RELAYTO Penetration Test Results (33/101)

Pass paNews comment.php showpost Parameter XSS CVE-2005-0485 16 Feb 2005 4.3 (v2) Medium Pass Juniper Junos OS Vulnerability (JSA69494) CVE-2022-22186 16 May 2022 6.5 (v3) Medium Pass UBB.threads editpost.php Number Parameter SQL Injection CVE-2005-0726 12 Mar 2005 7.5 (v2) High Pass Zeroboard < 4.1pl6 Multiple XSS CVE-2005-0495 23 Feb 2005 4.3 (v2) Medium Pass ASP PortalApp Multiple SQL Injection CVE-2005-0948 CVE-2005-0949 30 Mar 2005 7.5 (v2) High Pass MaxWebPortal <= 1.33 Multiple Vulnerabilities CVE-2005-1016 CVE-2005-1017 CVE-2005-1417 02 Apr 2005 7.5 (v2) High Pass Matt Wright FormHandler.cgi Arbitrary File Access CVE-1999-1050 13 Dec 1999 5.3 (v3) Medium Pass Microsoft IIS idq.dll Traversal Arbitrary File Access CVE-2000-0126 08 Feb 2000 5 (v2) Medium Pass Juniper Junos OS FPC Crash (JSA11229) CVE-2021-31367 18 May 2022 6.5 (v3) Medium Pass XAMPP < 1.4.14 Multiple Vulnerabilities CVE-2005-1077 CVE-2005-1078 CVE-2005-2043 13 Apr 2005 5.1 (v2) Medium Pass Lyris ListManager Multiple XSS 25 Sep 2009 4.3 (v2) Medium Pass PHP < 4.3.11 / 5.0.3 Multiple Unspeciﬁed Vulnerabilities 13 Apr 2005 7.5 (v2) High Pass RSA Security RSA Authentication Agent For Web For IIS XSS CVE-2005-1118 09 May 2005 4.3 (v2) Medium Pass NETFile FTP/Web Server Directory Traversal Arbitrary File Access 14 May 2005 6 (v2) Medium Pass OpenBB < 1.0.9 Multiple Vulnerabilities CVE-2005-1612 CVE-2005-1613 14 May 2005 7.5 (v2) High Pass GitLab 8.12 < 14.8.6 / 14.9.x < 14.9.4 / 14.10.x < 14.10.1 Information Disclosure CVE-2022-1406 18 May 2022 6.5 (v3) Medium Pass mvnForum Search Parameter XSS CVE-2005-1183 23 May 2005 4.3 (v2) Medium Pass Episodex Guestbook Multiple Vulnerabilities (Auth Bypass, XSS) CVE-2005-1684 CVE-2005-1685 24 May 2005 7.5 (v2) High Pass Listserv < 14.3-2005a Multiple Vulnerabilities CVE-2005-1773 27 May 2005 7.5 (v2) High Pass Exhibit Engine list.php Multiple Parameter SQL Injection CVE-2005-1875 06 Jun 2005 7.5 (v2) High Pass ProductCart Multiple Scripts SQL Injection CVE-2005-1967 CVE-2005-2445 08 Jun 2005 7.5 (v2) High Pass Jinzora Multiple Script include_path Parameter Remote File Inclusion (2) CVE-2005-2249 08 Jul 2005 6.8 (v2) Medium Pass JBoss org.jboss.web.WebServer Class Multiple Vulnerabilities (Source Disc, ID) CVE-2005-2006 CVE-2006-0656 18 Jun 2005 5 (v2) Medium Pass i-Gallery <= 3.3 Multiple Vulnerabilities CVE-2005-2033 CVE-2005-2034 21 Jun 2005 5 (v2) Medium Pass webadmin.php show Parameter Arbitrary File Access 29 Jun 2005 7.8 (v2) High Pass WebCalendar assistant_edit.php Unauthorized Access CVE-2005-2320 28 Jun 2005 7.5 (v2) High Pass Juniper Junos OS Evolved DoS (JSA69516) CVE-2022-22183 18 May 2022 7.5 (v3) High