RELAYTO Penetration Test Results (6/101)

Pass Multiple Vendor info2www CGI Arbitrary Command Execution CVE-1999-0266 22 Jun 1999 10 (v2) Critical Pass MDaemon WorldClient HTTP Server URL Overﬂow DoS CVE-1999-0844 24 Nov 1999 5 (v2) Medium Pass Mini SQL w3-msql Arbitrary Directory Access (deprecated) CVE-1999-0753 08 Sep 1999 7.5 (v2) High Pass IRIX pfdispaly Arbitrary File Access CVE-1999-0270 22 Jun 1999 7.8 (v2) High Pass Lotus Notes SMTP Server HELO Command Overﬂow DoS CVE-1999-0284 22 Jun 1999 5 (v2) Medium Pass FlexCast Server Detection 07 Jun 2005 None Pass HP LaserJet Printer Unauthenticated Access CVE-1999-1061 22 Jun 1999 9 (v2) High Pass Web Server /cgi-bin Perl Interpreter Access CVE-1999-0509 22 Jun 1999 10 (v2) Critical Pass HTTP Proxy Arbitrary Site/Port Relaying 22 Jun 1999 6.8 (v2) Medium Pass Qpopper PASS Command Remote Overﬂow CVE-1999-0006 22 Jun 1999 10 (v2) Critical Pass MySQL Enterprise Monitor 4.x < 4.0.9 / 8.x < 8.0.16 Padding Oracle (Apr 2019 CPU) CVE-2019-1559 24 Jul 2020 5.9 (v3) Medium Pass Rover POP3 Server Username Remote Overﬂow CVE-2000-0060 03 Jan 2000 10 (v2) Critical Pass rexecd Service Detection CVE-1999-0618 31 Aug 1999 10 (v2) Critical Pass CDE RPC tooltalk Service Multiple Overﬂows CVE-1999-0003 CVE-1999-0693 22 Aug 1999 10 (v2) Critical Pass Multiple Mail Server EXPN/VRFY Information Disclosure 22 Jun 1999 5 (v2) Medium Pass NetCPlus SmartServer3 POP3 (NCPOPSERV.EXE) USER Command Remote Overﬂow 12 Nov 1999 10 (v2) Critical Pass Sendmail MAIL FROM Command Arbitrary Remote Command Execution CVE-1999-0203 22 Aug 1999 7.5 (v2) High Pass Sendmail RCPT TO Command Arbitrary File Overwrite 30 Aug 1999 10 (v2) Critical Pass Multiple MTA HELO Command Remote Overﬂow CVE-1999-0098 CVE-1999-1015 CVE-1999-1504 18 Aug 1999 7.5 (v2) High Pass Systat Service Remote Information Disclosure CVE-1999-0637 22 Jun 1999 5 (v2) Medium Pass Sendmail 8.6.9 IDENT Remote Overﬂow CVE-1999-0204 27 Aug 2002 9.8 (v3) Critical Pass SSH CBC/CFB Data Stream Injection CVE-1999-1085 23 Jul 1999 5.1 (v2) Medium Pass TCP/IP 'Chorusing' Windows DoS CVE-1999-1201 31 Oct 1999 5.7 (v2) Medium Pass MS00-013: Microsoft Windows Media Server Malformed Handshake Sequence DoS (253943) (intrusive check)CVE-2000-0211 28 Feb 2000 5 (v2) Medium Pass WinSATAN Backdoor Detection 04 Jan 2000 7.5 (v2) High Pass thttpd Double Slash Request Arbitrary File Access CVE-1999-1456 22 Jun 1999 5 (v2) Medium Pass UoW imapd AUTHENTICATE Command Remote Overﬂow CVE-1999-0005 22 Jun 1999 10 (v2) Critical Pass Vermillion FTPD Long CWD Commands DoS CVE-1999-1058 22 Nov 1999 5 (v2) Medium Pass Citrix Published Applications Remote Enumeration 09 Oct 2002 5 (v2) Medium Pass Microsoft Windows NT WINS Service Malformed Data DoS CVE-1999-0288 30 Aug 1999 5 (v2) Medium Pass WinGate Passwordless Default Installation CVE-1999-0291 22 Jun 1999 7.5 (v2) High Pass