Pass PHP-Fusion 4.01 Multiple Vulnerabilities CVE-2004-2437 CVE-2004-2438 08 Oct 2004 6.5 (v2) Medium Pass Liferay Portal < 6.0.6 Multiple Vulnerabilities CVE-2011-1502 CVE-2011-1503 CVE-2011-1504 CVE-2011-1570 CVE-2011-1571 22 May 2012 9.3 (v2) High Pass Liferay Portal 6.0.5 / 6.0.6 Arbitrary File Download 22 May 2012 6.8 (v2) Medium Pass Liferay Portal 6.1.0 'addUser()' Security Bypass 22 May 2012 10 (v2) Critical Pass Apache OFBiz Default Credentials 23 May 2012 7.5 (v2) High Pass Apache OFBiz FlexibleStringExpander Remote Code Execution CVE-2012-1622 23 May 2012 9.8 (v3) Critical Pass Apache OFBiz Webslinger Component XSS CVE-2012-1621 23 May 2012 4.3 (v2) Medium Pass Liferay Portal 6.1.0 User Enumeration 04 Jun 2012 5 (v2) Medium Pass Liferay Portal 6.1.0 Forward Target Handling Security Bypass 04 Jun 2012 10 (v2) Critical Pass Liferay Portal upload_progress_poller.jsp XSS 04 Jun 2012 5.8 (v2) Medium Pass PHP 5.3.x < 5.3.14 Multiple Vulnerabilities CVE-2012-2143 CVE-2012-2386 CVE-2012-3450 CVE-2012-6113 15 Jun 2012 7.5 (v2) High Pass PHP 5.4.x < 5.4.4 Multiple Vulnerabilities CVE-2012-2143 CVE-2012-2386 CVE-2012-3450 15 Jun 2012 7.5 (v2) High Pass PHP php_variables.c Multiple Variable Open Bracket Memory Disclosure CVE-2004-0958 08 Oct 2004 5 (v2) Medium Pass MailEnable ForgottenPassword.aspx Username Parameter XSS CVE-2012-0389 19 Jun 2012 4.3 (v2) Medium Pass IBM DB2 9.1 < Fix Pack 11 Multiple DoS CVE-2010-4476 CVE-2012-0710 21 Jun 2012 5.3 (v3) Medium Pass Elgg index.php view Parameter XSS CVE-2012-6561 22 Jun 2012 4.3 (v2) Medium Pass MikroTik Winbox < 5.17 File Download DoS 27 Jun 2012 5 (v2) Medium Pass HP System Management Homepage < 7.1.1 Multiple Vulnerabilities CVE-2011-1944 CVE-2011-2821 CVE-2011-2834 CVE-2011-3379 CVE-2011-3607 CVE-2011-4078 CVE-2011-4108 CVE-2011-4153 CVE-2011-4317 CVE-2011-4415 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2011-4885 CVE-2012-0021 CVE-2012-0027 CVE-2012-0031 CVE-2012-0036 CVE-2012-0053 CVE-2012-0057 CVE-2012-0830 CVE-2012-1165 CVE-2012-1823 CVE-2012-2012 CVE-2012-2013 CVE-2012-2014 CVE-2012-2015 CVE-2012-201605 Jul 2012 10 (v2) Critical Pass IBM Domino Password Protected DB Enumeration 05 Jul 2012 None Pass IBM DB2 9.7 < Fix Pack 6 Multiple Vulnerabilities CVE-2011-4061 CVE-2012-0709 CVE-2012-0711 CVE-2012-0712 CVE-2012-0713 CVE-2012-2180 10 Jul 2012 7.3 (v3) High Pass CubeCart index.php cat_id Parameter SQL Injection CVE-2004-1580 08 Oct 2004 7.5 (v2) High Pass Danware NetOp Host HELO Request Remote Information Disclosure CVE-2004-0950 19 Nov 2004 5 (v2) Medium Pass IBM DB2 9.8 < Fix Pack 5 Multiple Vulnerabilities CVE-2012-0712 CVE-2012-0713 CVE-2012-2180 10 Jul 2012 5.3 (v3) Medium Pass Ruby on Rails HTTP Digest Authentication Bypass CVE-2009-2422 21 Jul 2009 7.5 (v2) High Pass eAccelerator encoder.php File Backup CVE-2009-2353 22 Jul 2009 7.5 (v2) High Pass phpMyAdmin Installation Not Password Protected 23 Jul 2009 7.5 (v2) High Pass MODx config.js.php Information Disclosure 28 Jul 2009 5 (v2) Medium Pass Snitz Forums 2000 <= 3.4.07 register.asp 'Email' Parameter SQL