RELAYTO Penetration Test Results (95/101)

Pass SuSE Linux in.identd Request Saturation DoS CVE-1999-0746 29 Nov 2000 5 (v2) Medium Pass MailMan Webmail mmstdod.cgi Arbitrary Command Execution CVE-2001-0021 06 Dec 2000 10 (v2) Critical Pass DCForum dcboard.cgi Multiple Vulnerabilities CVE-2001-0436 CVE-2001-0437 29 Dec 2000 7.5 (v2) High Pass Mac OS X 10.10.x < 10.10.4 Multiple Vulnerabilities (GHOST) (Logjam) CVE-2015-0209 CVE-2015-0235 CVE-2015-0273 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-1157 CVE-2015-1798 CVE-2015-1799 CVE-2015-3661 CVE-2015-3662 CVE-2015-3663 CVE-2015-3666 CVE-2015-3667 CVE-2015-3668 CVE-2015-3671 CVE-2015-3672 CVE-2015-3673 CVE-2015-3674 CVE-2015-3675 CVE-2015-3676 CVE-2015-3677 CVE-2015-3678 CVE-2015-3679 CVE-2015-3680 CVE-2015-3681 CVE-2015-3682 CVE-2015-3683 CVE-2015-3684 CVE-2015-3685 CVE-2015-3686 CVE-2015-3687 CVE-2015-3688 CVE-2015-3689 CVE-2015-3690 CVE-2015-3691 CVE-2015-3692 CVE-2015-3693 CVE-2015-3694 CVE-2015-3695 CVE-2015-3696 CVE-2015-3697 CVE-2015-3698 CVE-2015-3699 CVE-2015-3700 CVE-2015-3701 CVE-2015-3702 CVE-2015-3703 CVE-2015-3704 CVE-2015-3705 CVE-2015-3706 CVE-2015-3707 CVE-2015-3708 CVE-2015-3709 CVE-2015-3710 CVE-2015-3711 CVE-2015-3712 CVE-2015-3713 CVE-2015-3714 CVE-2015-3715 CVE-2015-3716 CVE-2015-3717 CVE-2015-3718 CVE-2015-3719 CVE-2015-3720 CVE-2015-3721 CVE-2015-4000 CVE-2015-703601 Jul 2015 10 (v2) Critical Pass CodeMeter < 4.30.498.504 Virtual Directory Traversal Arbitrary File Access 02 Feb 2012 5.3 (v3) Medium Pass Muscat Empower CGI Malformed DB Parameter Path Disclosure CVE-2001-0224 13 Feb 2001 5 (v2) Medium Pass Juniper Junos SRX Series 'set system ports console insecure' Local Privilege Escalation (JSA10683) CVE-2015-3007 04 Aug 2015 7.2 (v2) High Pass Blue Coat ProxyAV 3.5.x < 3.5.4.1 Multiple DoS Vulnerabilities CVE-2015-3194 CVE-2015-3195 09 Sep 2016 5.3 (v3) Medium Pass EMC RSA Authentication Manager 8.x < 8.1 Patch 6 Unspeciﬁed URI Redirection CVE-2014-2516 12 Jun 2015 5.8 (v2) Medium Pass GoodTech FTP Server Connection Saturation DoS CVE-2001-0188 15 Jun 2001 5 (v2) Medium Pass Zope ZClass Modiﬁcation Local DoS CVE-2001-0568 04 Aug 2001 4 (v2) Medium Pass AXIS HTTP GET Heap Overﬂow 12 Dec 2017 9.3 (v3) Critical Pass Flickr Gallery Plugin for WordPress < 1.5.3 PHP Object Injection 12 Dec 2017 8.3 (v3) High Pass Sendmail < 8.11.6 -d category Value Local Overﬂow CVE-2001-0653 23 Aug 2001 5.9 (v3) Medium Pass Quikstore Shopping Cart quikstore.cgi Multiple Vulnerabilities CVE-1999-0607 CVE-2000-1188 04 Aug 2001 5 (v2) Medium Pass GitHub Enterprise Management Console RCE 19 Dec 2017 9.8 (v3) Critical Pass IBM Tivoli Endpoint Manager Server < 8.2.1372 Multiple Vulnerabilities CVE-2012-2686 CVE-2013-0166 CVE-2013-0169 CVE-2013-0452 CVE-2013-0453 30 Apr 2013 6.8 (v2) Medium Pass Cisco PIX Firewall