1999-0450 22 Jun 1999 5 (v2) Medium Pass MS99-059: Microsoft SQL Server Crafted TCP Packet Remote DoS (uncredentialed check) CVE-1999-0999 22 Nov 1999 5.3 (v3) Medium Pass NetBus 1.x Software Detection CVE-2003-1475 18 Aug 1999 7.5 (v2) High Pass Netscape Server ?PageServices Request Forced Directory Listing CVE-1999-0269 22 Jun 1999 5 (v2) Medium Pass Netscape Enterprise Server SSL Handshake DoS CVE-1999-0752 07 Jul 1999 5 (v2) Medium Pass Netscape FastTrack get Command Forced Directory Listing CVE-1999-0239 22 Jun 1999 5 (v2) Medium Pass NCDSA HTTPd nph-test-cgi Arbitrary Directory Listing CVE-1999-0045 22 Jun 1999 5 (v2) Medium Pass Portal of Doom Backdoor Detection 09 Jul 1999 10 (v2) Critical 59

RELAYTO Penetration Test Results - Page 59

RELAYTO Penetration Test Results Page 58 Page 60