Pass Mailreader 2.3.30 - 2.3.31 Multiple Vulnerabilities CVE-2002-1581 CVE-2002-1582 26 Jun 2003 5 (v2) Medium Pass Atomic Photo Album apa_phpinclude.inc.php apa_module_basedir Parameter Remote File Inclusion CVE-2005-2413 25 Jul 2005 7.5 (v2) High Pass Checkbox Survey 6.12 <= 6.18 RCE CVE-2021-27852 18 May 2022 9.8 (v3) Critical Pass Advanced Guestbook User-Agent Header HTML Injection 27 Jul 2005 4.3 (v2) Medium Pass VMware Workspace One Access / VMware Identity Manager Multiple Vulnerabilities (VMSA-2022-0014) CVE-2022-22972 CVE-2022-22973 18 May 2022 9.8 (v3) Critical Pass SysCP < 1.2.11 Multiple Script Command Execution Vulnerabilities CVE-2005-2568 CVE-2005-2567 10 Aug 2005 7.5 (v2) High Pass PHP Surveyor Multiple Vulnerabilities CVE-2005-2380 CVE-2005-2381 CVE-2005-2398 CVE-2005-2399 24 Aug 2005 7.5 (v2) High Pass PHP 5.6.x < 5.6.4 'process_nested_data' RCE CVE-2014-8142 02 Jan 2015 7.5 (v2) High Pass phpLDAPadmin Anonymous Bind Security Bypass Vulnerability CVE-2005-2654 31 Aug 2005 4.3 (v2) Medium Pass PBLang < 4.66z Multiple Vulnerabilities 08 Sep 2005 7.5 (v2) High Pass Microsoft IIS Translate f: ASP/ASA Source Disclosure (IIS 5.1) CVE-2000-0778 08 Sep 2005 5 (v2) Medium Pass Sendcard sendcard.php id Parameter SQL Injection CVE-2005-2404 19 Sep 2005 7.5 (v2) High Pass Truegalerie admin.php loggedin Parameter Admin Authentication Bypass CVE-2003-1488 06 May 2003 6.8 (v2) Medium Pass Cisco IOS Software Web Services DoS (cisco-sa-http-dos-svOdkdBS) CVE-2022-20697 19 May 2022 8.6 (v3) High Pass Winmail Server <= 4.2 Build 0824 Multiple Vulnerabilities CVE-2005-3692 CVE-2005-3811 20 Nov 2005 5 (v2) Medium Pass IBM WebSphere Application Server Liberty 17.0.0.3 < 22.0.0.5 Identity Spooﬁng (6586734) CVE-2022-22475 19 May 2022 6.5 (v3) Medium Pass Apple iTunes < 12.12.4 Multiple Vulnerabilities (uncredentialed check) CVE-2022-26711 CVE-2022-26717 CVE-2022-26751 CVE-2022-26773 CVE-2022-26774 19 May 2022 9.8 (v3) Critical Pass Open WebMail vacation.pl Arbitrary Command Execution CVE-2004-2284 06 Jul 2004 7.5 (v2) High Pass AppServ appserv/main.php appserv_root Parameter Remote File Inclusion CVE-2006-0125 10 Jan 2006 5 (v2) Medium Pass Listserv < 14.5 Multiple Buﬀer Overﬂows CVE-2006-1044 06 Mar 2006 7.5 (v2) High Pass NeoMail Session ID Weakness neomail-prefs.pl Arbitrary Mail-folder Manipulation CVE-2006-0711 16 Feb 2006 5 (v2) Medium Pass ArGoSoft Mail Server Pro Webmail viewheaders Multiple Field XSS CVE-2006-0978 28 Feb 2006 4.3 (v2) Medium Pass CuteNews inc/function.php archive Parameter Arbitrary File Access CVE-2006-1339 22 Mar 2006 5 (v2) Medium Pass Citrix NetScaler Unspeciﬁed Remote Code Execution (CTX200206) CVE-2014-7140 06 Nov 2014 7.5 (v2) High