Pass phpGroupWare phpgw.inc.php phpgw_info Parameter Remote File Inclusion CVE-2001-0043 13 Nov 2004 10 (v2) Critical Pass ManageEngine ServiceDesk Plus Multiple Versions Authentication Bypass CVE-2021-37415 04 Feb 2022 9.8 (v3) Critical Pass Nagios NRPE Command Argument Processing Enabled CVE-2014-2913 29 Apr 2014 7.5 (v2) High Pass Apache Struts 2 ClassLoader Manipulation Incomplete Fix for Security Bypass CVE-2014-0112 CVE-2014-0113 29 Apr 2014 7.5 (v2) High Pass Nortel Multiple Default Accounts 13 Nov 2004 7.5 (v3) High Pass PHP 5.4.x < 5.4.28 FPM Unix Socket Insecure Permission Escalation CVE-2014-0185 05 May 2014 7.2 (v2) High Pass PHP 5.5.x < 5.5.12 FPM Unix Socket Insecure Permission Escalation CVE-2014-0185 05 May 2014 7.2 (v2) High Pass Apache Struts ClassLoader Manipulation CVE-2014-0114 08 May 2014 7.5 (v2) High Pass IBM Domino 9.x < 9.0.1 Fix Pack 1 Multiple Vulnerabilities (uncredentialed check) CVE-2013-0408 CVE-2013-3829 CVE-2013-4002 CVE-2013-4041 CVE-2013-5372 CVE-2013-5375 CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-5772 CVE-2013-5774 CVE-2013-5776 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5787 CVE-2013-5788 CVE-2013-5789 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5801 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5805 CVE-2013-5806 CVE-2013-5809 CVE-2013-5812 CVE-2013-5814 CVE-2013-5817 CVE-2013-5818 CVE-2013-5819 CVE-2013-5820 CVE-2013-5823 CVE-2013-5824 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5831 CVE-2013-5832 CVE-2013-5838 CVE-2013-5840 CVE-2013-5842 CVE-2013-5843 CVE-2013-5848 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 CVE-2013-5878 CVE-2013-5884 CVE-2013-5887 CVE-2013-5888 CVE-2013-5889 CVE-2013-5893 CVE-2013-5896 CVE-2013-5898 CVE-2013-5899 CVE-2013-5902 CVE-2013-5904 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0375 CVE-2014-0376 CVE-2014-0387 CVE-2014-0403 CVE-2014-0410 CVE-2014-0411 CVE-2014-0415 CVE-2014-0416 CVE-2014-0417 CVE-2014-0418 CVE-2014-0422 CVE-2014-0423 CVE-2014-0424 CVE-2014-0428 CVE-2014-089212 May 2014 10 (v2) Critical Pass IBM Domino 8.5.3 FP6 / 9.0.1 < 8.5.3 FP6 IF2 / 9.0.1 FP1 iNotes XSS CVE-2014-0913 19 May 2014 4.3 (v2) Medium Pass Juniper NSM Remote Code Execution (JSA10625) CVE-2014-3411 22 May 2014 10 (v2) Critical Pass Open Web Analytics owa_email_address SQL Injection CVE-2014-1206 27 May 2014 7.5 (v2) High Pass Western Digital Arkeia Virtual Appliance Blank Password 28 May 2014 7.5 (v2) High Pass IBM Domino 9.0 < 9.0.0 Interim Fix 4 iNotes Buffer Overflow CVE-2013-4068 28 May 2014 7.1 (v2) High Pass PHP 5.4.x < 5.4.29 'src/cdf.c' Multiple Vulnerabilities CVE-2014-0237 CVE-2014-0238 03 Jun 2014 5 (v2) Medium Pass PHP 5.5.x < 5.5.13 'src/cdf.c' Multiple Vulnerabilities CVE-2014-0237 CVE-2014-0238 03 Jun 2014 5 (v2) Medium Pass IBM DB2 10.1 < Fix Pack 3a Multiple Vulnerabilities CVE-2013-0169 CVE-2013-6747 CVE-2014-0907 CVE-2014-0963 