Manager (PFM) on Windows Arbitrary File Access CVE-1999-0158 06 Dec 2001 5 (v2) Medium Pass MS10-025: Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858) (uncrCVE-2010-0478edentialed check) 27 Apr 2010 8.1 (v3) High Pass pfSense < 2.1.5 Multiple Vulnerabilities ( SA-14_14 ) CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-513921 Mar 2018 7.4 (v3) High Pass MySQL Enterprise Server 5.6.x < 5.6.29 / 5.7.x < 5.7.11 OpenSSL Multiple Vulnerabilities CVE-2015-3194 CVE-2015-3195 11 Feb 2016 5.3 (v3) Medium Pass Apache on Windows < 1.3.24 / 2.0.x < 2.0.34 DOS Batch File Arbitrary Command Execution CVE-2002-0061 18 Apr 2002 7.3 (v3) High Pass JRun Multiple Vulnerabilities (OF, XSS, ID, Hijacking) CVE-2004-0646 CVE-2004-0928 CVE-2004-1477 CVE-2004-1478 CVE-2004-2182 24 Sep 2004 5.1 (v2) Medium Pass VMware vCenter Server 5.5.x < 5.5U3g / 6.0.x < 6.0U3d / 6.5.x < 6.5U1e Hypervisor-Assisted Guest Remediation (VMSA-2018-0004) (SpectrCVE-2017-5715 e) 12 Jan 2018 5.6 (v3) Medium Pass Apache .htaccess and .htpasswd Disclosure 22 Jan 2018 5.3 (v3) Medium Pass Western Digital My Net Router main_internet.php Admin Credential Disclosure CVE-2013-5006 15 Aug 2013 4.3 (v2) Medium Pass Anonymous Key Exchanges Supported (PCI DSS) 29 Jan 2018 6.5 (v3) Medium Pass OpenSSH < 3.4 Multiple Remote Overﬂows CVE-2002-0639 CVE-2002-0640 25 Jun 2002 10 (v2) Critical Pass EMC RSA Authentication Manager < 8.2 SP1 Patch 7 Security Console Unspeciﬁed Blind SQL Injection (ESA-2018-002)CVE-2017-15546 01 Feb 2018 4.3 (v3) Medium Pass Nokia VitalQIP Web Client Default Credentials 09 Feb 2018 10 (v3) Critical Pass Sendmail < 8.12.1 RestrictQueueRun Option Multiple Argument Local DoS CVE-2001-0714 18 Aug 2002 4 (v3) Medium Pass FTP Server Traversal Arbitrary File Access CVE-2001-0582 CVE-2001-0680 CVE-2001-1335 CVE-2004-1679 27 Aug 2002 5.3 (v3) Medium Pass EMC RSA Archer < 6.2.0.8 Multiple Vulnerabilities CVE-2018-1219 CVE-2018-1220 08 Mar 2018 6.1 (v3) Medium Pass Aspen < 0.22 Directory Traversal CVE-2013-2619 16 Mar 2018 6.5 (v3) Medium Pass Mambo mod_mainmenu.php mosConﬁg_absolute_path Parameter Remote File Inclusion 19 Jan 2004 8.3 (v3) High Pass OS vulnerabilities detected in banner reporting (PCI-DSS check) 23 Mar 2018 7.3 (v3) High Pass PCI DSS Compliance : Scan Interference 29 Mar 2018 7.3 (v3) High Pass @lex Guestbook livre_include.php chem_absolu Parameter Remote File Inclusion CVE-2004-1554 27 Sep 2004 8.3 (v3) High Pass NCR Aloha POS VNC Server 'aloha' Default Password 29 Mar 2018 9.8 (v3) Critical Pass Webmin Unspeciﬁed Command Execution Vulnerability (< 1.370) CVE-2007-5066 22 Mar 2018 8.8 (v3) High Pass Apache < 2.0.44 DOS Device Name Multiple Remote Vulnerabilities (Code Exec, DoS) CVE-2003-0016 22 Jan 2003 7.3 (v3) High Pass Apple iTunes < 12.7.3 WebKit Multiple Vulnerabilities (uncredentialed