Pass ManageEngine EventLog Analyzer 'agentHandler' Information Disclosure CVE-2014-6038 CVE-2014-6039 18 Feb 2015 5 (v2) Medium Pass Tivoli Storage Manager Server Unauthorized Access Vulnerability CVE-2012-5944 24 Feb 2015 4.6 (v2) Medium Pass PHP 5.4.x < 5.4.38 Multiple Vulnerabilities (GHOST) CVE-2014-9705 CVE-2015-0235 CVE-2015-0273 25 Feb 2015 9.8 (v3) Critical Pass PHP 5.5.x < 5.5.22 Multiple Vulnerabilities (GHOST) CVE-2014-9705 CVE-2015-0235 CVE-2015-0273 CVE-2015-2301 CVE-2015-8866 25 Feb 2015 9.8 (v3) Critical Pass SSH SHA-1 HMAC Algorithms Enabled (PCI DSS) 05 Apr 2022 3.7 (v3) Low Pass PHP 5.6.x < 5.6.6 Multiple Vulnerabilities (GHOST) CVE-2014-9705 CVE-2015-0235 CVE-2015-0273 CVE-2015-2301 CVE-2015-8866 25 Feb 2015 9.8 (v3) Critical Pass TYPO3 Anchor-only Links Remote Spoofing Vulnerability CVE-2014-9508 27 Feb 2015 4.7 (v3) Medium Pass Apache Tomcat 7.0.x < 7.0.57 Multiple Vulnerabilities (POODLE) CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-513905 Mar 2015 7.3 (v3) High Pass ManageEngine NetFlow Analyzer Multiple Path Traversal and File Access CVE-2014-5445 CVE-2014-5446 16 Mar 2015 5 (v2) Medium Pass Cisco TelePresence VCS / Expressway Series < 8.2 SDP Media Description Vulnerability CVE-2015-0652 19 Mar 2015 7.5 (v3) High Pass Cisco TelePresence VCS / Expressway Series < 7.2.4 / 8.1.2 / 8.2.2 Login Security Bypass Vulnerability CVE-2015-0653 20 Mar 2015 9.8 (v3) Critical Pass PHP 5.4.x < 5.4.39 Multiple Vulnerabilities CVE-2015-0231 CVE-2015-2305 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-4147 CVE-2015-4148 24 Mar 2015 9.8 (v3) Critical Pass PHP 5.5.x < 5.5.23 Multiple Vulnerabilities CVE-2015-0231 CVE-2015-2305 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-4147 CVE-2015-4148 24 Mar 2015 9.8 (v3) Critical Pass QNAP QTS / QuTS hero Information Disclosure (QSA-21-53) CVE-2021-34347 06 Apr 2022 7.5 (v3) High Pass SSL Certificate with no Common Name 06 Apr 2022 None Pass SSL Certificate with no Subject 06 Apr 2022 None Pass SSL/TLS Recommended Cipher Suites (PCI DSS) 06 Apr 2022 4.8 (v3) Medium Pass Oracle E-Business Multiple Vulnerabilities (October 2017 CPU) CVE-2017-3444 CVE-2017-3445 CVE-2017-3446 CVE-2017-10066 CVE-2017-10077 CVE-2017-10303 CVE-2017-10322 CVE-2017-10323 CVE-2017-10324 CVE-2017-10325 CVE-2017-10326 CVE-2017-10328 CVE-2017-10329 CVE-2017-10330 CVE-2017-10331 CVE-2017-10332 CVE-2017-10387 CVE-2017-10409 CVE-2017-10410 CVE-2017-10411 CVE-2017-10412 CVE-2017-10413 CVE-2017-10414 CVE-2017-10415 CVE-2017-10416 CVE-2017-1041720 Oct 2017 9.1 (v3) Critical Pass Apache 2.4.x < 2.4.39 Multiple Vulnerabilities CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0215 CVE-2019-0217 CVE-2019-0220 02 Apr 2019 7.8 (v3) High Pass pfSense Web Interface Detection 19 Jan 2018 None Pass Web Site Accepts Credit Card Data 06 Apr 2022 None Pass Web Site Accepts Credit Card Data over cleartext HTTP 06 Apr 2022 4.8 (v3) Medium Pass Nokia VitalQIP Web Client Detection 09 Feb 2018 None Pass HPE Moonshot Provisioning Manager Detection 29 Jan 2018 None Pass