WindowsNT DNS Server Character Saturation DoS CVE-1999-0275 22 Jun 1999 5 (v2) Medium Pass CDomain whois_raw.cgi fqdn Parameter Arbitrary Command Execution CVE-1999-1063 22 Jun 1999 7.5 (v2) High Pass ISC BIND < 4.9.7 / 8.1.2 Inverse-Query Remote Overﬂow CVE-1999-0009 02 Apr 2002 10 (v2) Critical Pass Pocsag POC32 Remote Service Default Password (password) CVE-2000-0225 07 Mar 2000 5 (v2) Medium Pass Cayman DSL Router Unauthenticated Access CVE-1999-0508 12 Mar 2000 7.5 (v2) High Pass Kerberos klogind Remote Overﬂow CVE-2000-0389 18 May 2000 7.2 (v2) High Pass Microsoft IIS/PWS %2e Request ASP Source Disclosure CVE-1999-0253 10 Apr 2000 5 (v2) Medium Pass UoW imapd (UW-IMAP) Multiple Command Remote Overﬂows (2) CVE-2000-0284 18 Apr 2000 10 (v2) Critical Pass LCDproc < 0.4.1 screen_add Command Remote Overﬂow CVE-2000-0295 22 Apr 2000 7.5 (v2) High Pass MERCUR Mailserver Local Traversal Arbitrary File Access CVE-2000-0318 25 Apr 2000 6.5 (v2) Medium Pass Palo Alto Expedition < 1.1.13 Cross-Site Scripting Vulnerability (PAN-SA-2019-0009) CVE-2019-1574 08 Apr 2020 5.4 (v3) Medium Pass Piranha's RH6.2 default password CVE-2000-0248 25 Apr 2000 7.5 (v2) High Pass Cassandra NNTP Server Login Name Remote Overﬂow DoS CVE-2000-0341 02 May 2000 7.5 (v2) High Pass X Server Detection 12 May 2000 2.6 (v2) Low Pass spin_client.cgi Remote Overﬂow 03 May 2000 7.5 (v2) High Pass Gnapster Absolute Path Name Request Arbitrary File Access CVE-2000-0412 12 May 2000 7.5 (v2) High Pass Marcus Xenakis directory.php Execute Arbitrary Commands CVE-2002-0434 07 Jun 2002 10 (v2) Critical Pass SubSeven Trojan Detection 15 May 2000 10 (v2) Critical Pass IBM WebSphere Application Server 6.1 < Fix Pack 45 Multiple Vulnerabilities CVE-2012-2170 CVE-2012-2190 CVE-2012-2191 CVE-2012-3293 CVE-2012-3304 CVE-2012-3305 CVE-2012-3306 CVE-2012-3311 CVE-2012-332502 Oct 2012 6.8 (v2) Medium Pass Rockliﬀe MailSite Management Agent wconsole.dll GET Request Overﬂow CVE-2000-0398 25 May 2000 7.8 (v2) High Pass Qpopper EUIDL Arbitrary Command Execution CVE-2000-0320 27 May 2000 6.5 (v2) Medium Pass NAI WebShield SMTP GET_CONFIG Information Disclosure CVE-2000-0448 27 May 2000 5 (v2) Medium Pass Imate SMTP Server HELO Command Remote Overﬂow DoS CVE-2000-0507 06 Jun 2000 5 (v2) Medium Pass Sambar Server /sysadmin Default Accounts 25 May 2000 7.5 (v2) High Pass INN < 2.2.3 verifycancels Option Cancel Request Message Overﬂow CVE-2000-0472 07 Jun 2000 3.6 (v2) Low Pass WU-FTPD site_exec() Function Remote Format String CVE-2000-0573 27 Jun 2000 9.8 (v3) Critical Pass vpopmail vchkpw USER/PASS Command Format String CVE-2000-0583 15 Jul 2000 5 (v2) Medium Pass ipop2d fold Command Arbitrary File Access 02 Aug 2000 5 (v2) Medium Pass Zope < 2.1.7 DocumentTemplate Unauthorized DTML Entity Modiﬁcation CVE-2000-0483 22 Jun 2000 7.5 (v2) High Pass Snare Agent for Linux < 1.7.0 / 