RELAYTO Penetration Test Results (87/101)

Pass Pixelpost index.php category Parameter SQL Injection CVE-2006-2889 06 Jun 2006 5.1 (v2) Medium Pass DokuWiki Spell Checker Embedded Link Arbitrary PHP Code Execution CVE-2006-2878 06 Jun 2006 7.5 (v2) High Pass OpenEMR C_FormEvaluation.class.php ﬁleroot Parameter Remote File Inclusion CVE-2006-2929 09 Jun 2006 6.8 (v2) Medium Pass Rendezvous Daemon Detection 10 Jun 2006 None Pass Calendarix Multiple Script id Parameter SQL Injection CVE-2006-3094 17 Jun 2006 5.1 (v2) Medium Pass Adobe Experience Manager < 6.5.9.0 Multiple Vulnerabilities (APSB21-39) CVE-2021-28625 CVE-2021-28626 CVE-2021-28627 CVE-2021-28628 10 Jun 2021 8.8 (v3) High Pass Wikka wikka.php Local File Inclusion CVE-2006-7049 17 Jun 2006 7.5 (v2) High Pass BlueDragon 6.2.1 Multiple Remote Vulnerabilities (XSS, DoS) CVE-2006-2310 CVE-2006-2311 23 Jun 2006 5 (v2) Medium Pass Cisco IOS XE Software SD WAN Console Privilege Escalation (cisco-sa-sdwan-esc-rSNVvTf9) CVE-2021-1371 08 Jul 2021 6.6 (v3) Medium Pass Juniper Junos OS Vulnerability (JSA11178) 14 Jul 2021 5.5 (v3) Medium Pass Juniper Junos OS DoS (JSA11054) CVE-2020-1660 14 Jul 2021 9.9 (v3) Critical Pass Juniper Junos OS Vulnerability (JSA11177) 14 Jul 2021 7.8 (v3) High Pass TeamCity Server < 2020.2.4 Multiple Vulnerabilities CVE-2020-7908 CVE-2020-7909 CVE-2020-7910 CVE-2020-7911 CVE-2020-11686 CVE-2020-11687 CVE-2020-11688 CVE-2020-11689 CVE-2020-11938 CVE-2020-15826 CVE-2021-3315 CVE-2021-26309 CVE-2021-26310 CVE-2021-31904 CVE-2021-31906 CVE-2021-31907 CVE-2021-31908 CVE-2021-31909 CVE-2021-31910 CVE-2021-31911 CVE-2021-31912 CVE-2021-31913 CVE-2021-31914 CVE-2021-3191516 Jul 2021 9.8 (v3) Critical Pass Scout Portal Toolkit SPT--ForumTopics.php forumid Parameter SQL Injection CVE-2006-3309 28 Jun 2006 7.5 (v2) High Pass Geeklog Multiple Script _CONF[path] Parameter Remote File Inclusion CVE-2006-6225 29 Jun 2006 5.1 (v2) Medium Pass FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload CVE-2006-3362 29 Jun 2006 8.8 (v3) High Pass MySQL 5.7.x < 5.7.35 Multiple Vulnerabilities (Jul 2021 CPU) CVE-2019-17543 CVE-2021-2342 CVE-2021-2356 CVE-2021-2372 CVE-2021-2385 CVE-2021-2389 CVE-2021-2390 CVE-2021-22901 22 Jul 2021 8.1 (v3) High Pass SiteBuilder-FX top.php admindir Parameter Remote File Inclusion CVE-2006-3395 02 Jul 2006 5.1 (v2) Medium Pass CommuniGate Pro POP Service Empty Inbox Remote DoS CVE-2006-3477 04 Jul 2006 5 (v2) Medium Pass Horde < 3.0.11 / 3.1.2 Multiple Script XSS CVE-2006-3548 CVE-2006-3549 05 Jul 2006 4.3 (v2) Medium Pass LifeType index.php Date Parameter SQL Injection CVE-2006-3577 05 Jul 2006 7.5 (v2) High Pass Mambo phpBB Component download.php