Pass Juniper Junos Multiple Python Privilege Escalation (JSA10695) CVE-2014-6448 26 Oct 2015 7.2 (v2) High Pass ASUSTOR Data Master < 3.1.3 Multiple Vulnerabilities CVE-2018-12313 24 Jul 2018 9.8 (v3) Critical Pass OpenSSL 1.1.0 < 1.1.0i Multiple Vulnerabilities CVE-2018-0732 CVE-2018-0737 CVE-2018-5407 27 Aug 2018 5.9 (v3) Medium Pass OpenSSL 1.0.x < 1.0.2p Multiple Vulnerabilities CVE-2018-0732 CVE-2018-0737 27 Aug 2018 5.9 (v3) Medium Pass PHP < 5.6.37 or 7.2.x < 7.2.8 Multiple Vulnerabilities (Deprecated) CVE-2018-14883 CVE-2018-14851 CVE-2018-15132 07 Sep 2018 7.5 (v3) High Pass DNN (DotNetNuke) 5.0.0 < 9.2.2 Multiple Vulnerabilities 02 Oct 2018 6.3 (v3) Medium Pass Quest DR Series Appliance Web Default Administrator Credentials 08 Mar 2018 8.6 (v3) High Pass Apple TV < 12.1 Multiple Vulnerabilities CVE-2018-4368 CVE-2018-4369 CVE-2018-4371 CVE-2018-4372 CVE-2018-4378 CVE-2018-4382 CVE-2018-4386 CVE-2018-4392 CVE-2018-4394 CVE-2018-4398 CVE-2018-4409 CVE-2018-4413 CVE-2018-4416 CVE-2018-4419 CVE-2018-442002 Nov 2018 8.8 (v3) High Pass Atmail Webmail 6.x < 6.6.4 / 7.x < 7.1.2 Multiple Vulnerabilities CVE-2013-5031 CVE-2013-5032 CVE-2013-5033 CVE-2013-5034 18 Apr 2014 10 (v2) Critical Pass Juniper Junos IGMPv3 Protocol Multicast DoS (JSA10714) CVE-2016-1256 22 Jan 2016 5 (v2) Medium Pass Silver Peak VX Default Credentials 25 Sep 2014 10 (v2) Critical Pass OpenSSL < 0.9.8p / 1.0.0b Buffer Overflow CVE-2010-3864 04 Jan 2012 7.6 (v2) High Pass Cisco Video Surveillance Manager Appliance Default Password Vulnerability(cisco-sa-20180921-vsm) CVE-2018-15427 15 Feb 2019 9.8 (v3) Critical Pass nginx HTTP Server Detection 26 Jan 2018 None Pass Jinzora Multiple Script include_path Parameter Remote File Inclusion CVE-2006-6770 02 Jan 2007 6.8 (v2) Medium Pass PHP 7.1.x < 7.1.22 Transfer-Encoding Parameter XSS Vulnerability CVE-2018-17082 14 Sep 2018 6.1 (v3) Medium Pass CA BrightStor ARCserve Backup for Laptops & Desktops Server Multiple Vulnerabilities (QO83833) CVE-2007-0449 CVE-2007-0672 CVE-2007-0673 26 Jan 2007 10 (v2) Critical Pass EMC RSA Authentication Manager < 8.4 Relative Path Traversal (DSA-2018-226) CVE-2018-15782 17 Jan 2019 7.8 (v3) High Pass Juniper Junos IPv6 Packet Handling mbuf Chain Corruption DoS (JSA10699) CVE-2014-6450 21 Oct 2015 7.8 (v2) High Pass Juniper Junos SRX5000-series J-Web DoS (JSA10700) CVE-2014-6451 21 Oct 2015 7.8 (v2) High Pass Palo Alto Networks PAN-OS API Key Persistence Security Bypass (PAN-SA-2015-0006) 17 Nov 2015 5.1 (v2) Medium Pass WordPress Plugin 'AMP for WP - Accelerated Mobile Pages' < 0.9.97.20 Multiple Vulnerabilities 15 Nov 2018 6.3 (v3) Medium Pass Juniper Junos TKEY Query Handling DoS (JSA10718) CVE-2015-5477 22 Jan 2016 7.8 (v2) High Pass Cisco IOS Multiple OpenSSL Vulnerabilities (CSCup22590) CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 26 Feb 2016 6.8 (v2) Medium Pass JQuery Detection 07 Feb 2018 None Pass OpenSSL 1.0.x < 1.0.2o Multiple Vulnerabilities CVE-2018-0739 21 May 2018 6.5 (v3) Medium Pass Elasticsearch Unrestricted Access Information Disclosure 23 Jun 2017 5.3 (v3) Medium Pass Oracle GlassFish Server 3.0.1.x < 3.0.1.17 / 3.1.2.x < 3.1.2.18 (October 2017 CPU) CVE-2016-3092 CVE-2017-10385 CVE-2017-10391 CVE-2017-10393 