Pass Winmail Server Webmail Unspeciﬁed Vulnerability CVE-2006-1250 14 Apr 2006 10 (v2) Critical Pass Simple PHP Blog install05.php blog_language Parameter Local File Inclusion CVE-2006-1243 15 Mar 2006 7.5 (v2) High Pass IBM Rational License Key Server Administration and Reporting Tool 8.1.4.x < 8.1.4.4 Multiple VulnerabilitiesCVE-2014-0909 CVE-2014-3079 CVE-2014-4756 16 Sep 2014 5 (v2) Medium Pass Symantec AntiVirus Scan Engine Web Interface Multiple Remote Vulnerabilities CVE-2006-0230 CVE-2006-0231 CVE-2006-0232 24 Apr 2006 10 (v2) Critical Pass Ruby on Rails Routing Code URL Code Evaluation DoS CVE-2006-4112 14 Aug 2006 7.5 (v2) High Pass WEBalbum skin2 Cookie Parameter Traversal Local File Inclusion CVE-2006-1480 03 May 2006 5.1 (v2) Medium Pass phpMyAgenda rootagenda Parameter File Include Vulnerability CVE-2006-2009 03 May 2006 7.5 (v2) High Pass SugarCRM <= 4.2.0a Multiple Script sugarEntry Parameter Remote File Inclusion CVE-2006-2460 16 May 2006 6.4 (v2) Medium Pass ManageEngine PAM360 REST API Restriction Bypass (CVE-2022-29081) CVE-2022-29081 23 May 2022 9.8 (v3) Critical Pass Jenkins Enterprise and Operations Center 2.277.x < 2.277.43.0.8 / 2.303.x < 2.303.30.0.7 / 2.332.1.5 Multiple VCVE-2022-27195 CVE-2022-27196 CVE-2022-27197 CVE-2022-27198 CVE-2022-27199 CVE-2022-27200 CVE-2022-27201 CVE-2022-27202 CVE-2022-27203 CVE-2022-27204 CVE-2022-27205 CVE-2022-27206 CVE-2022-27207 CVE-2022-27208 CVE-2022-27209 CVE-2022-27210 CVE-2022-27211 CVE-2022-27212 CVE-2022-27213 CVE-2022-27214 CVE-2022-27215 CVE-2022-27216 CVE-2022-27217 CVE-2022-27218ulnerabilities (CloudBees Security Advisory 2022-03-15) 23 May 2022 8.8 (v3) High Pass BDPDT for DotNetNuke (.net nuke) uploadﬁlepopup.aspx File Upload Privilege Escalation CVE-2006-3601 23 Jun 2006 10 (v2) Critical Pass Synology DiskStation Manager uistrings.cgi lang Parameter Directory Traversal 05 Feb 2014 5 (v2) Medium Pass Easy Address Book Web Server Query Remote Format String CVE-2006-4654 05 Sep 2006 5.1 (v2) Medium Pass Splunk Enterprise 6.0.x < 6.0.7 Multiple Vulnerabilities (POODLE) CVE-2014-3566 CVE-2014-3567 CVE-2014-5466 04 Dec 2014 4.3 (v2) Medium Pass Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.13 / 2.332.3.4 Multiple Vulnerabilities (CloudBees Security Advisory 2022-05-17)CVE-2022-30945 CVE-2022-30946 CVE-2022-30947 CVE-2022-30948 CVE-2022-30949 CVE-2022-30950 CVE-2022-30951 CVE-2022-30952 CVE-2022-30953 CVE-2022-30954 CVE-2022-30955 CVE-2022-30956 CVE-2022-30957 CVE-2022-30958 CVE-2022-30959 CVE-2022-30960 CVE-2022-30961 CVE-2022-30962 CVE-2022-30963 CVE-2022-30964 CVE-2022-30965 CVE-2022-30966 CVE-2022-30967 CVE-2022-30968 CVE-2022-30969 CVE-2022-30970 CVE-2022-30971 CVE-2022-3097224 May 2022 