Pass ManageEngine ADManager Plus Default Credentials 02 Jun 2010 7.5 (v2) High Pass PRTG Traffic Grapher login.htm url Parameter XSS 10 Jun 2010 4.3 (v2) Medium Pass Apache Axis2 Default Credentials CVE-2010-0219 27 May 2010 7.5 (v2) High Pass Xerox WorkCentre Multiple Unspecified Vulnerabilities (XRX10-003) 21 Jun 2010 10 (v2) Critical Pass Palo Alto Networks PAN-OS 6.1.x / 7.0.x < 7.0.18 / 7.1.x < 7.1.12 / 8.0.x < 8.0.4 Network Time Protocol VulnerabilityCVE-2017-6460 14 Sep 2017 8.8 (v3) High Pass Apache Tomcat 3.x < 3.2.2 JSP Error Condition XSS CVE-2001-0829 02 Nov 2010 5.6 (v3) Medium Pass Super Simple Blog Script entry Parameter SQL Injection CVE-2009-2553 20 Oct 2010 7.5 (v2) High Pass Terminal Services Encryption Level is not FIPS-140 Compliant 11 Feb 2008 2.6 (v2) Low Pass Aruba Networks ClearPass Policy Manager 6.7.x < 6.7.13-HF / 6.8.x < 6.8.5-HF / 6.9.x < 6.9.1 Multiple Vulnerabilities (ARUBA-PSA-2020-005)CVE-2020-7115 CVE-2020-7116 CVE-2020-7117 17 Jul 2020 9.8 (v3) Critical Pass Cisco TelePresence CVE-2013-3377 Malformed SIP Packet Handling Remote DoS CVE-2013-3377 24 Jul 2013 7.8 (v2) High Pass Juniper Junos DoS Telnet Vulnerability (JSA10817) CVE-2017-10614 CVE-2017-10621 20 Oct 2017 7.5 (v3) High Pass Splunk 4.x < 4.1.3 404 Response XSS CVE-2010-2429 07 Jul 2010 4.3 (v2) Medium Pass Fake SMTP/FTP Server Detection (possible backdoor) 19 May 2008 10 (v2) Critical Pass CUPS Memory Information Disclosure CVE-2010-1748 14 Jul 2010 4.3 (v2) Medium Pass Juniper Junos BGP Update Vulnerability (JSA10820) CVE-2017-10618 20 Oct 2017 7.5 (v3) High Pass Apple iTunes < 12.4.2 Multiple Vulnerabilities (uncredentialed check) CVE-2016-1684 CVE-2016-1836 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 CVE-2016-4483 CVE-2016-4607 CVE-2016-4608 CVE-2016-4609 CVE-2016-4610 CVE-2016-4612 CVE-2016-4614 CVE-2016-4615 CVE-2016-4616 CVE-2016-461919 Jul 2016 9.8 (v3) Critical Pass CGI Generic Open Redirection 26 Jul 2010 4.3 (v2) Medium Pass HP Systems Insight Manager Multiple Products Authentication Bypass CVE-2010-3986 CVE-2010-4100 CVE-2010-4103 11 Nov 2010 7.5 (v2) High Pass vBulletin Database Credentials Information Disclosure 27 Jul 2010 5 (v2) Medium Pass Cisco IOS Software TFTP DoS (cisco-sa-20150722-tftp) CVE-2015-0681 30 Jul 2015 7.1 (v2) High Pass Wing FTP Server < 3.2.0 PORT Command DoS 02 Aug 2010 5 (v2) Medium Pass Wing FTP Server < 3.6.1 Multiple Flaws 02 Aug 2010 4 (v2) Medium Pass Juniper Junos DoS Vulnerability (JSA10821) CVE-2017-10619 20 Oct 2017 7.5 (v3) High Pass Oracle WebLogic Server Plug-in HTTP Injection CVE-2010-2375 29 Jul 2010 6.4 (v2) Medium Pass Juniper Junos bfdd RCE (JSA10690) CVE-2015-5362 04 Aug 2015 9.3 (v2) High Pass HP Power Manager < 4.3.2 CVE-2010-4113 16 Dec 2010 10 (v2) Critical Pass Xerver Double Slash Authentication Bypass 05 Aug 2010 7.5 (v2) High Pass Oracle BPM Process Administrator tips.jsp context Parameter XSS CVE-2010-2370 16 Aug 2010 4.3 (v2) Medium Pass BlackMoon FTP Server Denial of Service CVE-2011-0507 20 Jan 2011 5 (v2) Medium Pass Web Application Session Cookies Not Marked HttpOnly 25 Aug 2010 4.3 (v2) Medium Pass CGI Generic HTML Injections (quick