RELAYTO Penetration Test Results (60/101)

Pass rsh Service Detection CVE-1999-0651 22 Aug 1999 7.5 (v2) High Pass WebSite Pro Malformed URL Path Disclosure CVE-2000-0066 13 Jan 2000 5 (v2) Medium Pass Ipswitch IMail / SLMail VRFY Command Remote Overﬂow CVE-1999-0231 22 Jun 1999 5 (v2) Medium Pass Multiple Vendor test-cgi Arbitrary File Access CVE-1999-0070 22 Jun 1999 5 (v2) Medium Pass Trin00 Trojan Detection CVE-2000-0138 05 Feb 2000 10 (v2) Critical Pass Trin00 for Windows Trojan Detection CVE-2000-0138 28 Feb 2000 10 (v2) Critical Pass WinGate Proxy POP3 USER Overﬂow CVE-1999-0494 22 Jun 1999 5 (v2) Medium Pass Zeus Web Server Null Byte Request CGI Source Disclosure CVE-2000-0149 11 Feb 2000 5 (v2) Medium Pass Shaft Trojan Detection CVE-2000-0138 17 Mar 2000 10 (v2) Critical Pass Netscape Server ?wp-* Publishing Tags Forced Directory Listing CVE-2000-0236 22 Mar 2000 5 (v2) Medium Pass Microsoft IIS /iisadmin Unrestricted Access CVE-1999-1538 01 Apr 2000 2.1 (v2) Low Pass Microsoft IIS ASP::$DATA ASP Source Disclosure CVE-1999-0278 10 Apr 2000 5 (v2) Medium Pass AnalogX SimpleServer:WWW Short GET /cgi-bin Remote DoS CVE-2000-0243 12 Apr 2000 5 (v2) Medium Pass Microsoft IIS /iisadmpwd/aexp2.htr Password Policy Bypass CVE-1999-0407 CVE-2002-0421 15 Apr 2000 10 (v2) Critical Pass Microsoft FrontPage htimage.exe CGI Remote Overﬂow CVE-2000-0256 19 Apr 2000 7.5 (v2) High Pass RealServer Port 7070 Malformed Input DoS CVE-2000-0272 22 Apr 2000 5 (v2) Medium Pass mstream DDoS Agent Detection CVE-2000-0138 02 May 2000 5 (v2) Medium Pass PostgreSQL Default Unpassworded Account CVE-1999-0508 27 Jul 2000 7.5 (v2) High Pass MS00-006: Microsoft IIS IDA/IDQ Multiple Vulnerabilities (uncredentialed check) CVE-2000-0071 CVE-2000-0098 CVE-2000-0302 24 Aug 2000 5 (v2) Medium Pass Netwin Netauth netauth.cgi Traversal Arbitrary File Access CVE-2000-0782 24 Aug 2000 5 (v2) Medium Pass mstream DDoS Handler Detection CVE-2000-0138 02 May 2000 5 (v2) Medium Pass Standard & Poor's ComStock MultiCSP Detection CVE-2000-0109 25 May 2000 10 (v2) Critical Pass Axis Camera Default Password CVE-2001-1543 06 Sep 2000 7.5 (v2) High Pass YaBB YaBB.pl num Parameter Traversal Arbitrary File Access CVE-2000-0853 12 Sep 2000 5 (v2) Medium Pass Sambar Server ISAPI Search Utility search.dll Arbitrary Directory Listing CVE-2000-0835 16 Sep 2000 5 (v2) Medium Pass PHP Error Log Format String Command Injection CVE-2000-0967 14 Oct 2000 6.8 (v2) Medium Pass Netscape Messaging Server IMAP LIST Command Remote Overﬂow CVE-2000-0961 19 Dec 2000 10 (v2) Critical Pass Technote main.cgi ﬁlename Parameter Traversal Arbitrary File Access CVE-2001-0075 29 Dec 2000 7.8 (v2) High Pass Microsoft IIS Unicode Remote Command Execution CVE-2000-0884 