10 (v3) Critical Pass Apache 2.4.x < 2.4.52 mod_lua Buﬀer Overﬂow CVE-2021-44790 24 May 2022 9.8 (v3) Critical Pass SWAT Unauthenticated Access (Demo Mode) 05 Oct 2007 7.5 (v2) High Pass CuteNews 1.4.5 Multiple Script XSS 07 Dec 2006 4.3 (v2) Medium Pass ColdFusion MX Null Byte Tag XSS Protection Bypass CVE-2006-6483 06 Feb 2007 4.3 (v2) Medium Pass Openﬁre Admin Console Remote Privilege Escalation CVE-2007-2975 29 May 2007 7.5 (v2) High Pass Kaspersky Anti-Spam Control Center Web Conﬁg aslic_status.cgi Directory Listing CVE-2007-3502 29 Jun 2007 7.5 (v2) High Pass Adobe Connect Enterprise Server Information Disclosure CVE-2007-4651 12 Sep 2007 5 (v2) Medium Pass Apache Tomcat Sample App cal2.jsp 'time' Parameter XSS (CVE-2006-7196) CVE-2006-7196 24 Sep 2007 5.3 (v3) Medium Pass Calendar Express Multiple Vulnerabilities (SQLi, XSS) CVE-2007-3627 19 Sep 2005 7.5 (v2) High Pass HP OpenView Client Conﬁguration Manager Default Credentials 07 Nov 2007 7.5 (v2) High Pass Web Server Malicious JavaScript Link Detection 08 Jan 2008 10 (v2) Critical Pass phpBB up.php Arbitrary File Upload CVE-2005-1047 11 Apr 2005 7.5 (v2) High Pass McAfee Web Gateway < 7.1.0.5 / 7.1.5.2 XSS 18 Jun 2014 4.3 (v2) Medium Pass Monkey HTTP Daemon (monkeyd) < 0.9.1 Multiple Vulnerabilities CVE-2005-1122 CVE-2005-1123 15 Apr 2005 7.5 (v2) High Pass Blue Coat ProxyAV 3.5.1.1 - 3.5.1.6 Heartbeat Information Disclosure (Heartbleed) CVE-2014-0160 16 May 2014 7.5 (v3) High Pass Western Digital ShareSpace WEB GUI Information Disclosure 18 Jul 2012 5 (v2) Medium Pass SquidClamav clwarn.cgi url Parameter XSS CVE-2012-4667 10 Sep 2012 4.3 (v2) Medium Pass SolarWinds Log and Event Manager < 6.2.0 Multiple Remote Command Execution Vulnerabilities CVE-2015-7839 CVE-2015-7840 19 Oct 2015 7.5 (v2) High Pass Foscam 11.37.2.x < 11.37.2.49 Directory Traversal CVE-2013-2560 24 Mar 2013 7.8 (v2) High Pass Puppet 2.7.x / 3.2.x < 2.7.23 / 3.2.4 and Enterprise 2.8.x / 3.0.x < 2.8.3 / 3.0.1 Multiple Vulnerabilities CVE-2013-4761 CVE-2013-4956 28 Oct 2013 5.1 (v2) Medium Pass IBM WebSphere Portal Dojo Module Arbitrary File Download CVE-2012-4834 29 Nov 2012 5 (v2) Medium Pass Informix SQL Web DataBlade Module Traversal Arbitrary File Access CVE-2001-0924 25 Nov 2001 5 (v2) Medium Pass Dell KACE K1000 < 5.5 Multiple SQL Injection Vulnerabilities CVE-2014-1671 07 Feb 2014 6.5 (v2) Medium Pass Participants Database Plugin for WordPress < 1.5.4.9 'query' Parameter SQL Injection CVE-2014-3961 16 Jun 2014 7.5 (v2) High Pass Adobe ColdFusion HTTP Response Splitting (APSB12-15) CVE-2012-2041 26 Jun 2012 4.3 (v2) Medium Pass HP Smart Update Manager 6.x < 6.4.1 Multiple Vulnerabilities CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-2608 