PHP 5.6.x < 5.6.7 Multiple Vulnerabilities CVE-2015-0231 CVE-2015-2305 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-4147 CVE-2015-4148 24 Mar 2015 9.8 (v3) Critical Pass Riverbed SteelHead CX WAN Traffic Manager Web UI Detection 26 Feb 2018 None Pass Oracle Enterprise Manager Database Express (EM Express) Detection 19 Mar 2018 None Pass IBM BigFix Compliance Detection 09 Jun 2017 None Pass HooToo TripMate Web Interface Detection 29 Jun 2017 None Pass Check_MK Server WebUI Detection 28 Jun 2017 None Pass GNU Bash Incomplete Fix Remote Code Injection (Shellshock) CVE-2014-6278 06 Apr 2015 9.8 (v3) Critical Pass Grandstream Phone Web Interface Detection 27 Sep 2017 None Pass Sonatype Nexus Repository Manager Detection 20 Jul 2016 None Pass QlikView Server Web UI Detection 23 Jun 2016 None Pass VMware vRealize Log Insight Web UI Detection 10 Aug 2016 None Pass SonicWALL Universal Management Suite Detection 15 Aug 2016 None Pass Symantec Protection Engine Detection 07 Sep 2016 None Pass EMC vApp Manager Detection 03 Nov 2016 None Pass Veritas NetBackup Appliance Web Console Detection 10 Nov 2016 None Pass Adobe Connect Detection 14 Nov 2016 None Pass IBM DB2 10.5 < Fix Pack 5 Multiple DoS Vulnerabilities CVE-2014-6209 CVE-2014-6210 CVE-2014-8901 16 Apr 2015 4.3 (v3) Medium Pass Accellion Secure File Transfer Appliance Detection 27 Jul 2015 None Pass Oracle iPlanet Web Server Detection 07 Aug 2015 None Pass Microsoft UDDI Services Detection 13 Aug 2015 None Pass IBM BigFix Web Reports Detection 18 Nov 2016 None Pass Schneider Electric InduSoft Web Studio < 7.1.3.5 Local Plaintext Password Information Disclosure (SEVD-2015-100-01)CVE-2015-1009 14 Aug 2015 1.7 (v2) Low Pass Advantech WebAccess < 7.0-2009.06.29 Multiple Vulnerabilities CVE-2011-4521 CVE-2011-4522 CVE-2011-4523 CVE-2011-4524 CVE-2011-4525 CVE-2011-4526 CVE-2012-0233 CVE-2012-0234 CVE-2012-0235 CVE-2012-0236 CVE-2012-0237 CVE-2012-0238 CVE-2012-0239 CVE-2012-0240 CVE-2012-0241 CVE-2012-0242 CVE-2012-0243 CVE-2012-0244 CVE-2012-123428 Aug 2015 10 (v2) Critical Pass Siemens SIMATIC S7-1200 PLC Web Server Detection 02 Mar 2015 None Pass Symantec Data Center Security Web Administration Interface Detection 26 Feb 2015 None Pass Loxone Smart Home Miniserver Web Server Version Detection 13 Mar 2015 None Pass WordPress Plugin 'Social Warfare' < 3.5.3 XSS CVE-2019-9978 07 Apr 2022 6.1 (v3) Medium Pass LiveZilla Detection 14 Dec 2013 None Pass QNAP QTS / QuTS hero Out-of-Bounds Read (QSA-21-40) CVE-2021-3712 07 Apr 2022 7.4 (v3) High Pass ManageEngine Access Manager Plus Detection 07 Apr 2022 None Pass Quantum vmPRO Web Administration Interface Detection 24 Mar 2014 None Pass QNAP QTS / QuTS hero Out-of-Bounds Read (QSA-21-27) CVE-2021-20254 07 Apr 2022 6.8 (v3) Medium Pass ManageEngine Access Manager Plus Authentication Bypass (CVE-2021-44676) CVE-2021-44676 07 Apr 2022 9.8 (v3) Critical Pass trixbox Web Detection 15 Apr 2014 None Pass Postfix Admin Detection 30 Apr 2014 None Pass VMware Horizon Workspace Detection 06 May 2014 None