Injection CVE-2003-0286 03 Aug 2009 7.5 (v2) High Pass PHP-Kit <= 1.6.1 RC2 Multiple Vulnerabilities CVE-2004-1537 CVE-2004-1538 CVE-2005-2683 CVE-2005-2699 CVE-2005-3552 CVE-2005-3553 CVE-2005-3554 CVE-2005-4424 CVE-2006-0785 CVE-2006-0786 CVE-2006-1507 CVE-2006-177322 Nov 2004 7.5 (v2) High Pass TinyBrowser Multiple XSS 05 Aug 2009 4.7 (v3) Medium Pass IBM DB2 8.1 < Fix Pack 18 Multiple Vulnerabilities CVE-2009-2858 CVE-2009-2859 CVE-2009-2860 20 Aug 2009 5.3 (v3) Medium Pass FlexCMS Login Cookie SQL Injection 31 Aug 2009 7.5 (v2) High Pass Kayako SupportSuite Ticket Subject XSS CVE-2009-3427 04 Sep 2009 4.3 (v2) Medium Pass Zmanda Recovery Manager for MySQL socket-server.pl MYSQL_BINPATH Variable Command Execution CVE-2009-3102 07 Sep 2009 8.8 (v3) High Pass ChartDirector for .NET cacheId Parameter Arbitrary File Access 11 Sep 2009 5 (v2) Medium Pass Orion Application Server Web Examples Multiple XSS 15 Sep 2009 4.3 (v2) Medium Pass BF Survey Pro Component for Joomla! 'table' Parameter SQLi CVE-2009-4625 15 Sep 2009 7.3 (v3) High Pass PHP < 5.2.11 Multiple Vulnerabilities CVE-2009-3291 CVE-2009-3292 CVE-2009-3293 CVE-2009-3294 CVE-2009-4018 CVE-2009-5016 18 Sep 2009 7.5 (v2) High Pass Brio Unix odscgi HTMLFile Parameter Traversal Arbitrary File Access 30 Nov 2004 5 (v2) Medium Pass Interchange < 5.4.4 / 5.6.2 / 5.7.2 Search Request Information Disclosure 23 Sep 2009 5 (v2) Medium Pass Ektron CMS400.NET id Parameter XSS CVE-2009-4473 24 Sep 2009 4.3 (v2) Medium Pass Ability Mail Server < 2.70 IMAP4 FETCH DoS CVE-2009-3445 28 Sep 2009 4 (v2) Medium Pass IDoBlog Component for Joomla! 'userid' Parameter SQLi CVE-2009-3417 25 Sep 2009 7.3 (v3) High Pass Serv-U < 9.0.0.1 05 Oct 2009 4.3 (v2) Medium Pass IBM DB2 9.1 < Fix Pack 8 Multiple Vulnerabilities CVE-2009-3471 CVE-2009-3472 CVE-2009-3473 06 Oct 2009 6.5 (v3) Medium Pass Default Password (sq!us3r) for 'dbadmin' Account CVE-1999-0502 CVE-2009-3710 15 Oct 2009 9.8 (v3) Critical Pass IBM Rational RequisitePro ReqWebHelp Multiple XSS CVE-2009-3730 20 Oct 2009 4.3 (v2) Medium Pass Default Password (infoblox) for 'admin' Account CVE-1999-0502 22 Oct 2009 9.8 (v3) Critical Pass Adobe ColdFusion <= 8.0.1 _logintowizard.cfm XSS CVE-2009-1872 CVE-2009-1875 02 Nov 2009 4.3 (v2) Medium Pass ViewVC Invalid Parameter Arbitrary HTML Injection 03 Nov 2009 4.3 (v2) Medium Pass CubeCart Admin Authentication Bypass CVE-2009-3904 03 Nov 2009 7.5 (v2) High Pass Default Password (alpine) for 'root' Account CVE-1999-0502 04 Nov 2009 9.8 (v3) Critical Pass Default Password (alpine) for 'mobile' Account CVE-1999-0502 04 Nov 2009 9.8 (v3) Critical Pass CubeCart 'admin.php' Authentication Bypass Information Disclosure 04 Nov 2009 5 (v2) Medium Pass CGI Generic SQL Injection (blind) 06 Nov 2009 7.5 (v2) High Pass MailEnable IMAP Server Multiple Remote Buffer Overflows CVE-2004-2501 30 Nov 2004 7.5 (v2) High Pass CGI Generic XSS (persistent) 06 Nov 2009 4.3 (v2) Medium Pass CGI Generic SQL Injection (HTTP Headers) 06 Nov 2009 7.5 (v2) High Pass Jumi Component for Joomla! <= 2.0.5 Backdoor Detection 16 Nov 2009 