18 Jun 2014 7.5 (v3) High Pass IBM DB2 10.5 < Fix Pack 3a Multiple Vulnerabilities CVE-2013-6747 CVE-2014-0907 CVE-2014-0963 18 Jun 2014 7.5 (v3) High Pass IBM DB2 9.5 <= Fix Pack 9 or 10 Multiple Vulnerabilities CVE-2013-6747 CVE-2014-0907 CVE-2014-0963 18 Jun 2014 7.5 (v3) High Pass IBM DB2 9.7 < Fix Pack 9a Multiple Vulnerabilities CVE-2013-6744 CVE-2013-6747 CVE-2014-0907 CVE-2014-0963 18 Jun 2014 7.5 (v3) High Pass IBM DB2 9.8 <= Fix Pack 5 Multiple Vulnerabilities CVE-2013-6747 CVE-2014-0907 CVE-2014-0963 CVE-2014-8910 CVE-2015-0157 CVE-2015-0197 CVE-2015-0198 CVE-2015-0199 CVE-2015-1883 CVE-2015-1922 CVE-2015-193518 Jun 2014 9.8 (v3) Critical Pass IBM DB2 Stored Procedure Infrastructure Privilege Escalation Vulnerability CVE-2013-6744 18 Jun 2014 8.8 (v3) High Pass AWStats rawlog.pm logfile Parameter Arbitrary Command Execution 23 Aug 2004 7.5 (v2) High Pass AlienVault OSSIM 'av-centerd' Remote Code Execution CVE-2014-3805 23 Jun 2014 10 (v2) Critical Pass AlienVault OSSIM 'av-centerd' get_file() Information Disclosure CVE-2014-4153 25 Jun 2014 7.8 (v2) High Pass Revive Adserver < 3.0.5 Multiple CSRF Vulnerabilities CVE-2013-5954 26 Jun 2014 6.8 (v2) Medium Pass Revive Adserver 'www/delivery/axmlrpc.php' 'what' Parameter SQL Injection CVE-2013-7149 26 Jun 2014 8.8 (v3) High Pass PHP 5.4.x < 5.4.30 Multiple Vulnerabilities CVE-2014-0207 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3981 CVE-2014-4049 CVE-2014-472127 Jun 2014 7.5 (v2) High Pass PHP 5.5.x < 5.5.14 Multiple Vulnerabilities CVE-2014-0207 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3981 CVE-2014-4049 CVE-2014-472127 Jun 2014 7.5 (v2) High Pass Ericom AccessNow Server < 3.3.1.4095 Stack-Based Buffer Overflow CVE-2014-3913 30 Jun 2014 10 (v2) Critical Pass OpenX Source Unsupported Software Detection 30 Jun 2014 10 (v2) Critical Pass PHP-Fusion Database Backup Disclosure CVE-2004-1724 23 Aug 2004 5 (v2) Medium Pass Apache 2.4.x < 2.4.10 Multiple Vulnerabilities CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3523 21 Jul 2014 7.3 (v3) High Pass HP System Management Homepage < 7.2.4.1 / 7.3.3.1 OpenSSL Multiple Vulnerabilities CVE-2010-5298 CVE-2014-0076 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 02 Jul 2014 6.8 (v2) Medium Pass PHP 5.5.x < 5.5.15 Multiple Vulnerabilities CVE-2014-4670 CVE-2014-4698 25 Jul 2014 4.6 (v2) Medium Pass PHP 5.4.x < 5.4.31 CLI Server 'header' DoS 25 Jul 2014 2.6 (v2) Low Pass HP StoreVirtual 4000 and StoreVirtual VSA Software < 11.5 Multiple Vulnerabilities CVE-2014-2605 CVE-2014-2606 30 Jul 2014 9 (v2) High Pass IBM Tivoli Storage Manager Server 5.5.x Multiple Vulnerabilities CVE-2012-2190 CVE-2012-2191 CVE-2013-0169 11 Aug 2014 2.6 (v2) Low Pass IBM Tivoli Storage Manager Server 6.1.x Multiple Vulnerabilities CVE-2012-2190 CVE-2012-2191 CVE-2013-0169 11 Aug 2014 2.6 (v2) Low Pass IBM Tivoli Storage Manager Server 6.2.x < 6.2.6.0 