CVE-2017-10400 19 Oct 2017 7.3 (v3) High Pass Cisco Data Center Network Manager Privilege Escalation (cisco-sa-dcnm-privescal-zxfCH7Dg) CVE-2020-3380 28 Jul 2020 7.8 (v3) High Pass EMC Documentum D2 < 4.6 Insufficient ACL Remote Object Manipulation (ESA-2016-034) CVE-2016-0888 08 Apr 2016 8.8 (v3) High Pass LabVIEW Web Server HTTP Get Newline DoS CVE-2002-0748 06 Aug 2002 5 (v2) Medium Pass GIT gitweb git_search Shell Metacharacter Arbitrary Command Execution CVE-2008-5516 08 Apr 2011 7.5 (v2) High Pass ESXi 5.0 < Build 1022489 Multiple Vulnerabilities (remote check) CVE-2011-3102 CVE-2012-2807 CVE-2012-5134 CVE-2013-3519 13 Nov 2013 7.9 (v2) High Pass ESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check) CVE-2009-5029 CVE-2009-5064 CVE-2010-0830 CVE-2011-1089 CVE-2011-1202 CVE-2011-3102 CVE-2011-3970 CVE-2011-4609 CVE-2012-0864 CVE-2012-2807 CVE-2012-2825 CVE-2012-2870 CVE-2012-2871 CVE-2012-3404 CVE-2012-3405 CVE-2012-3406 CVE-2012-3480 CVE-2012-5134 CVE-2013-597313 Nov 2013 6.9 (v2) Medium Pass Cisco Data Center Network Manager Multiple Vulnerabilities (Aug 2020) CVE-2020-3521 CVE-2020-3538 CVE-2020-3539 25 Aug 2020 6.5 (v3) Medium Pass Web Application Potentially Vulnerable to Clickjacking 22 Aug 2015 4.3 (v2) Medium Pass Elasticsearch ESA-2018-16 CVE-2018-17244 07 Nov 2018 6.5 (v3) Medium Pass ESXi 6.5 / 6.7 / 7.0 DoS (VMSA-2020-0018) CVE-2020-3976 28 Aug 2020 5.3 (v3) Medium Pass IBM Tivoli SecureWay WebSEAL Proxy Policy Director Encoded URL DoS CVE-2001-1191 18 Aug 2002 5 (v2) Medium Pass Darwin Streaming Server < 5.5.5 Multiple RCE Vulnerabilities CVE-2007-0748 CVE-2007-0749 14 May 2007 10 (v2) Critical Pass OpenNMS Java Object Deserialization RCE 10 Dec 2015 10 (v2) Critical Pass Hashicorp Consul Web UI and API access 26 Jul 2018 8.8 (v3) High Pass VMware ESX / ESXi Unsupported Version Detection 02 Dec 2011 10 (v3) Critical Pass ESXi 6.5 < Build 5224529 Multiple Vulnerabilities (VMSA-2017-0006) (remote check) CVE-2017-4903 CVE-2017-4904 CVE-2017-4905 31 Mar 2017 8.8 (v3) High Pass Silex USB Device Server Web Configuration Page Empty Password 07 Mar 2014 10 (v2) Critical Pass Cisco NX-OS Software CLI Arbitrary Command Injection (cisco-sa-20180620-nx-os-cli-injection) CVE-2018-0307 14 Jul 2020 7.8 (v3) High Pass NFS portmapper localhost Mount Request Restricted Host Access CVE-1999-0168 12 Mar 2003 7.5 (v2) High Pass HP OfficeJet Printer Security Bypass (HPSBPI03107) CVE-2014-0224 09 Oct 2014 5.6 (v3) Medium Pass ARRIS Touchstone DG950A SNMP Information Disclosure (CVE-2014-4863) CVE-2014-4863 07 Nov 2014 5 (v2) Medium Pass Oracle iPlanet Web Server 7.0.x < 7.0.21 NSS Signature Verification Vulnerability CVE-2014-1568 22 Apr 2015 7.5 (v2) High Pass Wordfence Plugin for WordPress 'email' Parameter XSS 27 Nov 2012 4.7 (v3) Medium Pass PostgreSQL 8.3 < 8.3.20 / 8.4 < 8.4.13 / 9.0 < 9.0.9 / 9.1 < 9.1.5 Multiple Vulnerabilities CVE-2012-3488 CVE-2012-3489 28 Dec 2012 6.5 (v3) Medium Pass HP Intelligent Management Center User Access Manager Unspecified Information Disclosure CVE-2012-5211 13 Mar 2013 7.5 (v2) High Pass Oracle E-Business Multiple Vulnerabilities (January 2018 CPU) CVE-2017-3735 CVE-2017-3736 CVE-2018-2580 CVE-2018-2635 CVE-2018-2655 CVE-2018-2656 