RELAYTO Penetration Test Results (66/101)

Pass Uploader Plugin for WordPress File Upload Arbitrary Code Execution 28 Jan 2013 8.8 (v3) High Pass Ekiga SIP Detection 04 Feb 2013 None Pass ImpressPages Detection 19 Feb 2013 None Pass Oracle Application Express (Apex) Unspeciﬁed Issues (pre 3.0.1) CVE-2007-3860 20 Feb 2013 7.5 (v2) High Pass Foscam Detection 24 Mar 2013 None Pass Eye-Fi Helper < 3.4.23 Directory Traversal CVE-2011-4696 26 Mar 2013 4.3 (v2) Medium Pass Plesk Horde Detection 22 Apr 2013 7.5 (v2) High Pass Novell iManager Unsupported Version 19 Apr 2013 10 (v2) Critical Pass Novell iManager Detection 19 Apr 2013 None Pass CODESYS V2 Web Server Improperly Implemented Security Check (2021-07) CVE-2021-30192 27 Jul 2021 9.8 (v3) Critical Pass OpenAM RCE (CVE-2021-35464) CVE-2021-35464 29 Jul 2021 9.8 (v3) Critical Pass Cisco Content Security Management Appliance (SMA) GUI Denial of Service Vulnerability CVE-2020-3164 13 Mar 2020 5.3 (v3) Medium Pass ESXi 5.1 < Build 1312873 File Descriptors Privilege Escalation (remote check) CVE-2013-5973 31 Dec 2013 4.4 (v2) Medium Pass Greenstone Detection 31 May 2013 None Pass SolusVM Detection 24 Jun 2013 None Pass php-Charts wizard/index.php PHP Execution 03 Jul 2013 7.5 (v2) High Pass php-Charts Detection 03 Jul 2013 None Pass Cisco TelePresence Supervisor MSE 8050 TCP Connection Request Saturation Remote DoS CVE-2013-1236 23 Jul 2013 7.8 (v2) High Pass EMC RSA Archer 6.1.x, 6.2.x, 6.3.x < 6.3.0.7 and 6.4.x < 6.4.0.1 SQL Injection Vulnerability CVE-2018-11065 31 Aug 2018 4.3 (v3) Medium Pass paFileDB sessions Directory Admin Hashed Password Disclosure CVE-2004-1219 06 Dec 2004 5 (v2) Medium Pass TrustPort WebFilter help.php hf Parameter Directory Traversal CVE-2013-5301 13 Aug 2013 7.8 (v2) High Pass Buﬀalo Router Web Interface Detection 04 Aug 2021 None Pass X7 Chat upgradev1.php old_preﬁx Parameter SQL Injection CVE-2006-3851 25 Jul 2006 7.5 (v2) High Pass Meeting Room Booking System Detection 18 Oct 2010 None Pass IBM RSA Default Credentials 26 Oct 2010 10 (v2) Critical Pass VMware Harbor Information Disclosure (CVE-2020-29662) CVE-2020-29662 05 Aug 2021 5.3 (v3) Medium Pass HP Systems Insight Manager Detection 10 Nov 2010 None Pass Anti-Nessus Defense Detection 19 Feb 2003 None Pass GitLab Web UI Detection 11 Aug 2021 None Pass Cisco EPN Manager Detection (Web UI) 12 Aug 2021 None Pass PHP Live! directory/conf File Include Unspeciﬁed Issue CVE-2004-2485 09 Dec 2004 7.5 (v2) High Pass phpMyAdmin < 2.6.1-rc1 Multiple Remote Vulnerabilities CVE-2004-1147 CVE-2004-1148 13 Dec 2004 5.1 (v2) Medium Pass Siteﬁnity CMS Arbitrary File Upload 10 Dec 2010 7.5 (v2) High Pass MySQL 8.0.x < 8.0.22 Multiple Vulnerabilities (Oct 2020 CPU) CVE-2020-14672 CVE-2020-14765 CVE-2020-14769 