test) 01 Sep 2010 4.3 (v2) Medium Pass Wing FTP Server < 3.6.6 DoS 01 Sep 2010 5 (v2) Medium Pass Open-Realty index.php select_users_lang Parameter Traversal Local File Inclusion 23 Aug 2010 7.5 (v2) High Pass Splunk Free Detection 01 Sep 2010 7.5 (v2) High Pass Web Application Session Cookies Not Marked Secure 14 Sep 2010 4.3 (v2) Medium Pass Majordomo 2 _list_file_get() Function Traversal Arbitrary File Access CVE-2011-0049 CVE-2011-0063 16 Feb 2011 5 (v2) Medium Pass Multiple Switch Vendors '__super' Account Backdoor 14 Sep 2010 8.8 (v3) High Pass OpenSSL 1.1.0 < 1.1.0a Multiple Vulnerabilities CVE-2016-6304 CVE-2016-6305 CVE-2016-6307 CVE-2016-6308 30 Sep 2016 7.5 (v3) High Pass Novell BorderManager Port 2000 Telnet DoS CVE-2000-0152 09 Feb 2000 5 (v2) Medium Pass Mura CMS Default Administrator Credentials 30 Sep 2010 7.5 (v2) High Pass Vtiger CRM graph.php Directory Traversal CVE-2009-3249 14 Mar 2011 7.5 (v2) High Pass Oracle WebLogic Server Servlet Container Session Fixation CVE-2010-4437 22 Mar 2011 5.8 (v2) Medium Pass Cisco Prime Collaboration Assurance Multiple Vulnerabilities (cisco-sa-20100217-csa) CVE-2015-4304 CVE-2015-4305 CVE-2015-4306 25 Sep 2015 9 (v2) High Pass Nagios XI < 2009R1.3C grab_request_var() Multiple XSS 06 Oct 2010 4.3 (v2) Medium Pass SSH with Kerberos NFS Share Ticket Disclosure CVE-2000-0575 16 Jul 2000 2.6 (v2) Low Pass VMware vCenter Multiple Vulnerabilities (VMSA-2015-0008) CVE-2015-3269 CVE-2015-5255 22 Dec 2015 5 (v2) Medium Pass DNS Server Recursive Query Cache Poisoning Weakness CVE-1999-0024 27 Oct 2000 5 (v2) Medium Pass Cisco Prime Collaboration Provisioning 9.0.x / 11.0.x < 11.1 Local Privilege Escalation (cisco-sa-20160209-pcp)CVE-2016-1320 09 Sep 2016 6.7 (v3) Medium Pass Apple iTunes < 10.2.2 Multiple Vulnerabilities (uncredentialed check) CVE-2011-1290 CVE-2011-1344 19 Apr 2011 9.3 (v2) High Pass WordPress fGallery 'fim_rss.php' 'album' Parameter SQL Injection CVE-2008-0491 28 Jan 2008 7.5 (v2) High Pass MS11-030: Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553) (remote check)CVE-2011-0657 21 Apr 2011 10 (v2) Critical Pass Cisco CatOS VACM read-write Community String Device Configuration Manipulation CVE-2004-1775 15 Jun 2001 10 (v2) Critical Pass 3Proxy HTTP Proxy Crafted Transparent Request Remote Overflow CVE-2007-2031 14 Feb 2008 7.5 (v2) High Pass SSH (SSF Derivative) Detection 12 Mar 2008 2.6 (v2) Low Pass OpenSSH < 3.0.2 Multiple Vulnerabilities CVE-2001-0872 CVE-2001-1029 10 Dec 2001 7.2 (v2) High Pass MiniWebsvr GET Request Traversal Arbitrary File Access 04 Mar 2008 5 (v2) Medium Pass pfSense < 2.3 Multiple Vulnerabilities (SA-16_01 - SA-16_02) CVE-2015-3197 CVE-2015-5300 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8139 CVE-2015-8140 CVE-2015-8158 CVE-2016-0702 CVE-2016-0703 CVE-2016-0704 CVE-2016-0705 CVE-2016-0777 CVE-2016-0778 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799 CVE-2016-0800 CVE-2016-1879 CVE-2016-1882 CVE-2016-1885 CVE-2016-1070931 Jan 2018 9.8 (v3) Critical Pass HP Intelligent Management Center TFTP Multiple Vulnerabilities CVE-2011-1849 CVE-2011-1851 CVE-2011-1852 CVE-2011-1853 07 Jun 2011 10 (v2) Critical Pass EMC Documentum eRoom Indexing Server Hummingbird Client Connector Buffer Overflow CVE-2011-1741 29 Jul 2011 10 (v2) Critical Pass Versant Connection Services Daemon Arbitrary Command Execution CVE-2008-1319 12 Mar 2008 10 (v2) Critical Pass VLC Media Player network/httpd.c httpd_FileCallBack Function Connection Parameter Format String CVE-2007-6682 21 Mar 2008 7.5 (v2) High Pass EMC AlphaStor Library Manager Remote Code Execution CVE-2008-2157 01 Jul 2008 10 (v2) Critical Pass Cisco NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability VCVE-2017-3883ulnerability 26 Oct 2017 8.6 (v3) High Pass Apache < 2.0.59 mod_rewrite LDAP Protocol URL Handling Overflow CVE-2006-3747 26 Mar 2008 7.3 (v3) High Pass Web Server Uses Non Random Session IDs 26 Mar 2008 5.4 (v3) Medium Pass Apache mod_jk2 Host Header Multiple Fields Remote Overflow CVE-2007-6258 04 Apr 2008 7.3 (v3) High Pass Malware Payload Code detection 11 Apr 2008 10 (v2) Critical Pass IPSwitch IMail SMTP Multiple Vulnerabilities (OF, DoS) CVE-2001-0039 CVE-2001-0494 05 Jun 2002 9.3 (v2) High Pass Jigsaw < 2.2.4 Unspecified URI Parsing Unspecified Vulnerability CVE-2004-2274 22 Feb 2004 7.5 (v2) High Pass ESXi 5.1 < Build 1900470 OpenSSL Library Multiple Vulnerabilities (remote check) CVE-2010-5298 CVE-2014-0198 CVE-2014-0224 CVE-2014-3470 24 Jun 2014 5.8 (v2) Medium Pass Novell eDirectory Host Environment Service (dhost.exe) HTTP Connection Header DoS CVE-2008-0927 16 Apr 2008 7.8 (v2) High Pass WS_FTP Server SITE CPWD Command Remote Overflow CVE-2002-0826 21 Aug 2002 7.5 (v2) High Pass WordPress index.php 'cat' Parameter Local File Inclusion CVE-2008-4769 29 Apr 2008 6.8 (v2) Medium Pass SSH Multiple Remote Vulnerabilities CVE-2002-1357 CVE-2002-1358 CVE-2002-1359 CVE-2002-1360 20 Dec 2002 5 (v2) Medium Pass WEBrick Encoded Traversal Arbitrary CGI Source Disclosure CVE-2008-1891 17 Apr 2008 5 (v2) Medium Pass Debian OpenSSH/OpenSSL Package Random Number Generator Weakness CVE-2008-0166 14 May 2008 10 (v2) Critical Pass Cloudera Manager < 4.8.3 / 5.x < 5.0.1 Information Disclosure CVE-2014-0220 26 Jun 2014 4 (v2) Medium Pass MySQL Enterprise Server 5.0 < 5.0.60 MyISAM CREATE TABLE Privilege Check Bypass CVE-2008-2079 09 May 2008 3.5 (v2) Low Pass CA BrightStor ARCserve Backup Multiple Vulnerabilities (QO92996) CVE-2008-2241 CVE-2008-2242 22 May 2008 10 (v2) Critical Pass SecurityGateway < 1.0.2 Administration Interface username Field Remote Overflow CVE-2008-4193 06 Jun 2008 10 (v2) Critical Pass Kismet Server Information Disclosure 25 Jun 2008 5 (v2) Medium Pass Lyris ListManager read/search/results words Parameter XSS CVE-2008-2923 18 Jun 2008 4.3 (v2) Medium Pass SurgeMail IMAP Service APPEND Command Remote DoS CVE-2008-2859 CVE-2008-7182 30 Jun 2008 4 (v2) Medium Pass Wordtrans-web exec_wordtrans Function Arbitrary Command Execution 02 Jul 2008 8.8 (v3) High Pass Palo Alto Networks PAN-OS 7.1.x < 7.1.15 / 8.0.x < 8.0.7 Multiple Vulnerabilities (ROBOT) CVE-2017-15941 CVE-2017-16878 CVE-2017-17841 18 Jan 2018 6.1 (v3) Medium Pass Generic Backdoor Detection (banner check) 20 Aug 2008 10 (v2) Critical Pass VMware vCenter Server