CVE-2018-2684 CVE-2018-2691 17 Jan 2018 9.1 (v3) Critical Pass SunFTP GET Request Remote Overflow CVE-2000-0856 13 Mar 2003 7.5 (v2) High Pass iPlanet Application Server Prefix Remote Overflow CVE-2002-0387 16 Mar 2003 7.5 (v2) High Pass Adobe Media Server Unsupported Version Detection 11 Aug 2011 10 (v2) Critical Pass Ipswitch WhatsUp Professional Login.asp Multiple Field SQL Injection CVE-2005-1250 23 Jun 2005 5.1 (v2) Medium Pass OpenSSL 'ChangeCipherSpec' MiTM Vulnerability CVE-2010-5298 CVE-2014-0076 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 14 Aug 2014 5.6 (v3) Medium Pass Dolibarr Multiple Script URI XSS CVE-2011-4814 13 Apr 2012 4.3 (v2) Medium Pass Kayako SupportSuite 3.x <= 3.70.02 Multiple Vulnerabilities 16 Feb 2012 6.5 (v2) Medium Pass HP Data Protector LogClientInstallation Method Userid Field SQL Execution CVE-2011-3156 29 Mar 2012 7.5 (v2) High Pass Cisco TelePresence MCU Software Memory Exhaustion CVE-2014-3397 22 Oct 2014 7.8 (v2) High Pass Apple TV < 5.2 Multiple Vulnerabilities CVE-2012-2619 CVE-2013-0964 04 Feb 2013 3.6 (v2) Low Pass Xerox WorkCentre Crafted PostScript File Handling Directory Access (XRX10-001) CVE-2010-0549 01 Mar 2010 5 (v2) Medium Pass solidDB Default Credentials 28 Mar 2008 7.5 (v2) High Pass Trend Micro IMSS Console Management Detection 01 Mar 2005 None Pass PHP 5.1.x < 5.1.5 Multiple Vulnerabilities CVE-2006-1017 CVE-2006-4020 CVE-2006-4481 CVE-2006-4482 CVE-2006-4483 CVE-2006-4484 CVE-2006-4485 18 Nov 2011 10 (v2) Critical Pass leafnode fetchnews DoS CVE-2004-2068 27 Oct 2009 5 (v2) Medium Pass CrashPlan Server Default Administrative Credentials 29 May 2009 7.5 (v2) High Pass Sendmail < 8.11.2 -bt Option Local Overflow 25 Nov 2001 8.4 (v3) High Pass IBM Lotus Domino Crafted .nsf Request Authentication Bypass CVE-2001-1567 12 May 2002 5 (v2) Medium Pass HP OpenView Network Node Manager ovlaunch.exe Information Disclosure (c01661610) CVE-2008-4560 12 Feb 2009 5 (v2) Medium Pass Hobbit Monitor < 4.1.0 hobbitd Malformed Message Remote Overflow 27 Jul 2005 7.5 (v2) High Pass PHP Foreign Function Interface Arbitrary DLL Loading safe_mode Restriction Bypass CVE-2007-4528 18 Nov 2011 5.8 (v3) Medium Pass Cisco Data Center Network Manager Privilege Escalation (cisco-sa-20180905-cdcnm-escalation) CVE-2018-0440 18 Sep 2020 7.2 (v3) High Pass Floating Social Media Links Plugin for WordPress 'wpp' Parameter Remote File Inclusion 25 Jan 2013 7.5 (v2) High Pass Citrix Access Gateway Administrative Web Interface Default Credentials 12 Apr 2013 7.5 (v2) High Pass Asterisk Detection 10 Dec 2012 None Pass PHP ip2long Function String Validation Weakness CVE-2006-4023 18 Nov 2011 5.8 (v3) Medium Pass IPSEC Internet Key Exchange (IKE) Version 1 Detection 02 Dec 2003 None Pass ManageEngine ADAudit Plus Default Credentials 02 Jun 2010 7.5 (v2) High Pass PHP mb_send_mail() Function Parameter Security Bypass CVE-2006-1014 18 Nov 2011 3.2 (v2) Low Pass PHP Symlink Function Race Condition open_basedir Bypass CVE-2006-5178 18 Nov 2011 8.8 (v3) High Pass SquirrelMail < 1.45 Multiple Vulnerabilities CVE-2005-1769 CVE-2005-2095 16 Jun 2005 5 (v2) Medium Pass ShowOff! Digital Media Software <= 1.5.4 Multiple Remote Vulnerabilities CVE-2005-1571 CVE-2005-1572 12 