Multiple Vulnerabilities CVE-2012-2190 CVE-2012-2191 CVE-2013-0169 11 Aug 2014 2.6 (v2) Low Pass IBM Tivoli Storage Manager Server 6.3.x < 6.3.4.200 Information Disclosure CVE-2013-0169 11 Aug 2014 2.6 (v2) Low Pass Oracle Business Intelligence Publisher April 2012 Critical Patch Update CVE-2012-0543 15 Aug 2014 4.3 (v2) Medium Pass Gurock TestRail < 3.1.3 XSS CVE-2014-4857 21 Aug 2014 4.3 (v2) Medium Pass TikiWiki Unauthorized Page Access 23 Aug 2004 5 (v2) Medium Pass phpScheduleIt 1.0.0 RC1 Multiple XSS CVE-2004-1651 01 Sep 2004 4.3 (v2) Medium Pass Oracle Database Multiple Remote Vulnerabilities (Mar 2005) CVE-2004-0637 CVE-2004-0638 CVE-2004-1362 CVE-2004-1363 CVE-2004-1364 CVE-2004-1365 CVE-2004-1366 CVE-2004-1367 CVE-2004-1368 CVE-2004-1369 CVE-2004-1370 CVE-2004-137102 Sep 2004 7.5 (v2) High Pass MailEnable Professional HTTPMail GET Request Remote Overflow CVE-2004-2727 03 Sep 2004 4.3 (v2) Medium Pass Juniper NSM < 2012.2R9 Multiple Java and Apache Vulnerabilities (JSA10642) CVE-2011-0419 CVE-2011-3192 CVE-2011-3368 CVE-2012-0031 CVE-2012-0053 CVE-2012-5081 CVE-2013-0169 CVE-2013-0440 CVE-2013-0443 CVE-2013-1537 CVE-2013-2407 CVE-2013-2451 CVE-2013-2457 CVE-2013-2461 CVE-2013-4002 CVE-2013-5780 CVE-2013-5802 CVE-2013-5803 CVE-2013-5823 CVE-2013-5825 CVE-2013-5830 CVE-2014-0411 CVE-2014-0423 CVE-2014-0453 CVE-2014-046022 Aug 2014 10 (v2) Critical Pass PHP 5.4.x < 5.4.32 Multiple Vulnerabilities CVE-2014-2497 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120 27 Aug 2014 6.8 (v2) Medium Pass PHP 5.5.x < 5.5.16 Multiple Vulnerabilities CVE-2014-2497 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-5120 27 Aug 2014 6.8 (v2) Medium Pass Apache Tomcat 8.0.x < 8.0.11 Multiple OpenSSL Vulnerabilities CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 02 Sep 2014 9.3 (v3) Critical Pass Ipswitch IMail Server < 8.13 Multiple Remote DoS CVE-2004-2422 CVE-2004-2423 08 Sep 2004 5 (v2) Medium Pass phpGroupWare Wiki Module XSS CVE-2004-0875 13 Sep 2004 4.3 (v2) Medium Pass ManageEngine EventLog Analyzer 'j_username' XSS CVE-2014-5103 02 Sep 2014 4.3 (v2) Medium Pass IBM DB2 10.5 < Fix Pack 4 Multiple Vulnerabilities CVE-2013-6371 CVE-2014-3094 CVE-2014-3095 CVE-2014-4805 09 Sep 2014 8.8 (v3) High Pass MailEnable SMTP Connector Service DNS MX Response DoS 13 Sep 2004 5 (v2) Medium Pass IBM Domino 9.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities (uncredentialed check) CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0446 CVE-2014-0448 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-0963 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2402 CVE-2014-2409 CVE-2014-2412 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-242823 Sep 2014 10 (v2) Critical Pass GNU Bash Environment Variable Handling Code Injection (Shellshock) CVE-2014-6271 24 Sep 2014 9.8 (v3) Critical Pass Postfix Script Remote Command Execution via Shellshock