phpbb_root_path Parameter Remote File Inclusion CVE-2006-7208 11 Jul 2006 6.8 (v2) Medium Pass SimpleBoard / Joomlaboard 'sbp' Parameter Remote File Include CVE-2006-3528 CVE-2006-5043 11 Jul 2006 8.1 (v3) High Pass Apache Tomcat 8.5.0 < 8.5.57 Multiple Vulnerabilities CVE-2020-13934 CVE-2020-13935 17 Jul 2020 7.5 (v3) High Pass Juniper Junos OS DoS (JSA11274) CVE-2022-22166 14 Feb 2022 6.5 (v3) Medium Pass Mambo / Joomla! Component / Module 'mosConﬁg_absolute_path' Multiple Parameter Remote File Include VCVE-2006-3396 CVE-2006-3530 CVE-2006-3556 CVE-2006-3748 CVE-2006-3749 CVE-2006-3750 CVE-2006-3751 CVE-2006-3773 CVE-2006-3774 CVE-2006-3846 CVE-2006-3947 CVE-2006-3949 CVE-2006-3980 CVE-2006-3995 CVE-2006-4074 CVE-2006-4130 CVE-2006-4195 CVE-2006-4270 CVE-2006-4288 CVE-2006-4553 CVE-2006-4858 CVE-2006-5045 CVE-2006-5048 CVE-2006-5519 CVE-2006-6962 CVE-2007-1702 CVE-2007-2005 CVE-2007-2144 CVE-2007-2319 CVE-2007-3130 CVE-2007-5310 CVE-2007-5412 CVE-2007-5457 CVE-2008-0567 CVE-2008-5789 CVE-2008-5790 CVE-2008-5793 CVE-2008-6841 CVE-2010-2918ulnerabilities 15 Jul 2006 8.1 (v3) High Pass VHCS include/sql.php include_path Parameter Remote File Inclusion 19 Jul 2006 6.8 (v2) Medium Pass VHCS login.php check_login() Function Authentication Bypass CVE-2006-0685 19 Jul 2006 10 (v2) Critical Pass Invision Power Board classes/class_session.php CLIENT_IP HTTP Header SQL Injection CVE-2006-7071 24 Jul 2006 7.5 (v2) High Pass TWiki conﬁgure Script Arbitrary Command Execution CVE-2006-3819 31 Jul 2006 8.8 (v3) High Pass phpMyAdmin import_blacklist Variable Overwriting CVE-2005-4079 31 Jul 2006 5 (v2) Medium Pass eIQnetworks Enterprise Security Analyzer Syslog Server Detection 02 Aug 2006 None Pass eIQnetworks Enterprise Security Analyzer License Manager Detection 02 Aug 2006 None Pass nginx Data Disclosure Vulnerability CVE-2017-7529 16 Oct 2018 7.5 (v3) High Pass Jenkins < 2.89.2 / 2.95 Multiple Vulnerabilities CVE-2017-1000503 CVE-2017-1000504 01 Feb 2018 8.1 (v3) High Pass Jenkins < 1.642.2 / 1.650 and Jenkins Enterprise < 1.609.16.1 / 1.625.16.1 / 1.642.2.1 Multiple VulnerabilitiesCVE-2016-0788 CVE-2016-0789 CVE-2016-0790 CVE-2016-0791 CVE-2016-0792 14 Mar 2016 9.8 (v3) Critical Pass nginx < 1.6.1 / 1.7.4 SMTP STARTTLS Command Injection CVE-2014-3556 19 Aug 2014 6.5 (v3) Medium Pass Jenkins < 1.514 / 1.509.1 and Jenkins Enterprise 1.466.x / 1.480.x < 1.466.14.1 / 1.480.4.1 Multiple VulnerabilitiesCVE-2013-1808 CVE-2013-2033 CVE-2013-2034 14 Jun 2013 6.8 (v2) Medium Pass Ping the remote host 24 Jun 1999 None Pass nginx 1.0.7 - 1.0.14 / 1.1.3 - 1.1.18 ngx_http_mp4_module Buﬀer Overﬂow CVE-2012-2089 13 Apr 2012 5.6 (v3) Medium Pass Jenkins < 