May 2005 7.8 (v2) High Pass Oracle WebLogic Console / WLST Unspecified Privilege Escalation (CVE-2008-2577) CVE-2008-2577 30 Nov 2011 4.6 (v2) Medium Pass Oracle WebLogic Server Unspecified Information Disclosure (CVE-2008-2578) CVE-2008-2578 30 Nov 2011 4.3 (v2) Medium Pass Oracle WebLogic Plugins Unspecified Remote Issue (CVE-2008-2579) CVE-2008-2579 30 Nov 2011 6.8 (v2) Medium Pass Oracle WebLogic Server Servlets Unspecified Unauthenticated Remote Issue (CVE-2008-4013) CVE-2008-4013 30 Nov 2011 6.8 (v2) Medium Pass Oracle WebLogic ForeignJMS Component Unspecified Information Disclosure (CVE-2008-2576) CVE-2008-2576 30 Nov 2011 4.3 (v2) Medium Pass GitLab 14.6.x < 14.6.5 / 14.7.x < 14.7.4 / 14.8.x < 14.8.2 Information Disclosure CVE-2022-0738 14 Mar 2022 7.5 (v3) High Pass Oracle WebLogic Multiple Authorizer Unspecified Privilege Escalation (CVE-2008-4009) CVE-2008-4009 30 Nov 2011 5.1 (v2) Medium Pass Oracle WebLogic Admin State Unspecified Privilege Escalation (CVE-2008-4011) CVE-2008-4011 30 Nov 2011 2.1 (v2) Low Pass Oracle WebLogic UDDI Explorer Unspecified Vulnerability (CVE-2008-2581) CVE-2008-2581 30 Nov 2011 5.1 (v2) Medium Pass PHP 7.1.x < 7.1.7 Multiple Vulnerabilities CVE-2017-7890 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 CVE-2017-11144 CVE-2017-11145 CVE-2017-11362 CVE-2017-11628 CVE-2017-12933 CVE-2017-1293413 Jul 2017 9.8 (v3) Critical Pass Atlassian Confluence 6.14.x < 6.14.3 / 6.15.x < 6.15.5 stored cross-site-scripting (SXSS) Vulnerability CVE-2019-20102 30 Apr 2020 6.1 (v3) Medium Pass Oracle WebLogic DoS (CVE-2008-2582) CVE-2008-2582 30 Nov 2011 5 (v2) Medium Pass Oracle WebLogic WLS Unspecified Vulnerability (CVE-2008-5461) CVE-2008-5461 30 Nov 2011 6.8 (v2) Medium Pass Oracle WebLogic Portal Elevation of Privilege (CVE-2008-5462) CVE-2008-5462 10 Jan 2012 6.8 (v2) Medium Pass PHP 4.x < 4.3.0 ZendEngine Integer Overflow CVE-2006-4812 11 Jan 2012 7.5 (v2) High Pass Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection DoS (cisco-sa-nxos-bfd-dos-wGQXrzxn)CVE-2022-20623 14 Mar 2022 7.5 (v3) High Pass GitLab 13.x < 14.6.5 / 14.7.4 / 14.8.2 Information Disclosure CVE-2021-4191 14 Mar 2022 5.3 (v3) Medium Pass Icecast HTTP Basic Authorization Remote Overflow DoS CVE-2004-2027 01 Oct 2004 5 (v2) Medium Pass Cisco Data Center Network Manager Authentication Bypass (cisco-sa-dcnm-bypass-dyEejUMs) CVE-2020-3382 12 Aug 2020 9.8 (v3) Critical Pass Apache Struts 2 ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution CVE-2011-3923 06 Feb 2012 9.8 (v3) Critical Pass Apache Struts 2 Multiple Remote Code Execution and File Overwrite Vulnerabilities (safe check) (deprecated)CVE-2012-0392 25 Jan 2012 8.1 (v3) High Pass Apache Struts 2 'method:' Prefix Arbitrary Remote Command Execution CVE-2016-3081 17 Dec 2018 8.1 (v3) High Pass Apache Struts 2 Tag Attribute Double OGNL Evaluation RCE CVE-2016-0785 24 Mar 2016 8.8 (v3) High Pass Apache Struts 2 ExceptionDelegator Arbitrary Remote Command Execution CVE-2012-0391 07 Aug 2013 8.8 (v3) High Pass Atlassian Jira < 8.5.8 / 8.6.0 < 8.11.1 Sensitive Data Exposure (JRASERVER-71536) CVE-2020-14179 24 Sep 2020 5.3 (v3) Medium Pass HTTP login page 26 Oct 2002 None 70
RELAYTO Penetration Test Results Page 69 Page 71