CVE-2014-6271 CVE-2014-7169 29 Sep 2014 10 (v2) Critical Pass Qmail Remote Command Execution via Shellshock CVE-2014-6271 CVE-2014-7169 29 Sep 2014 10 (v2) Critical Pass Cisco VPN 3000 Concentrator Multiple Service Banner System Information Disclosure (CSCdu35577 HTTP Check)CVE-2002-1094 14 Sep 2004 5 (v2) Medium Pass HP System Management Homepage < 7.4 Multiple Vulnerabilities CVE-2013-4545 CVE-2013-6420 CVE-2013-6422 CVE-2013-6712 CVE-2014-2640 CVE-2014-2641 CVE-2014-2642 08 Oct 2014 7.5 (v2) High Pass nginx < 1.6.2 / 1.7.5 SSL Session Reuse CVE-2014-3616 13 Oct 2014 5.3 (v3) Medium Pass Drupal Database Abstraction API SQLi CVE-2014-3704 16 Oct 2014 7.5 (v2) High Pass PHP 5.4.x < 5.4.34 Multiple Vulnerabilities CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 17 Oct 2014 7.5 (v2) High Pass PHP 5.5.x < 5.5.18 Multiple Vulnerabilities CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 17 Oct 2014 7.5 (v2) High Pass PHP 5.6.x < 5.6.2 Multiple Vulnerabilities CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 17 Oct 2014 7.5 (v2) High Pass Cisco TelePresence VCS / Expressway Series < 8.2 Multiple DoS Vulnerabilities CVE-2014-3368 CVE-2014-3369 CVE-2014-3370 22 Oct 2014 7.5 (v3) High Pass Cisco UCS Director Default Credentials (Web UI) 31 Oct 2014 7.5 (v2) High Pass SIP Script Remote Command Execution via Shellshock CVE-2014-6271 03 Nov 2014 9.8 (v3) Critical Pass Jenkins < 1.583 / 1.565.3 and Jenkins Enterprise 1.532.x / 1.554.x / 1.565.x < 1.532.10.1 / 1.554.10.1 / 1.565.3.1 Multiple VCVE-2013-2186 CVE-2014-1869 CVE-2014-3661 CVE-2014-3662 CVE-2014-3663 CVE-2014-3664 CVE-2014-3666 CVE-2014-3667 CVE-2014-3678 CVE-2014-3679 CVE-2014-3680 CVE-2014-3681ulnerabilities 04 Nov 2014 9.8 (v3) Critical Pass Default Password (password) for 'cmc' Account CVE-1999-0502 07 Nov 2014 9.8 (v3) Critical Pass PHP 5.4.x < 5.4.35 'donote' DoS CVE-2014-3710 14 Nov 2014 5 (v2) Medium Pass PHP 5.5.x < 5.5.19 'donote' DoS CVE-2014-3710 14 Nov 2014 5 (v2) Medium Pass LiveZilla < 5.3.0.8 XSS 21 Nov 2014 4.3 (v2) Medium Pass Default Password (TANDBERG) for 'root' Account CVE-1999-0502 26 Nov 2014 9.8 (v3) Critical Pass LogAnalyzer < 3.6.6 index.php / detail.php 'hostname' Parameter XSS CVE-2014-6070 05 Dec 2014 4.3 (v2) Medium Pass Eudora WorldMail Unsupported 18 Jul 2012 10 (v2) Critical Pass PHP 5.4.x < 5.4.5 _php_stream_scandir Overflow CVE-2012-2688 20 Jul 2012 10 (v2) Critical Pass Apache Struts struts-examples upload-submit.do 'theText' Parameter XSS CVE-2012-1007 23 Jul 2012 4.3 (v2) Medium Pass Apache Struts 2 struts2-rest-showcase orders 'clientName' Parameter Persistent XSS CVE-2012-1006 23 Jul 2012 4.3 (v2) Medium Pass Apache Struts 2 struts2-showcase edit-person.action Persistent XSS CVE-2012-1006 23 Jul 2012 4.3 (v2) Medium Pass Serendipity comment.php url Parameter SQL Injection CVE-2012-2762 23 Jul 2012 7.5 (v2) High Pass IBM DB2 9.1 < Fix Pack 12 Multiple