18 Oct 2000 10 (v2) Critical Pass Samba Web Administration Tool (SWAT) Error Message Username Enumeration CVE-2000-0938 08 Jan 2001 5 (v2) Medium Pass Phorum common.php ForumLang Parameter Traversal Arbitrary File Access 09 Jan 2001 5 (v2) Medium Pass Oracle Application Server XSQL Stylesheet Arbitrary Java Code Execution CVE-2001-0126 22 Jan 2001 7.5 (v2) High Pass Pi3Web tstisap.dll Long URL Overﬂow CVE-2001-0302 CVE-2001-0303 20 Feb 2001 7.5 (v2) High Pass PHP < 4.0.4 IMAP Module imap_open() Function Overﬂow 08 Mar 2001 6.8 (v2) Medium Pass Microsoft IIS WebDAV Malformed PROPFIND Request Remote DoS CVE-2001-0151 08 Mar 2001 7.8 (v2) High Pass PHP-Nuke opendir.php Traversal Arbitrary File Read CVE-2001-0321 17 Apr 2001 5 (v2) Medium Pass MS01-023: Microsoft IIS 5.0 Malformed HTTP Printer Request Header Remote Buﬀer Overﬂow (953155) (uncrCVE-2001-0241edentialed check) 01 May 2001 10 (v2) Critical Pass Microsoft IIS 5 .printer ISAPI Filter Enabled 03 May 2001 None Pass PHP3 Physical Path Disclosure via POST Requests 27 Feb 2015 5 (v2) Medium Pass MS01-026 / MS01-044: Microsoft IIS Remote Command Execution (uncredentialed check) CVE-2001-0333 CVE-2001-0507 15 May 2001 7.5 (v2) High Pass Microsoft SQL Server sa Account Default Blank Password CVE-2000-1209 25 May 2001 10 (v3) Critical Pass Microsoft IIS Source Fragment Disclosure CVE-2000-0457 CVE-2000-0630 29 May 2001 5 (v2) Medium Pass Netscape Messenging Server POP3 Error Message User Account Enumeration CVE-2000-0960 29 May 2001 5 (v2) Medium Pass Microsoft IIS ISAPI Filter Multiple Vulnerabilities (MS01-044) CVE-2001-0500 CVE-2001-0506 CVE-2001-0507 CVE-2001-0508 CVE-2001-0544 CVE-2001-0545 19 Jun 2001 10 (v2) Critical Pass Netscape Enterprise Web Publishing INDEX Command Arbitrary Directory Listing CVE-2001-0250 15 Jun 2001 5 (v2) Medium Pass Microsoft IIS .IDA ISAPI Filter Enabled 19 Jun 2001 None Pass WebLogic Server Double Dot GET Request Remote Overﬂow CVE-2001-0098 21 Jun 2001 10 (v2) Critical Pass PHP Safe Mode mail Function 5th Parameter Arbitrary Command Execution CVE-2001-1246 02 Jul 2001 4.6 (v2) Medium Pass Raptor Firewall 6.5 HTTP Proxy Detection 23 Aug 2001 5 (v2) Medium Pass PhpMyExplorer index.php chemin Parameter Encoded Traversal Arbitrary File Access CVE-2001-1168 07 Sep 2001 5 (v2) Medium Pass Apple Mac OS X Find-By-Content .DS_Store Web Directory Listing CVE-2001-1446 14 Sep 2001 5 (v2) Medium Pass Web Server HTTP Header Internal IP Disclosure CVE-2000-0649 14 Sep 2001 3.1 (v3) Low Pass Alcatel ADSL Modem Unrestricted Remote Access CVE-2001-1424 14 Sep 2001 7.5 (v2) High Pass Squid mkdir-only PUT Request Remote DoS CVE-2001-0843 26 Sep 2001 5 (v2) Medium Pass IBM HTTP Server on AS/400 Trailing Slash Source Code