check) CVE-2018-4101 CVE-2018-4113 CVE-2018-4114 CVE-2018-4117 CVE-2018-4118 CVE-2018-4119 CVE-2018-4120 CVE-2018-4121 CVE-2018-4122 CVE-2018-4125 CVE-2018-4127 CVE-2018-4128 CVE-2018-4129 CVE-2018-4130 CVE-2018-4144 CVE-2018-4146 CVE-2018-4161 CVE-2018-4163 CVE-2018-416503 Apr 2018 7.8 (v3) High Pass Sendmail Custom DNS Map TXT Query Overﬂow CVE-2002-0906 17 Feb 2003 7.3 (v3) High Pass WordPress < 1.5.1 Multiple Vulnerabilities CVE-2005-1687 CVE-2005-1688 19 May 2005 7.5 (v2) High Pass Fireﬂy Media Server webserver.c ws_addarg Function /xml-rpc Authorization Header Remote Format StringCVE-2007-5825 03 Nov 2007 7.5 (v2) High Pass Oracle WebLogic T3 Protocol Detection 03 May 2018 None Pass Unpassworded 'jack' Account CVE-1999-0502 20 Feb 2003 9.8 (v3) Critical Pass Apache Tomcat Directory Listing and File Disclosure CVE-2003-0042 CVE-2003-0043 22 Mar 2003 5.3 (v3) Medium Pass Sendmail < 8.8.3 Daemon Mode Local Privilege Escalation CVE-1999-0130 11 Mar 2003 8.4 (v3) High Pass Default Password 'padmin' for 'padmin' Account 17 May 2017 9.8 (v3) Critical Pass Cisco Prime Security Manager Network Time Protocol Daemon (ntpd) Multiple Vulnerabilities (cisco-sa-20141222-ntpd)CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 20 Mar 2015 7.5 (v2) High Pass D-Link DIR 850L Router Local File Inclusion 11 Sep 2017 10 (v3) Critical Pass Apache 2.2.x < 2.2.24 Multiple XSS Vulnerabilities CVE-2012-3499 CVE-2012-4558 27 Feb 2013 5.3 (v3) Medium Pass Alt-N MDaemon Remote Administration 13.0.x < 13.0.8 RCE (MD041917) (EASYBEE) 02 Jun 2017 9.8 (v3) Critical Pass mod_auth_any for Apache Metacharacter Remote Command Execution CVE-2003-0084 26 Mar 2003 7.5 (v2) High Pass Alt-N MDaemon WebAdmin Unsupported Version Detection 02 Jun 2017 10 (v3) Critical Pass Juniper Junos OS DoS (JSA11092) CVE-2021-0202 14 Jan 2021 7.5 (v3) High Pass H3C / HPE Intelligent Management Center PLAT < 7.3 E0504P04 Multiple Vulnerabilities CVE-2016-7053 CVE-2016-7054 CVE-2016-7055 CVE-2017-5815 CVE-2017-5816 CVE-2017-5817 CVE-2017-5818 CVE-2017-5819 CVE-2017-5820 CVE-2017-5821 CVE-2017-5822 CVE-2017-5823 CVE-2017-8948 CVE-2017-895619 Jun 2017 9.8 (v3) Critical Pass Cisco TelePresence Endpoint SIP INVITE Packet Flood DoS (cisco-sa-20170607-tele) CVE-2017-6648 16 Jun 2017 7.5 (v3) High Pass ISC BIND < 4.9.5 DNS Resolver Functions Remote Overﬂow CVE-2002-0684 03 Apr 2003 10 (v2) Critical Pass RealVNC < 5.0.7 Multiple Local Privilege Escalations CVE-2013-6886 09 Jan 2014 7.2 (v2) High Pass Microsoft Windows SMB Versions Supported (remote check) 19 Jun 2017 None Pass Sophos Web Appliance < 4.3.0 FTP Redirect Page Reﬂected XSS 16 Jun 2017 4.7 (v3) Medium Pass IBM WebSphere Application Server 7.0 < Fix Pack 31 Multiple Vulnerabilities CVE-2012-2098 CVE-2013-1862 CVE-2013-1896 CVE-2013-4005 CVE-2013-4052 CVE-2013-4053 