Vulnerabilities CVE-2012-0711 CVE-2012-2194 CVE-2012-2196 CVE-2012-2197 23 Jul 2012 7.3 (v3) High Pass nginx on Windows Directory Aliases Access Restriction Bypass CVE-2011-4963 02 Aug 2012 5.3 (v3) Medium Pass Atmail Email Server WebAdmin Control Panel dbconfig.ini Information Disclosure 06 Aug 2012 5.3 (v3) Medium Pass Horde Kronolith js/kronolith.js Multiple View XSS CVE-2012-6620 07 Aug 2012 4.3 (v2) Medium Pass WebLogic < 8.1 SP3 Multiple Vulnerabilities CVE-2004-2320 14 Sep 2004 7.8 (v2) High Pass PostNuke News Module article.php sid Parameter XSS 15 Sep 2004 4.3 (v2) Medium Pass EMC AutoStart ftAgent Multiple Remote Code Execution Vulnerabilities (ESA-2012-020) CVE-2012-0409 10 Aug 2012 7.5 (v2) High Pass Umbraco codeEditorSave.asmx SaveDLRScript Operation Traversal File Upload Arbitrary Command Execution 13 Aug 2012 7.5 (v2) High Pass TUTOS < 1.2 Multiple Input Validation Vulnerabilities CVE-2003-0481 CVE-2004-2161 CVE-2004-2162 21 Sep 2004 7.5 (v2) High Pass vBulletin authorize.php x_invoice_num Parameter SQL Injection CVE-2004-2695 21 Sep 2004 7.5 (v2) High Pass phpMyBackupPro < 1.0.0 Unspecified Input Validation Issues 21 Sep 2004 7.5 (v2) High Pass LogAnalyzer index.php 'filter' Parameter XSS 17 Sep 2012 4.3 (v2) Medium Pass LogAnalyzer index.php 'highlight' Parameter XSS CVE-2012-3790 17 Sep 2012 4.3 (v2) Medium Pass phpMyAdmin server_sync.php Backdoor (PMASA-2012-5) CVE-2012-5159 26 Sep 2012 8.8 (v3) High Pass Advanced Message Queuing Protocol Detection 27 Sep 2012 None Pass HP SAN/iQ <= 10.0 Root Shell Command Injection CVE-2012-2986 21 Aug 2012 7.7 (v2) High Pass TikiWiki unserialize() Function Arbitrary Code Execution CVE-2012-0911 30 Aug 2012 8.8 (v3) High Pass Erlang Port Mapper Daemon Detection 27 Sep 2012 None Pass MediaWiki index.php 'uselang' Parameter XSS CVE-2012-2698 28 Sep 2012 4.3 (v2) Medium Pass IBM DB2 10.1 < Fix Pack 1 Multiple Vulnerabilities CVE-2012-2194 CVE-2012-2196 CVE-2012-2197 CVE-2012-3324 28 Sep 2012 9.9 (v3) Critical Pass Poweradmin index.php XSS 01 Oct 2012 4.3 (v2) Medium Pass IBM DB2 9.5 < Fix Pack 10 Multiple Vulnerabilities CVE-2012-0713 CVE-2012-2194 CVE-2012-2196 CVE-2012-2197 18 Oct 2012 7.5 (v3) High Pass vBulletin newreply.php WYSIWYG_HTML Parameter XSS CVE-2004-0620 22 Sep 2004 4.3 (v2) Medium Pass IBM DB2 9.7 < Fix Pack 7 Multiple Vulnerabilities CVE-2012-2194 CVE-2012-2196 CVE-2012-2197 CVE-2012-4826 25 Oct 2012 8.8 (v3) High Pass Mutiny < 4.5-1.12 Unspecified Network Interface Menu Remote Command Injection CVE-2012-3001 26 Oct 2012 8.5 (v2) High Pass Zabbix Web Interface popup_bitem.php itemid Parameter SQL Injection CVE-2012-3435 30 Oct 2012 7.5 (v2) High Pass Temenos T24 Detection 31 Oct 2012 None Pass Symphony Password Retrieval Script XSS 05 Nov 2012 4.3 (v2) Medium Pass TUTOS < 1.1.20040412 Multiple Input Validation Issues 22 Sep 2004 7.5 (v2) High 53
RELAYTO Penetration Test Results Page 52 Page 54