Disclosure 08 Nov 2001 5 (v2) Medium Pass Oracle Application Server Web Cache Multiple Remote DoS CVE-2002-0102 25 Nov 2001 4.3 (v2) Medium Pass Allaire JRun Encoded JSP Request Directory Listing CVE-2001-1510 16 Feb 2016 5 (v2) Medium Pass Apache Win32 ScriptAlias php.exe Arbitrary File Access CVE-2002-2029 25 Jan 2002 5 (v2) Medium Pass Oracle 9iAS mod_plsql Help Page Request Remote Overﬂow CVE-2001-1216 25 Jan 2002 7.5 (v2) High Pass Microsoft IIS ASP Redirection Function XSS CVE-2003-0223 05 Feb 2002 4.3 (v2) Medium Pass Oracle 9iAS DMS / JPM Pages Anonymous Access CVE-2002-0563 07 Feb 2002 5 (v2) Medium Pass Oracle 9iAS globals.jsa Database Credential Remote Disclosure CVE-2002-0562 07 Feb 2002 5 (v2) Medium Pass Oracle 9iAS Java Process Manager /oprocmgr-status Anonymous Process Manipulation CVE-2002-0563 07 Feb 2002 5 (v2) Medium Pass Oracle 9iAS _pages Directory Compiled JSP Source Disclosure CVE-2002-0565 07 Feb 2002 5 (v2) Medium Pass Oracle 9iAS mod_plsql Multiple Procedures XSS 07 Feb 2002 4.3 (v2) Medium Pass Oracle 9iAS mod_plsql Encoded Traversal Arbitrary File Access CVE-2001-1217 07 Feb 2002 5 (v2) Medium Pass PHP-Nuke sql_debug Information Disclosure CVE-2002-2032 07 Feb 2002 5 (v2) Medium Pass IBM DB2 Multiple CGI Single Byte Request Remote DoS CVE-2001-1143 06 Mar 2002 5 (v2) Medium Pass CVS (Web-Based) Entries File Information Disclosure 27 Mar 2002 5 (v2) Medium Pass Oracle JSP Apache/Jserv Path Translation Arbitrary JSP File Execution 27 Mar 2002 6.8 (v2) Medium Pass EFTP Multiple Command Traversal Arbitrary Directory Listing CVE-2001-1109 29 Mar 2002 4 (v2) Medium Pass Microsoft IIS Multiple Remote DoS (MS02-018 / Q319733) CVE-2000-0226 CVE-2002-0072 11 Apr 2002 5 (v2) Medium Pass MS02-018: Microsoft Windows Distributed Transaction Coordinator (DTC) Malformed Input DoS (319733) (intrusive check)CVE-2002-0224 20 Apr 2002 7.8 (v2) High Pass Microsoft IIS / Site Server codebrws.asp Arbitrary Source Disclosure CVE-1999-0739 22 May 2002 5 (v2) Medium Pass University of Washington imap Server (uw-imapd) BODY Request Remote Overﬂow CVE-2002-0379 29 May 2002 6.5 (v2) Medium Pass Microsoft ASP.NET Application Tracing trace.axd Information Disclosure 05 Jun 2002 5 (v2) Medium Pass Microsoft IIS Potentially Compromised Host Detection 05 Jun 2002 10 (v2) Critical Pass Apache on Windows php.exe Malformed Request Path Disclosure CVE-2002-0249 09 Jun 2002 5 (v2) Medium Pass IBM WebSphere Traversal Error Page XSS 08 Jun 2002 4.3 (v2) Medium Pass Cisco ATA-186 Password Circumvention / Recovery CVE-2002-0769 05 Jun 2002 10 (v2) Critical Pass eDonkey Detection 08 Jun 2002 None Pass Apache Tomcat /servlet Mapping XSS CVE-2002-0682 10 Jul 2002 4.3 (v2) Medium Pass Apache Tomcat TroubleShooter