CVE-2014-3470 24 Jul 2014 6.8 (v2) Medium Pass SolarWinds Log and Event Manager < 6.0.1 HyperSQL Remote Code Execution CVE-2014-5504 07 Nov 2014 7.5 (v2) High Pass Cisco IOS XR Software Health Check Open Port (cisco-sa-iosxr-redis-ABJyE5xK) CVE-2022-20821 26 May 2022 6.5 (v3) Medium Pass Moodle Multiple XSS CVE-2014-3548 CVE-2014-3551 30 Sep 2014 4.3 (v2) Medium Pass Oracle GlassFish Server Administration Console GET Request Authentication Bypass CVE-2011-0807 17 Aug 2011 10 (v3) Critical Pass Forums Plugin for WordPress 'url' Parameter Arbitrary File Disclosure CVE-2012-4920 25 Jan 2013 5.3 (v3) Medium Pass Symantec Web Gateway < 5.1.1 Multiple Vulnerabilities (SYM13-008) CVE-2013-1616 CVE-2013-1617 CVE-2013-4670 CVE-2013-4671 CVE-2013-4672 CVE-2013-4673 01 Aug 2013 8.3 (v2) High Pass PHP 5.3.x < 5.3.22 Multiple Vulnerabilities CVE-2013-1635 CVE-2013-1643 04 Mar 2013 7.5 (v2) High Pass Splunk Enterprise 5.0.x < 5.0.10 / 6.1.x < 6.1.4 Multiple Vulnerabilities CVE-2014-3511 CVE-2014-8301 CVE-2014-8302 CVE-2014-8303 04 Dec 2014 4.3 (v2) Medium Pass MySQL Enterprise Monitor 3.0.x < 3.0.11 Multiple Vulnerabilities CVE-2014-0050 CVE-2014-0094 CVE-2014-0112 CVE-2014-0113 CVE-2014-0116 08 May 2015 7.5 (v2) High Pass HP Power Manager < 4.2.10 CVE-2009-2685 CVE-2009-3999 CVE-2009-4000 21 Jan 2010 10 (v2) Critical Pass phpMyAdmin 3.4.x < 3.4.10.1 XSS (PMASA-2012-1) CVE-2012-1190 22 Feb 2012 4.3 (v2) Medium Pass Cisco Expressway Series / TelePresence VCS Multiple Vulnerabilities (cisco-sa-expressway-ﬁlewrite-bsFVwueV)CVE-2022-20806 CVE-2022-20807 CVE-2022-20809 27 May 2022 5.5 (v3) Medium Pass Tenable Nessus 10.x < 10.2.0 Third-Party Vulnerabilities (TNS-2022-11) CVE-2018-25032 CVE-2021-41182 CVE-2021-41183 CVE-2021-41184 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-2531527 May 2022 9.8 (v3) Critical Pass Apache Tomcat Implicit Objects XSS CVE-2006-7195 09 Jul 2010 5.3 (v3) Medium Pass SandSurfer < 1.7.1 XSS CVE-2004-2550 04 Mar 2004 4.3 (v2) Medium Pass GIT gitweb git_snapshot / git_object Shell Metacharacter Arbitrary Command Execution CVE-2008-5517 21 Feb 2010 7.5 (v2) High Pass TikiWiki < 1.8.2 Multiple Input Validation Vulnerabilities CVE-2004-1923 CVE-2004-1924 CVE-2004-1925 CVE-2004-1926 CVE-2004-1927 CVE-2004-1928 24 Aug 2004 7.5 (v2) High Pass MyDMS < 1.4.3 Multiple Vulnerabilities CVE-2004-1732 CVE-2004-1733 22 Aug 2004 7.5 (v2) High Pass Apache Tomcat allowLinking UTF-8 Traversal Arbitrary File Access CVE-2008-2938 12 Aug 2008 5.3 (v3) Medium Pass Home Free search.cgi Traversal Arbitrary File Access CVE-2000-0054 09 Jan 2000 5 (v2) Medium 33

RELAYTO Penetration Test Results - Page 33

RELAYTO Penetration Test Results Page 32 Page 34