2.107 / < 2.89.4 (LTS) Server-Side Request Forgery (SSRF) Vulnerability CVE-2018-1000067 05 Jun 2019 5.3 (v3) Medium Pass Jenkins < 2.176.2 LTS / 2.186 Multiple Vulnerabilities CVE-2019-10352 CVE-2019-10353 CVE-2019-10354 26 Jul 2019 7.5 (v3) High Pass Jenkins weekly < 2.280 Privilege Escalation CVE-2021-22112 09 Apr 2021 8.8 (v3) High Pass Jenkins LTS < 2.277.3 / Jenkins weekly < 2.286 CVE-2021-28165 23 Apr 2021 7.5 (v3) High Pass Barracuda Spam Firewall Default Credentials CVE-2006-4000 CVE-2006-4001 CVE-2006-4081 CVE-2006-4082 02 Aug 2006 7.5 (v2) High Pass eIQnetworks Enterprise Security Analyzer Topology Server Detection 03 Aug 2006 None Pass eIQnetworks Enterprise Security Analyzer Monitoring Agent Detection 10 Aug 2006 None Pass ManageEngine AssetExplorer < 6.1.0 Build 6113 Multiple XSS CVE-2015-2169 CVE-2015-5061 09 Nov 2015 3.1 (v3) Low Pass PostgreSQL Empty Password Handling Remote Authentication Bypass CVE-2017-7546 20 Oct 2017 9.8 (v3) Critical Pass TLS Padding Oracle Information Disclosure Vulnerability (TLS POODLE) CVE-2014-8730 15 Dec 2014 5.3 (v3) Medium Pass RealVNC Java Viewer Detection 09 Jan 2014 None Pass TigerVNC Java Viewer Detection 09 Jan 2014 None Pass ManageEngine AssetExplorer < 5.6.0 Build 5614 XML Asset Data XSS CVE-2012-5956 24 Jan 2013 3.1 (v3) Low Pass MS12-026: Vulnerabilities in Forefront Uniﬁed Access Gateway (UAG) Could Allow Information Disclosure (2663860) (uncrCVE-2012-0146 CVE-2012-0147edentialed check) 27 Apr 2012 4.3 (v2) Medium Pass MS12-036: Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939) (uncredentialed check)CVE-2012-0173 16 Jul 2012 9.3 (v2) High Pass RuggedCom RuggedOS Default 'factory' Account Backdoor CVE-2012-1803 12 Jun 2012 9.8 (v3) Critical Pass ManageEngine AssentExplorer < 6.8 Unauthenticated Stored XSS CVE-2021-20080 12 Apr 2021 6.1 (v3) Medium Pass WEBInsta CMS index.php templates_dir Parameter Remote File Inclusion CVE-2006-4196 14 Aug 2006 7.5 (v2) High Pass Informix Detection 16 Aug 2006 None Pass SquirrelMail compose.php session_expired_post Arbitrary Variable Overwriting CVE-2006-4019 17 Aug 2006 6.4 (v2) Medium Pass CubeCart < 3.0.12 Multiple Vulnerabilities (SQLi, XSS) CVE-2006-4267 CVE-2006-4268 17 Aug 2006 7.5 (v2) High Pass Owl Intranet Engine <= 0.91 Multiple Vulnerabilities CVE-2006-4211 CVE-2006-4212 17 Aug 2006 7.5 (v2) High Pass Zen Cart ipn_main_handler.php custom SQL Injection CVE-2006-4214 17 Aug 2006 7.5 (v2) High Pass IBM Cognos Analytics Web Interface Detection 20 Sep 2021 None Pass Zen Cart autoload_func.php autoLoadConﬁg Array Remote File Inclusion CVE-2006-4215 17 Aug 2006 5.1 (v2) Medium Pass Docebo GLOBALS Variable Overwrite Remote File