Servlet Information Disclosure CVE-2002-2006 15 Jul 2002 5 (v2) Medium Pass AWOL helperfunction.php includedir Parameter Remote File Inclusion CVE-2001-1048 22 Aug 2002 8.3 (v3) High Pass Gallery includedir Parameter Remote File Inclusion CVE-2001-1234 29 Aug 2002 8.3 (v3) High Pass phpMyAdmin sql.php Traversal Arbitrary File Access CVE-2001-0478 04 Sep 2002 5.1 (v2) Medium Pass mldonkey Detection (WWW) 17 Sep 2002 None Pass CGI Generic SQL Injection 23 Jul 2009 7.5 (v2) High Pass Netscape Enterprise Default Administrative Password CVE-1999-0502 22 Jan 2003 7.5 (v2) High Pass Oracle 9iAS soapdocs Directory Remote Information Disclosure 11 Feb 2003 5 (v2) Medium Pass Oracle 9iAS XSQLServlet soapConﬁg.xml Authentication Credentials Disclosure CVE-2002-0568 11 Feb 2003 5 (v2) Medium Pass Oracle 9iAS OWA_UTIL Stored Procedures Information Disclosure CVE-2002-0560 11 Feb 2003 5 (v2) Medium Pass Oracle 9iAS Default SOAP Conﬁguration Unauthorized Application Deployment CVE-2001-1371 11 Feb 2003 7.5 (v2) High Pass PHP < 4.3.1 CGI Module Force Redirect Settings Bypass Arbitrary File Access CVE-2003-0097 CVE-2006-4812 18 Feb 2003 7.5 (v2) High Pass Unpassworded 'guest' Account CVE-1999-0502 20 Feb 2003 9.8 (v3) Critical Pass Unpassworded 'EZsetup' Account CVE-1999-0502 20 Feb 2003 9.8 (v3) Critical Pass Unpassworded 'demos' Account CVE-1999-0502 20 Feb 2003 9.8 (v3) Critical Pass Unpassworded '4Dgifts' Account CVE-1999-0502 20 Feb 2003 9.8 (v3) Critical Pass Unpassworded 'OutOfBox' Account CVE-1999-0502 20 Feb 2003 9.8 (v3) Critical Pass Unpassworded 'lp' Account CVE-1999-0502 20 Feb 2003 9.8 (v3) Critical Pass Unpassworded 'sync' Account CVE-1999-0502 20 Feb 2003 9.8 (v3) Critical Pass Unpassworded 'date' Account CVE-1999-0502 20 Feb 2003 9.8 (v3) Critical Pass Unpassworded 'backdoor' Account CVE-1999-0502 20 Feb 2003 9.8 (v3) Critical Pass Unpassworded 'tutor' Account CVE-1999-0502 20 Feb 2003 9.8 (v3) Critical Pass Unpassworded 'toor' Account CVE-1999-0502 20 Feb 2003 9.8 (v3) Critical Pass Unpassworded 'hax0r' Account CVE-1999-0502 20 Feb 2003 9.8 (v3) Critical Pass Unpassworded 'friday' Account CVE-1999-0502 20 Feb 2003 9.8 (v3) Critical Pass Default Password (root) for 'root' Account CVE-1999-0502 20 Feb 2003 9.8 (v3) Critical Pass Default Password (guest) for 'guest' Account CVE-1999-0501 CVE-1999-0502 20 Feb 2003 9.8 (v3) Critical Pass Default Password (manager) for 'system' Account CVE-1999-0502 20 Feb 2003 9.8 (v3) Critical Pass Default Password (glftpd) for 'glftpd' Account CVE-1999-0502 20 Feb 2003 9.8 (v3) Critical Pass Unpassworded 'StoogR' Account CVE-1999-0502 20 Feb 2003 9.8 (v3) Critical 60

RELAYTO Penetration Test Results - Page 60

RELAYTO Penetration Test Results Page 59 Page 61