CVE-2020-14771 CVE-2020-14773 CVE-2020-14775 CVE-2020-14776 CVE-2020-14777 CVE-2020-14785 CVE-2020-14786 CVE-2020-14789 CVE-2020-14790 CVE-2020-14791 CVE-2020-14793 CVE-2020-14794 CVE-2020-14800 CVE-2020-14804 CVE-2020-14809 CVE-2020-14812 CVE-2020-14814 CVE-2020-14821 CVE-2020-14827 CVE-2020-14828 CVE-2020-14829 CVE-2020-14830 CVE-2020-14836 CVE-2020-14837 CVE-2020-14838 CVE-2020-14839 CVE-2020-14844 CVE-2020-14845 CVE-2020-14846 CVE-2020-14848 CVE-2020-14852 CVE-2020-14860 CVE-2020-14861 CVE-2020-14866 CVE-2020-14867 CVE-2020-14868 CVE-2020-14869 CVE-2020-14870 CVE-2020-14873 CVE-2020-14878 CVE-2020-14888 CVE-2020-14891 CVE-2020-14893 CVE-2021-2028 CVE-2021-2030 CVE-2021-2042 CVE-2021-2055 CVE-2021-241222 Oct 2020 8 (v3) High Pass Well-known SSL Certiﬁcate Used in Remote Device 21 Dec 2010 5.8 (v2) Medium Pass PHP < 4.3.10 / 5.0.3 Multiple Vulnerabilities CVE-2004-1018 CVE-2004-1019 CVE-2004-1020 CVE-2004-1063 CVE-2004-1064 CVE-2004-1065 15 Dec 2004 7.5 (v2) High Pass Majordomo Detection 16 Feb 2011 None Pass Micro Focus Enterprise Administration Server Authentication Check 01 Feb 2011 7.5 (v2) High Pass CGI Generic XSS (Parameters Names) 14 Feb 2011 4.3 (v2) Medium Pass MODx 'ucfg' Parameter Arbitrary File Access CVE-2010-3930 14 Feb 2011 5 (v2) Medium Pass MySQL Eventum forgot_password.php XSS 22 Feb 2011 4.3 (v2) Medium Pass Atlassian Conﬂuence Server Webwork OGNL Injection (CVE-2021-26084) CVE-2021-26084 07 Sep 2021 9.8 (v3) Critical Pass CGI Generic XSS (persistent, 3rd Pass) 01 Mar 2011 4.3 (v2) Medium Pass phpwcms spaw_control.class.php spaw_root Parameter Remote File Inclusion CVE-2006-2519 23 May 2006 2.6 (v2) Low Pass vsftpd Detection 17 Mar 2011 None Pass ManageEngine ADManager Plus Detection 09 Sep 2021 None Pass MS11-020: Vulnerability in SMB Server Could Allow Remote Code Execution (2508429) (remote check) CVE-2011-0661 20 Apr 2011 10 (v2) Critical Pass Trend Micro Data Loss Prevention Virtual Appliance Web Console Detection 29 Jun 2011 None Pass ManageEngine SupportCenter Plus Detection 28 Jun 2011 None Pass Cisco Content Security Management Appliance HTTP Header Injection Vulnerability CVE-2020-3117 31 Jan 2020 4.7 (v3) Medium Pass phpGroupWare <= 0.9.16.003 Multiple Vulnerabilities CVE-2004-1383 CVE-2004-1384 CVE-2004-1385 16 Dec 2004 7.5 (v2) High Pass SolarWinds Orion Platform 2019.2 HF4 / 2019.4.2 / 2020.2.5 HF1 / 2020.2.6 / 2020.2.6 SQLI CVE-2021-35212 17 Nov 2021 8.8 (v3) High Pass ZeroBoard < 4.1pl5 Multiple Remote Vulnerabilities CVE-2004-1419 CVE-2004-2738 28 Dec 2004 6.8 (v2) Medium Pass e107 Image Manager Unauthorized File Upload CVE-2004-2262 28 Jan 2013 8.8 (v3) High Pass Oracle HTTP Server Version 21 Nov 2011 None Pass FTPS Cleartext Fallback Security Bypass 13 Dec 2011 5.8 (v2) Medium Pass FlatNuke