Pass QNAP QTS / QuTS hero Multiple Buffer Overflow Vulnerabilities (QSA-21-33) CVE-2021-28816 CVE-2021-34343 07 Apr 2022 8.8 (v3) High Pass McAfee VirusScan Enterprise for Linux User Interface Detection 03 May 2014 None Pass WebTitan Detect 18 Jul 2014 None Pass Symantec Data Insight Management Console Detection 03 Jul 2014 None Pass Foreman Smart-Proxy TFTP Detection 17 Jul 2014 None Pass HP Smart Update Manager Detection 24 Jul 2014 None Pass Barco ClickShare Device Detect 19 Aug 2014 None Pass Web Server Generic XSS CVE-2002-1060 CVE-2002-1700 CVE-2003-1543 CVE-2005-2453 CVE-2006-1681 CVE-2012-3382 30 Nov 2001 6.1 (v3) Medium Pass Oracle Enterprise Data Quality Dashboard Detection 30 Oct 2014 None Pass Oracle Enterprise Data Quality Director Detection 30 Oct 2014 None Pass Oracle Business Transaction Management Detection 31 Oct 2014 None Pass Goverlan Agent Remote Detection 12 Feb 2019 None Pass Citrix ADC and Citrix NetScaler Gateway Arbitrary Code Execution (CTX267027) CVE-2019-19781 24 Dec 2019 9.8 (v3) Critical Pass Trend Micro OfficeScan Multiple Vulnerabilities (000245571) CVE-2020-8467 CVE-2020-8468 CVE-2020-8470 CVE-2020-8598 CVE-2020-8599 18 Mar 2020 9.8 (v3) Critical Pass Citrix ADC and Citrix NetScaler Gateway Multiple Vulnerabilities (CTX276688) CVE-2019-18177 CVE-2020-8187 CVE-2020-8190 CVE-2020-8191 CVE-2020-8193 CVE-2020-8194 CVE-2020-8195 CVE-2020-8196 CVE-2020-8197 CVE-2020-8198 CVE-2020-819908 Jul 2020 8.8 (v3) High Pass MySQL Enterprise Monitor 3.4.x < 3.4.10 / 4.x < 4.0.7 / 8.x < 8.0.3 Multiple Vulnerabilities (Oct 2018 CPU)CVE-2018-1258 CVE-2018-8014 CVE-2018-11776 24 Jul 2020 9.8 (v3) Critical Pass HPE Edgeline Infrastructure Manager Authentication Bypass CVE-2020-7199 24 Feb 2021 9.8 (v3) Critical Pass Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path TCVE-2020-3452raversal (cisco-sa-asaftd-ro-path-KJuQhB86) 29 Jul 2020 7.5 (v3) High Pass Python Unsupported Version Detection 07 Apr 2021 10 (v3) Critical Pass Oracle E-Business Multiple Vulnerabilities (April 2018 CPU) CVE-2018-2804 CVE-2018-2864 CVE-2018-2865 CVE-2018-2866 CVE-2018-2867 CVE-2018-2868 CVE-2018-2869 CVE-2018-2870 CVE-2018-2871 CVE-2018-2872 CVE-2018-2873 CVE-2018-287420 Apr 2018 9.1 (v3) Critical Pass SonicWall Email Security 10.0.x < 10.0.9.6173 / 6177 Multiple Vulnerabilities CVE-2021-20021 CVE-2021-20022 CVE-2021-20023 28 Apr 2021 9.8 (v3) Critical Pass Juniper NSM < 2012.2R11 Multiple OpenSSL Vulnerabilities (JSA10679) (FREAK) CVE-2014-3569 CVE-2014-3570 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 21 Apr 2015 5 (v2) Medium Pass PHP 5.4.x < 5.4.40 Multiple Vulnerabilities CVE-2014-9709 CVE-2015-1352 CVE-2015-2301 CVE-2015-2783 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 CVE-2015-460523 Apr 2015 9.8 (v3) Critical Pass PHP 5.5.x < 5.5.24 Multiple Vulnerabilities CVE-2015-1351 CVE-2015-1352 CVE-2015-2783 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 CVE-2015-460523 Apr 2015 9.8 (v3) Critical Pass PCI DSS Compliance : Point-of-Sale (POS) Software Using Default Credentials 