Multiple Java Vulnerabilities (VMSA-2015-0003) (POODLE) CVE-2014-3566 CVE-2014-6549 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0400 CVE-2015-0403 CVE-2015-0406 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 CVE-2015-0413 CVE-2015-0421 CVE-2015-043701 May 2015 10 (v2) Critical Pass Mambo < 4.6.5 mos_user_template Local File Inclusion 11 Jul 2008 5.1 (v2) Medium Pass Aruba Networks ClearPass Policy Manager 6.7.x < 6.7.13 / 6.8.x < 6.8.4 Multiple Vulnerabilities (ARUBA-PSA-2020-004)CVE-2020-7110 CVE-2020-7111 CVE-2020-7113 CVE-2020-7114 01 May 2020 9.8 (v3) Critical Pass Apache 2.2.x < 2.2.13 APR apr_palloc Heap Overflow CVE-2009-2412 19 Jan 2012 9.8 (v3) Critical Pass Asterisk IAX2 FWDOWNL Request Spoofing Remote DoS CVE-2008-3264 24 Jul 2008 5 (v2) Medium Pass Asterisk IAX2 (IAX) POKE Request Saturation Resource Exhaustion Remote DoS CVE-2008-3263 25 Jul 2008 5 (v2) Medium Pass MySQL Enterprise Monitor < 2.3.17 Multiple Vulnerabilities CVE-2014-0050 CVE-2014-0094 CVE-2014-0112 CVE-2014-0113 CVE-2014-0116 08 May 2015 7.5 (v2) High Pass Macromedia ColdFusion MX CFIDE/probe.cfm Direct Request Path Disclosure CVE-2003-1469 30 Apr 2003 5 (v2) Medium Pass XAMPP Example Pages Detection 05 Aug 2008 7.5 (v2) High Pass Management Center for Cisco Security Agents Remote Code Execution (cisco-sa-20110216-csa) CVE-2011-0364 18 Sep 2013 10 (v2) Critical Pass PowerDNS Authoritative Server Malformed Query Cache Poisoning Weakness CVE-2008-3337 12 Aug 2008 7.1 (v2) High Pass MailScan WebAdministrator Cookie Authentication Bypass CVE-2008-3729 17 Aug 2008 7.5 (v2) High Pass HP Managed Printing Administration jobDelivery Script Directory Traversal (intrusive check) CVE-2011-4168 26 Jan 2012 5 (v2) Medium Pass MS Site Server < 3.0 formslogin.asp url Parameter XSS CVE-2002-2073 18 Aug 2008 4.3 (v2) Medium Pass OpenSSL 0.9.8 < 0.9.8zg Multiple Vulnerabilities CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 12 Jun 2015 6.8 (v2) Medium Pass Default Password (000000) for 'admin' on WIP5000 IP Phone 16 Sep 2008 10 (v2) Critical Pass MS Executable Detection 20 Aug 2008 10 (v2) Critical Pass Web Server Generic 3xx Redirect 18 Aug 2008 4.3 (v2) Medium Pass Microsoft Windows SMBv1 Multiple Vulnerabilities CVE-2017-0267 CVE-2017-0268 CVE-2017-0269 CVE-2017-0270 CVE-2017-0271 CVE-2017-0272 CVE-2017-0273 CVE-2017-0274 CVE-2017-0275 CVE-2017-0276 CVE-2017-0277 CVE-2017-0278 CVE-2017-0279 CVE-2017-028026 May 2017 8.1 (v3) High Pass Apache Unomi Detection. 14 Jan 2021 None Pass Apple iTunes < 8.0 Integer Buffer Overflow (uncredentialed check) CVE-2008-3636 10 Sep 2008 7.2 (v2) High Pass MySQL Enterprise Server 5.0 < 5.0.66 Empty Bit-String Literal Token SQL Statement DoS CVE-2008-3963 11 Sep 2008 4 (v2) Medium Pass Default Password (admin) for 'admin' Account CVE-1999-0502 04 Sep 2008 9.8 (v3) Critical Pass Novell PlateSpin Orchestrate Remote Code Execution 19 Oct 2010 10 (v2) Critical Pass Xerox WorkCentre Samba Overflow (XRX08-009) CVE-2008-1105 19 Sep 2008 7.6 (v2) High Pass ISC BIND 9 for Windows UDP Client Handler Remote DoS CVE-2008-4163 20 Sep 2008 5 (v2) Medium 4
RELAYTO Penetration Test Results Page 3 Page 5