Inclusion CVE-2006-2576 CVE-2006-2577 17 Aug 2006 5.1 (v2) Medium Pass MDaemon < 9.0.6 POP3 Server USER / APOP Command Remote Overﬂow CVE-2006-4364 23 Aug 2006 5 (v2) Medium Pass phpCOIN Multiple Script _CCFG Parameter Remote File Inclusion CVE-2006-4424 CVE-2006-4425 25 Aug 2006 5.1 (v2) Medium Pass PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities CVE-2006-0996 CVE-2006-1490 CVE-2006-1494 CVE-2006-1608 CVE-2006-1990 CVE-2006-1991 CVE-2006-2563 CVE-2006-2660 CVE-2006-3011 CVE-2006-3016 CVE-2006-3017 CVE-2006-3018 CVE-2006-443325 Aug 2006 9.3 (v2) High Pass Zend Session Clustering Daemon Detection 25 Aug 2006 None Pass PHProjekt <= 5.1 Multiple Remote File Inclusions CVE-2006-4204 29 Aug 2006 7.5 (v2) High Pass Feedsplitter <= 2006-01-21 Multiple Remote Vulnerabilities (XSS, Traversal, Disc) CVE-2006-4549 CVE-2006-4550 CVE-2006-4551 CVE-2006-4552 31 Aug 2006 7.5 (v2) High Pass CubeCart < 3.0.13 Multiple Remote Vulnerabilities (LFI, SQLi, XSS) CVE-2006-4525 CVE-2006-4526 CVE-2006-4527 31 Aug 2006 7.5 (v2) High Pass Joomla! < 1.0.11 administrator/index.php Input Weakness CVE-2006-4468 01 Sep 2006 5.6 (v3) Medium Pass Joomla! < 1.0.11 Unspeciﬁed Remote Code Execution CVE-2005-3390 CVE-2006-4469 01 Sep 2006 5.6 (v3) Medium Pass e107 ibrowser.php zend_has_del() Function Remote Code Execution CVE-2005-3390 CVE-2006-3017 02 Sep 2006 8.8 (v3) High Pass TikiWiki jhot.php Arbitrary File Upload CVE-2006-4602 04 Sep 2006 8.8 (v3) High Pass Mailman Utils.py Spoofed Log Entry Injection CVE-2006-4624 05 Sep 2006 2.6 (v2) Low Pass Cisco IOS XE Software TrustSec CLI Parser DoS (cisco-sa-trustsec-dos-7fuXDR2) CVE-2021-34699 19 Oct 2021 7.7 (v3) High Pass PmWiki < 2.1.21 Global Variables Overwriting CVE-2006-3017 06 Sep 2006 7.5 (v2) High Pass Cisco IOS Software TrustSec CLI Parser DoS (cisco-sa-trustsec-dos-7fuXDR2) CVE-2021-34699 19 Oct 2021 7.7 (v3) High Pass DokuWiki doku.php X-FORWARDED-FOR HTTP Header Arbitrary Code Injection CVE-2006-4674 08 Sep 2006 7.5 (v2) High Pass TWiki 'ﬁlename' Parameter Traversal Arbitrary File Access CVE-2006-4294 15 Sep 2006 5 (v2) Medium Pass RMI Remote Object Detection 15 Sep 2006 None Pass Moodle < 1.6.2 Multiple Vulnerabilities CVE-2006-4784 CVE-2006-4785 CVE-2006-4786 15 Sep 2006 7.5 (v2) High Pass Claroline claro_init_local.inc.php extAuthSource[newUser] Parameter Remote File Inclusion CVE-2006-4844 16 Sep 2006 5.1 (v2) Medium Pass QNAP QTS Multiple Vulnerabilities in File Station (QSA-20-01) CVE-2018-19943 CVE-2018-19949 CVE-2018-19953 26 May 2022 9.8 (v3) Critical Pass Dokeos claro_init_local.inc.php extAuthSource Parameter Array Remote File Inclusion CVE-2006-4844 16 Sep 2006 5.1 (v2) Medium Pass Limbo