07 Apr 2022 4.8 (v3) Medium Pass PHP 5.6.x < 5.6.8 Multiple Vulnerabilities CVE-2015-1351 CVE-2015-1352 CVE-2015-2783 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 CVE-2015-460523 Apr 2015 9.8 (v3) Critical Pass Magento Mage_Adminhtml_Block_Report_Search_Grid Class 'popularity' Parameter SQLi CVE-2015-1397 11 May 2015 6.5 (v2) Medium Pass Magento XML-RPC XXE Arbitrary File Disclosure CVE-2012-6091 12 May 2015 5 (v2) Medium Pass EMC AutoStart < 5.5.0 HF4 ftAgent Remote Code Execution CVE-2015-0538 14 May 2015 9.3 (v2) High Pass GPON ONT Home Gateway Router is vulnerable to authenticated remote command execution (CVE-2018-10562)CVE-2018-10562 19 Dec 2018 9.8 (v3) Critical Pass PHP 7.1.x < 7.1.26 Multiple vulnerabilities. CVE-2016-10166 CVE-2018-19935 CVE-2019-6977 CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 31 Jan 2019 9.8 (v3) Critical Pass PHP 7.1.x < 7.1.11 Multiple Vulnerabilities CVE-2016-1283 CVE-2017-16642 16 Nov 2017 9.8 (v3) Critical Pass Cisco TelePresence VCS / Expressway < 8.8.2 Received Packet Parser DoS CVE-2017-3790 22 Feb 2017 8.6 (v3) High Pass PowerFolder Java Object Deserialization RCE 24 Jun 2016 10 (v2) Critical Pass Default Password 'xc3511' for 'root' Account CVE-1999-0502 CVE-2016-1000245 28 Oct 2016 9.8 (v3) Critical Pass PHP 5.5.x < 5.5.11 awk Magic Parsing BEGIN DoS CVE-2013-7345 08 Apr 2014 5 (v2) Medium Pass IBM Domino 8.5.x < 8.5.3 Fix Pack 5 Interim Fix 1 iNotes Buffer Overflow CVE-2013-4068 28 May 2014 7.1 (v2) High Pass PHP 5.3.x < 5.3.15 Multiple Vulnerabilities CVE-2012-2688 CVE-2012-3365 20 Jul 2012 10 (v2) Critical Pass PHP 5.3.x < 5.3.29 Multiple Vulnerabilities CVE-2013-6712 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3981 CVE-2014-4049 CVE-2014-472120 Aug 2014 7.3 (v3) High Pass eLouai's Force Download Script file Parameter File Disclosure 08 Nov 2010 5 (v2) Medium Pass Default Password (merlin) for 'mg3500' Account CVE-1999-0502 CVE-2010-4233 15 Nov 2010 9.8 (v3) Critical Pass HP Intelligent Management Center Multiple Vulnerabilities CVE-2011-1848 CVE-2011-1849 CVE-2011-1850 CVE-2011-1851 CVE-2011-1852 CVE-2011-1853 CVE-2011-1854 08 Jun 2011 10 (v2) Critical Pass Milter Detection 26 Jan 2008 None Pass DNN (DotNetNuke) Language Flag Selector Culture XSS 21 May 2013 4.3 (v2) Medium Pass HP Data Protector Local Privilege Escalation CVE-2012-5220 24 Jun 2013 7.2 (v2) High Pass Acajoom Component for Joomla! 'mailingid' Parameter SQLi CVE-2008-1427 19 Mar 2008 7.3 (v3) High Pass SmarterMail Subject Field XSS CVE-2008-0872 07 Apr 2008 4.3 (v2) Medium Pass dotCMS search-results.dot search_query Parameter XSS CVE-2008-2397 04 Jun 2008 4.3 (v2) Medium Pass Adobe Flex 3 History Management historyFrame.html XSS CVE-2008-2640 18 Jun 2008 4.3 (v2) Medium Pass Sun GlassFish Enterprise < 2.1 Patch 02 Denial of Service 09 Jun 2009 2.1 (v2) Low Pass CGI Generic Path Traversal 19 Jun 2009 5.3 (v3) Medium Pass Basic Analysis and Security Engine Authentication Check 26 Jun 2009 5 (v2) Medium 50
RELAYTO Penetration Test Results Page 49 Page 51