9.8 (v3) Critical Pass IBM Tivoli Storage Manager Client Multiple Vulnerabilities (swg21405562) CVE-2009-3853 CVE-2009-3854 CVE-2009-3855 16 Nov 2009 10 (v2) Critical Pass Movable Type mt-check.cgi System Information Disclosure 18 Nov 2009 5 (v2) Medium Pass PHP 5.3 < 5.3.1 Multiple Vulnerabilities CVE-2009-3557 CVE-2009-3559 CVE-2009-4017 CVE-2009-4018 CVE-2010-1128 20 Nov 2009 6.8 (v2) Medium Pass CubeCart includes/content/viewProd.inc.php productId Parameter SQL Injection CVE-2009-4060 24 Nov 2009 7.5 (v2) High Pass Squeezebox Server Detection 30 Nov 2009 None Pass Serv-U < 9.1.0.0 CVE-2009-4006 CVE-2009-4873 30 Nov 2009 9 (v2) High Pass GForge help/tracker.php helpname Parameter XSS CVE-2009-3303 01 Dec 2009 4.3 (v2) Medium Pass DNN (DotNetNuke) < 5.2.0 SearchResults.aspx XSS CVE-2009-4110 02 Dec 2009 4.3 (v2) Medium Pass AWStats < 6.95 awredir.pl Arbitrary Site Redirect 02 Dec 2009 4.7 (v3) Medium Pass Request Tracker Default Credentials 04 Dec 2009 7.5 (v2) High Pass Request Tracker Session Fixation Vulnerability CVE-2009-4151 04 Dec 2009 5.8 (v2) Medium Pass Pligg login.php return Parameter Arbitrary Site Redirect CVE-2009-4788 07 Dec 2009 4.7 (v3) Medium Pass LyftenBloggie Component for Joomla! 'author' Parameter SQLi CVE-2009-4104 07 Dec 2009 7.3 (v3) High Pass GCalendar Component for Joomla! 'gcid' Parameter SQLi CVE-2009-4099 09 Dec 2009 7.3 (v3) High Pass Zen Cart extras/curltest.php Information Disclosure CVE-2009-4321 10 Dec 2009 5 (v2) Medium Pass e107 submitnews.php XSS CVE-2009-4083 10 Dec 2009 4.3 (v2) Medium Pass TestLink login.php req Parameter XSS CVE-2009-4237 10 Dec 2009 4.3 (v2) Medium Noise HTTP Methods Allowed (per directory) 10 Dec 2009 None Pass phpShop Default Credentials 14 Dec 2009 7.5 (v2) High Pass phpShop shop/flypage SQL Injection CVE-2008-0681 CVE-2009-4571 14 Dec 2009 6.8 (v2) Medium Pass CGI Generic SQL Injection (blind, time based) 14 Dec 2009 7.5 (v2) High Pass Invision Power Board < 3.0.5 Multiple Vulnerabilities 15 Dec 2009 6.8 (v2) Medium Pass IBM DB2 9.5 < Fix Pack 5 Multiple Unspecified Vulnerabilities CVE-2009-4325 CVE-2009-4326 CVE-2009-4327 CVE-2009-4328 CVE-2009-4329 CVE-2009-4330 CVE-2009-4331 CVE-2009-4332 CVE-2009-4333 CVE-2009-4334 CVE-2009-4335 CVE-2009-4438 CVE-2009-443916 Dec 2009 6.5 (v3) Medium Pass PHP < 5.2.12 Multiple Vulnerabilities CVE-2009-3557 CVE-2009-3558 CVE-2009-4017 CVE-2009-4142 CVE-2009-4143 18 Dec 2009 6.8 (v2) Medium Pass Oracle WebLogic Default Credentials 18 Dec 2009 9.8 (v3) Critical Pass Serv-U < 9.2.0.1 CVE-2009-4815 21 Dec 2009 4 (v2) Medium Pass Adobe Flash Media Server < 3.0.5 / 3.5.3 Multiple Vulnerabilities (APSB09-18) CVE-2009-3791 CVE-2009-3792 22 Dec 2009 10 (v2) Critical Pass ClarkConnect proxy.php url Parameter XSS 23 Dec 2009 4.3 (v2) Medium Pass phpLDAPadmin cmd.php cmd Parameter Local File Inclusion CVE-2009-4427 23 Dec 2009 6.8 (v2) Medium Pass daloRADIUS login.php error Parameter XSS CVE-2009-4347 23 Dec 2009 4.3 (v2) Medium Pass SQL-Ledger 'admin.pl' Empty Credentials CVE-2009-4402 23 Dec 2009 7.5 (v2) High Pass Apache Tomcat Directory