2.0.0 Multiple Vulnerabilities CVE-2011-5247 CVE-2011-5249 CVE-2011-5250 24 Dec 2012 4.3 (v2) Medium Pass Big Brother bb-hostsvc.sh 'HOSTSVC' Parameter Traversal Arbitrary File Access CVE-2000-0638 12 Jul 2000 5 (v2) Medium Pass Poll It CGI data_dir Parameter Arbitrary File Access CVE-2000-0590 12 Jul 2000 7.5 (v2) High Pass Apache Tomcat contextAdmin Arbitrary File Access CVE-2000-0672 22 Jul 2000 7.5 (v3) High Pass Multiple Web Server ~nobody/ Request Arbitrary File Access 01 Aug 2000 5 (v2) Medium Pass MiniVend view_page.html Shell Metacharacter Arbitrary Command Execution CVE-2000-0635 16 Jul 2000 7.5 (v2) High Pass Apache Tomcat Snoop Servlet Remote Information Disclosure CVE-2000-0760 22 Jul 2000 5.3 (v3) Medium Pass WebActive HTTP Server active.log Remote Information Disclosure CVE-2000-0642 16 Jul 2000 5 (v2) Medium Pass Roxen Web Server /%00/ Encoded Request Forced Directory Listing CVE-2000-0671 22 Jul 2000 5 (v2) Medium Pass bftpd NLST Command Output Format String 11 Dec 2000 7.3 (v3) High Pass Juniper Junos Connectionless Network Protocol (CLNP) Packet Handling Unspeciﬁed Remote Code Execution / DoS (JSA10844)CVE-2018-0016 20 Apr 2018 9.8 (v3) Critical Pass Apache WebDAV Module PROPFIND Arbitrary Directory Listing CVE-2000-0869 08 Sep 2000 5 (v2) Medium Pass Symantec (Blue Coat) Reporter UI Information Disclosure Vulnerability (SYMSA1489) CVE-2019-12753 30 Aug 2019 4.9 (v3) Medium Pass Simple Web Counter swc ctr Parameter Remote Overﬂow 24 Aug 2000 7.5 (v2) High Pass htgrep hdr Parameter Arbitrary File access CVE-2000-0832 24 Aug 2000 5 (v2) Medium Pass Juniper Junos VPLS Routing MPLS Packet Handling mbuf Exhaustion Remote DoS (JSA10845) CVE-2018-0017 20 Apr 2018 7.5 (v3) High Pass IBM WebSphere Application Server 8.0 < Fix Pack 5 Multiple Vulnerabilities CVE-2012-3304 CVE-2012-3305 CVE-2012-3306 CVE-2012-3311 CVE-2012-3325 CVE-2012-3330 31 Jan 2013 6.8 (v2) Medium Pass Boa Web Server Traversal Arbtirary File Access/Execution CVE-2000-0920 06 Oct 2000 5 (v2) Medium Pass Nortel Networks Router Unpassworded Account (manager Level) 06 Oct 2000 7.8 (v2) High Pass Nortel Networks Router Unpassworded Account (User Level) 06 Oct 2000 7.8 (v2) High Pass Extent RBS Web Server Image Parameter Traversal Arbitrary File Access CVE-2000-1036 26 Sep 2000 5 (v2) Medium Pass Cisco PIX Firewall Mailguard Feature SMTP Content Filter Bypass CVE-2000-1022 04 Oct 2000 7.3 (v3) High Pass FreeBSD 4.1.1 Finger Arbitrary Remote File Access CVE-2000-0915 14 Oct 2000 7.8 (v2) High Pass eXtropia Web Store web_store.cgi Traversal Arbitrary File Access CVE-2000-1005 10 Oct 2000 5 (v2) Medium Pass CGIForum cgiforum.pl thesection Parameter Traversal Arbitrary File Access CVE-2000-1171 20 Nov 2000 5 (v2) Medium Pass KW Whois CGI whois Parameter Arbitrary Command Execution CVE-2000-0941 29 Nov 2002 7.5 (v2) High Pass Juniper Junos SNMP MIB-II