CVE-2013-5372 CVE-2013-5414 CVE-2013-5417 CVE-2013-5418 CVE-2013-5780 CVE-2013-5803 CVE-2013-6325 CVE-2013-6330 CVE-2013-672520 Jan 2014 6.8 (v2) Medium Pass Check_MK 1.2.2 < 1.2.2p3 / 1.2.3 < 1.2.3i5 Multiple Vulnerabilities CVE-2014-2329 CVE-2014-2332 28 Jun 2017 5.4 (v3) Medium Pass Barracuda Appliances Default Credentials 28 Jan 2013 7.3 (v3) High Pass HooToo HT-TM06 TripMate Elite Web Server 'protocol.csp' HTTP Cookie Header Handling RCE CVE-2017-9025 29 Jun 2017 6.5 (v3) Medium Pass Cisco Prime Data Center Network Manager Static Credential Authentication Bypass (cisco-sa-20170607-dcnm2)CVE-2017-6640 10 Jul 2017 9.8 (v3) Critical Pass Cisco Prime Collaboration Provisioning ScriptMgr Servlet Authentication Bypass RCE CVE-2017-6622 13 Jul 2017 9.8 (v3) Critical Pass EMC Data Protection Advisor < 6.4 Multiple Vulnerabilities CVE-2017-8002 CVE-2017-8003 13 Jul 2017 4.9 (v3) Medium Pass Novell NetWare FTPServ Malformed Input Remote DoS 09 May 2003 5.3 (v3) Medium Pass IdealBB Multiple Vulnerabilities (XSS, SQLi, more) CVE-2004-2207 CVE-2004-2208 CVE-2004-2209 21 Oct 2004 5 (v2) Medium Pass Land Down Under <= 801 Multiple Vulnerabilities CVE-2005-2674 CVE-2005-2675 CVE-2005-2788 CVE-2005-2884 CVE-2005-4821 09 Sep 2005 7.5 (v2) High Pass Cherokee Web Server URI Traversal Arbitrary File Access CVE-2001-1432 04 Nov 2004 5 (v2) Medium Pass DevoyBB Multiple Remote Vulnerabilities (SQLi, XSS) CVE-2004-2177 CVE-2004-2178 25 Oct 2004 7.5 (v2) High Pass Grandstream Phone Web UI Information Disclosure 27 Sep 2017 5.3 (v3) Medium Pass ESXi 7.0 DoS (VMSA-2020-0029) CVE-2020-3999 20 Jan 2021 6.5 (v3) Medium Pass Samba Multiple Remote Vulnerabilities CVE-2004-0882 CVE-2004-0930 13 Nov 2004 7.5 (v2) High Pass BlackMoon FTP Login Error Message User Enumeration CVE-2003-0343 27 May 2003 5.3 (v3) Medium Pass Grandstream Phone Web Interface Default Credentials 27 Sep 2017 10 (v3) Critical Pass Jetpack Plugin for WordPress Security Bypass CVE-2014-0173 23 Apr 2014 5.8 (v2) Medium Pass EMC VMAX VASA Provider Virtual Appliance File Upload RCE CVE-2017-4997 28 Jul 2017 9.8 (v3) Critical Pass Splunk Enterprise 6.6.x < 6.6.3 / Splunk Light 6.6.x < 6.6.3 Multiple XSS 24 Aug 2017 4.3 (v3) Medium Pass Fastream NETFile FTP/Web Server HEAD Request Saturation DoS CVE-2004-2534 19 Nov 2004 5 (v2) Medium Pass iisPROTECT Admin Interface SiteAdmin.ASP GroupName Parameter SQL Injection CVE-2003-0377 28 May 2003 6.5 (v2) Medium Pass OS Identiﬁcation : OUI 29 Aug 2017 None Pass Cisco Uniﬁed Operations Manager 8.6 SQL Injection Vulnerability CVE-2013-3437 06 Sep 2017 6.3 (v3) Medium Pass Cisco Prime LAN Management Solution Session Fixation Vulnerability CVE-2017-12225 11 Sep 2017 6.5 (v3) Medium Pass Novell ZENworks Mobile Management MDM.php Local File Inclusion CVE-2013-1081 14 Mar 2013 7.5 (v2) High Pass Apple