Contact Component (com_contact) contact.html.php contact_attach Unrestricted File Upload CVE-2006-4859 16 Sep 2006 8.8 (v3) High Pass Site@School Multiple Script cmsdir Parameter Remote File Inclusion CVE-2006-4920 CVE-2006-4921 16 Sep 2006 7.5 (v2) High Pass Limbo com_fm Component sql.php classes_dir Parameter Remote File Inclusion 17 Sep 2006 6.8 (v2) Medium Pass Derby Network Server Detection 18 Sep 2006 None Pass Exponent CMS index.php view Parameter Local File Inclusion CVE-2006-4963 19 Sep 2006 6.4 (v2) Medium Pass MyReview Admin.php email Parameter SQL Injection CVE-2006-4957 19 Sep 2006 7.5 (v2) High Pass SAP Internet Transaction Server wgate Multiple Parameter XSS CVE-2006-5114 28 Sep 2006 6.8 (v2) Medium Pass DokuWiki fetch.php Multiple Parameter imconvert Function Arbitrary Command Execution CVE-2006-5098 CVE-2006-5099 29 Sep 2006 8.8 (v3) High Pass Sun Secure Global Software / Tarantella Detection 29 Sep 2006 None Pass HAMweather Template.php do_parse_code Function Arbitrary Code Execution CVE-2006-5185 04 Oct 2006 7.5 (v2) High Pass Moodle 'index.php' 'tag' Parameter SQL Injection CVE-2006-5219 10 Oct 2006 5.1 (v2) Medium Pass Pervasive PSQL / Btrieve Server Detection 10 Oct 2006 None Pass Cisco IOS XE Software NETCONF RESTCONF Authentication Bypass (cisco-sa-aaa-Yx47ZT8Q) CVE-2021-1619 06 Oct 2021 9.1 (v3) Critical Pass BlueShoes lib/googlesearch/GoogleSearch.php APP[path][lib] Parameter Remote File Inclusion CVE-2006-5250 13 Oct 2006 5.1 (v2) Medium Pass Web Site sitemap.xml File and Directory Disclosure 14 Oct 2006 None Pass phpMyConferences menus.inc.php lvc_include_dir Parameter Remote File Inclusion CVE-2006-5310 16 Oct 2006 6.8 (v2) Medium Pass Open Conference System < 1.1.6 Multiple Script fullpath Parameter Remote File Inclusion CVE-2006-5308 18 Oct 2006 7.5 (v2) High Pass SolarWinds Virtualization Manager <= 6.3.1 Privilege Escalation CVE-2016-3643 08 Nov 2021 7.8 (v3) High Pass Microsoft Windows Server Version 1809 Unsupported Version Detection 08 Nov 2021 10 (v3) Critical Pass Microsoft Windows Server Version 1803 Unsupported Version Detection 08 Nov 2021 10 (v3) Critical Pass Microsoft Windows Server Version 1709 Unsupported Version Detection 08 Nov 2021 10 (v3) Critical Pass Microsoft Windows Server Version 1903 Unsupported Version Detection 08 Nov 2021 10 (v3) Critical Pass Microsoft Windows Server Version 1909 Unsupported Version Detection 08 Nov 2021 10 (v3) Critical Pass Trend Micro OﬃceScan 10 SP1 < 10 SP1 Patch 2329 Multiple Vulnerabilities (000287815) CVE-2021-36741 CVE-2021-36742 08 Nov 2021 8.8 (v3) High 87

RELAYTO Penetration Test Results - Page 87

RELAYTO Penetration Test Results Page 86 Page 88