Traversal CVE-2007-0450 04 Jan 2010 5 (v2) Medium Pass Joomla! / Mambo Component Multiple Parameter Local File Include Vulnerabilities CVE-2010-0157 CVE-2010-0467 CVE-2010-0676 CVE-2010-0944 CVE-2010-0972 CVE-2010-1056 CVE-2010-1081 CVE-2010-1304 CVE-2010-1305 CVE-2010-1306 CVE-2010-1308 CVE-2010-1312 CVE-2010-1314 CVE-2010-1340 CVE-2010-1345 CVE-2010-1352 CVE-2010-1354 CVE-2010-1469 CVE-2010-1470 CVE-2010-1471 CVE-2010-1472 CVE-2010-1473 CVE-2010-1474 CVE-2010-1475 CVE-2010-1478 CVE-2010-1491 CVE-2010-1494 CVE-2010-1534 CVE-2010-1602 CVE-2010-1607 CVE-2010-1653 CVE-2010-1658 CVE-2010-1714 CVE-2010-1715 CVE-2010-1717 CVE-2010-1718 CVE-2010-1719 CVE-2010-1722 CVE-2010-1723 CVE-2010-1858 CVE-2010-1875 CVE-2010-1878 CVE-2010-1952 CVE-2010-1953 CVE-2010-1954 CVE-2010-1956 CVE-2010-1979 CVE-2010-1980 CVE-2010-1981 CVE-2010-2033 CVE-2010-2034 CVE-2010-2035 CVE-2010-2036 CVE-2010-2037 CVE-2010-2050 CVE-2010-2122 CVE-2010-2507 CVE-2010-3426 CVE-2010-4977 CVE-2011-480404 Jan 2010 9.8 (v3) Critical Pass JS Jobs Component for Joomla! 'md' Parameter SQLi CVE-2009-4599 11 Jan 2010 7.3 (v3) High Pass CGI Generic Cookie Injection Scripting 25 Jan 2010 4.3 (v2) Medium Pass Mort Bay Jetty Multiple XSS CVE-2009-4612 26 Jan 2010 4.3 (v2) Medium Pass phpMyAdmin setup.php unserialize() Arbitrary PHP Code Execution (PMASA-2010-3) CVE-2009-4605 27 Jan 2010 7.5 (v2) High Pass SilverStripe Forums Module 'Search' Parameter XSS CVE-2010-1593 28 Jan 2010 4.3 (v2) Medium Pass TinyBrowser Component for Joomla! 'tinybrowser_lang' Cookie Local File Include 29 Jan 2010 9.8 (v3) Critical Pass MoinMoin 'sys.argv' Information Disclosure 02 Feb 2010 4.3 (v2) Medium Pass OCS Inventory NG Server Administration Console Detection 04 Feb 2010 None Pass Bugzilla Directory Access Information Disclosure CVE-2009-3989 10 Feb 2010 5 (v2) Medium Pass Scriptegrator Plugin for Joomla! 'files[]' Parameter Remote File Include CVE-2010-0759 20 Feb 2010 9.8 (v3) Critical Pass Joomla! JoomlaWorks AllVideos Plugin 'file' Parameter Directory Traversal CVE-2010-0696 23 Feb 2010 5.3 (v3) Medium Pass Asterisk Recording Interface (ARI) Default Administrator Credentials 23 Feb 2010 7.5 (v2) High Pass FreePBX / PBXconfig Default Credentials 23 Feb 2010 7.5 (v2) High Pass trixbox maint Web Interface Default Credentials 23 Feb 2010 7.5 (v2) High Pass trixbox Cisco Phone Services PhoneDirectory.php ID Parameter SQL Injection CVE-2010-0702 23 Feb 2010 7.5 (v2) High Pass PHP < 5.3.2 / 5.2.13 Multiple Vulnerabilities CVE-2010-1128 CVE-2010-1129 CVE-2010-1130 26 Feb 2010 6.4 (v2) Medium Pass PostNuke pnTresMailer codebrowserpntm.php Traversal Arbitrary File Access CVE-2004-1205 CVE-2004-1206 30 Nov 2004 5 (v2) Medium Pass SilverStripe debug_profile Parameter Information Disclosure CVE-2010-5188 01 Mar 2010 5 (v2) Medium Pass eGroupWare spellchecker.php Arbitrary Shell Command Execution CVE-2010-3313 10 Mar 2010 7.5 (v2) High Pass Skype skype: URI Handling /Datapath Argument Injection Settings Manipulation (uncredentialed check) 15 Mar 2010 4.3 (v2) Medium 56
RELAYTO Penetration Test Results Page 55 Page 57