TV <= 7.2.2 Bluetooth Remote Code Execution (BlueBorne) CVE-2017-14315 14 Sep 2017 7.5 (v3) High Pass EMC Legato Networker Multiple Vulnerabilities CVE-2005-0357 CVE-2005-0358 CVE-2005-0359 03 Sep 2005 10 (v2) Critical Pass H3C / HPE Intelligent Management Center PLAT < 7.3 E0506P03 Multiple Vulnerabilities CVE-2017-12554 CVE-2017-12556 CVE-2017-12557 CVE-2017-12558 CVE-2017-12559 CVE-2017-12560 CVE-2017-12561 06 Oct 2017 9.8 (v3) Critical Pass SolarWinds Log and Event Manager < 6.3.1 Hotﬁx 4 Insecure HTTP Update Download MitM Code ExecutionCVE-2017-5198 CVE-2017-5199 CVE-2017-7646 CVE-2017-7647 17 Oct 2017 8.8 (v3) High Pass ONVIF Device Information 17 Oct 2017 None Pass MailCarrier < 3.0.1 SMTP EHLO Command Remote Overﬂow CVE-2004-1638 03 Dec 2004 7.5 (v2) High Pass NUUO NVR Web Interface RCE 18 Oct 2017 9.8 (v3) Critical Pass MS04-006: WINS Server Remote Overﬂow (830352) (uncredentialed check) CVE-2003-0825 06 Dec 2004 10 (v2) Critical Pass D-Link DIR-300L/600L Remote Command Execution 24 Oct 2017 10 (v3) Critical Pass Apache < 1.3.28 Multiple Vulnerabilities (DoS, ID) CVE-2003-0460 18 Jul 2003 9.1 (v3) Critical Pass MVPower DVR Remote Command Execution 25 Oct 2017 10 (v3) Critical Pass Vocran NVR Remote Command Execution 24 Oct 2017 10 (v3) Critical Pass Apache 2.0.x < 2.0.48 Multiple Vulnerabilities (OF, Info Disc.) CVE-2003-0789 CVE-2003-0542 26 Sep 2003 9.8 (v3) Critical Pass Apple TV < 11.1 Multiple Vulnerabilities CVE-2017-13080 CVE-2017-13783 CVE-2017-13784 CVE-2017-13785 CVE-2017-13788 CVE-2017-13791 CVE-2017-13792 CVE-2017-13793 CVE-2017-13794 CVE-2017-13795 CVE-2017-13796 CVE-2017-13797 CVE-2017-13798 CVE-2017-13799 CVE-2017-13802 CVE-2017-13803 CVE-2017-13804 CVE-2017-1384903 Nov 2017 7.8 (v3) High Pass OpenSSL 1.0.x < 1.0.2m RSA/DSA Unspeciﬁed Carry Issue CVE-2017-3735 CVE-2017-3736 06 Nov 2017 5.3 (v3) Medium Pass Citrix Application Delivery Management Agent Information Disclosure CVE-2019-9548 20 Jun 2019 10 (v3) Critical Pass My_eGallery < 3.1.1g Remote File Inclusion 26 Nov 2003 7.5 (v2) High Pass Brother Printer Debut embedded httpd <= 1.20 DoS CVE-2017-16249 30 Nov 2017 7.5 (v3) High Pass CVS pserver Crafted Module Request Arbitrary File / Directory Creation CVE-2003-0977 11 Dec 2003 5 (v2) Medium Pass SSLv2-Only Open Ports 19 Nov 2019 None Pass Oracle MySQL Enterprise Monitor Multiple Vulnerabilities (Jan 2021 CPU) CVE-2019-10086 CVE-2020-5408 CVE-2020-5421 28 Jan 2021 7.3 (v3) High Pass Apache 1.3.x < 1.3.41 Multiple Vulnerabilities (DoS, XSS) CVE-2007-3847 CVE-2007-5000 CVE-2007-6388 CVE-2008-0005 07 Mar 2008 5.3 (v3) Medium Pass Splunk Enterprise 5.0.x < 5.0.11 Multiple Vulnerabilities (POODLE) CVE-2014-3566 CVE-2014-3567 04 Dec 2014 4.3 (v2) Medium 95

RELAYTO Penetration Test Results - Page 95

RELAYTO Penetration Test Results Page 94 Page 96