Subagent Daemon (mib2d) Unspeciﬁed Remote DoS (JSA10847) CVE-2018-0019 20 Apr 2018 5.3 (v3) Medium Pass Microsoft Windows LAN Manager SNMP LanMan Users Disclosure CVE-1999-0499 10 Nov 2000 5.3 (v3) Medium Pass Microsoft Windows LAN Manager SNMP LanMan Shares Disclosure CVE-1999-0499 10 Nov 2000 5.3 (v3) Medium Pass XMail APOP / USER Command Remote Overﬂow CVE-2000-0840 CVE-2000-0841 28 Nov 2000 10 (v2) Critical Pass Serv-U CD Command Encoded Traversal Arbitrary File/Directory Access CVE-2001-0054 06 Dec 2000 5 (v2) Medium Pass Cisco 600 Series Router HTTP GET DoS (cisco-sa-20001204-cbos) CVE-2001-0058 29 Nov 2000 5.4 (v2) Medium Pass Cisco NX-OS DHCPv4 Crafted Packet DoS (cisco-sa-20161005-dhcp1) CVE-2015-6392 22 Nov 2016 7.5 (v3) High Pass Juniper Junos Short MacSec Keys Conﬁguration CKN / CAK Key Extension Brute-force Mitm Spooﬁng (JSA10854)CVE-2018-0021 20 Apr 2018 8.8 (v3) High Pass tinyProxy Long Connect Request Overﬂow CVE-2001-0129 19 Jan 2001 5 (v2) Medium Pass Juniper Junos VPLS Routing MPLS Packet Handling mbuf Exhaustion Remote DoS (JSA10855) CVE-2018-0022 20 Apr 2018 7.5 (v3) High Pass News Desk newsdesk.cgi t Parameter Traversal Arbitrary File Access CVE-2001-0231 04 Jan 2001 5 (v2) Medium Pass popper_mod PHP Administration Script Authentication Bypass CVE-2002-0513 09 Mar 2003 7.5 (v2) High Pass OpenSSH 2.3.1 SSHv2 Public Key Authentication Bypass CVE-2001-1585 09 Feb 2001 9.3 (v2) High Pass iWeb Hyperseek 2000 hsx.cgi show Parameter Traversal Arbitrary File Read CVE-2001-0253 29 Jan 2001 5 (v2) Medium Pass Allaire JRun Crafted Request Forced Directory Listing CVE-2000-1050 29 Jan 2001 5 (v2) Medium Pass Commerce.CGI Shopping Cart commerce.cgi page Parameter Traversal Arbitrary File Access CVE-2001-0210 13 Feb 2001 5 (v2) Medium Pass WebSPIRS webspirs.cgi Traversal Arbitrary File Access CVE-2001-0211 17 Feb 2001 5 (v2) Medium Pass W3.org Anaya Web sendtemp.pl 'templ' Parameter Traversal Arbitrary File Access CVE-2001-0272 15 Feb 2001 7.8 (v2) High Pass Savant Web Server Multiple Percent Request Remote DoS 13 Mar 2001 5 (v2) Medium Pass Oracle XSQL query.xsql sql Parameter SQL Injection CVE-2002-1631 15 Feb 2001 5 (v2) Medium Pass Solaris FTP Daemon CWD Command Account Enumeration 16 Apr 2001 5.3 (v3) Medium Pass BSD Based FTP Server Multiple glob Function Remote Overﬂow CVE-2001-0247 16 Apr 2001 9.8 (v3) Critical Pass Thinking Arts ES.One store.cgi StartID Parameter Traversal Arbitrary File Access CVE-2001-0305 25 Mar 2001 7.5 (v2) High Pass Ananconda Partners Clipper anacondaclip.pl Traversal Arbitrary File Access CVE-2001-0593 28 Mar 2001 5 (v2) Medium Pass DHCP Server Detection 05 May 2001 3.3 (v2) Low Pass Solaris snmpXdmid Long Indication Event Overﬂow (ELVISCICADA) CVE-2001-0236 03 May 2001 9.8 (v3) Critical 6

RELAYTO Penetration Test Results - Page 6

RELAYTO Penetration Test Results Page 5 Page 7