index.php url_avatar Field Arbitrary PHP Code Execution CVE-2005-0267 CVE-2005-0268 04 Jan 2005 7.5 (v2) High Pass GNU Mailman Multiple Unspeciﬁed Remote Vulnerabilities 12 Jan 2005 7.5 (v2) High Pass op5 Portal Detection 17 Jan 2012 None Pass Small SSH RSA Key 25 Jan 2012 8.1 (v3) High Pass Apple iTunes < 12.12 Multiple Vulnerabilities (uncredentialed check) CVE-2021-30835 CVE-2021-30847 CVE-2021-30849 04 Oct 2021 7.8 (v3) High Pass Simple PHP Blog comments.php Traversal Arbitrary File Access CVE-2005-0214 12 Jan 2005 7.8 (v2) High Pass ClearSpace Detection 27 Apr 2009 None Pass Apache-SSL ExpandCert() Function Certiﬁcate Handling Arbitrary Environment Variables Manipulation CVE-2008-0555 03 Apr 2008 7.3 (v3) High Pass Jenkins Git Plugin < 4.8.3 / Jenkins LTS < 2.303.2 / Jenkins weekly < 2.315 Multiple Vulnerabilities (Deprecated)CVE-2014-3577 CVE-2021-21682 CVE-2021-21683 CVE-2021-21684 07 Oct 2021 5.8 (v2) Medium Pass OS Identiﬁcation : SMTP 13 Feb 2012 None Pass PeerCast servhs.cpp handshakeHTTP Function SOURCE Request Remote Overﬂow CVE-2007-6454 18 Dec 2007 7.5 (v2) High Pass Astaro Security Gateway Detection 23 Feb 2012 None Pass Cisco TelePresence Collaboration Endpoint DoS (cisco-sa-tpce-rmos-mem-dos-rck56tT) CVE-2021-34758 08 Oct 2021 3.3 (v3) Low Pass BNBT EasyTracker Malformed GET Request Remote DoS CVE-2005-2806 31 Aug 2005 5 (v2) Medium Pass Citrix XenServer Workload Balancer Detection 13 Apr 2012 None Pass ArubaOS 6.3.1.11 / 6.4.2.1 SSH Authentication Bypass CVE-2014-7299 16 Oct 2014 7.5 (v2) High Pass OpenSSL 1.0.1 < 1.0.1c TLS/DTLS CBC Denial of Service CVE-2012-2333 11 May 2012 5 (v2) Medium Pass phpGroupWare index.php Calendar Date XSS CVE-2004-2574 12 Jan 2005 4.3 (v2) Medium Pass Cisco Small Business RV Series Routers Multiple Vulnerabilities (cisco-sa-smb-mult-vuln-KA9PK6D) CVE-2022-20699 CVE-2022-20700 CVE-2022-20701 CVE-2022-20702 CVE-2022-20703 CVE-2022-20704 CVE-2022-20705 CVE-2022-20706 CVE-2022-20707 CVE-2022-20708 CVE-2022-20709 CVE-2022-20710 CVE-2022-20711 CVE-2022-20712 CVE-2022-2074903 Feb 2022 9.8 (v3) Critical Pass ownCloud Web Interface Detection 27 Jun 2012 None Pass MyBB member.php 'uid' Parameter SQLi CVE-2005-0282 12 Jan 2005 7.5 (v2) High Pass Horde < 3.0.1 Multiple Script XSS CVE-2005-0378 13 Jan 2005 4.3 (v2) Medium Pass Siteman forum.php page Parameter XSS 14 Jan 2005 4.3 (v2) Medium Pass Novell GroupWise 6.5.3 WebAccess Multiple XSS 15 Jan 2005 4.3 (v2) Medium Pass ZeroBoard Multiple Scripts dir Parameter Remote File Inclusion CVE-2005-0380 17 Jan 2005 7.5 (v2) High Pass Gallery login.php username Parameter XSS CVE-2005-0220 18 Jan 2005 4.3 (v2) Medium Pass DD-WRT HTTP Daemon Metacharacter Injection Remote Code Execution CVE-2009-2765 23 Jul 2009 8.3 (v2) High Pass AWStats awstats.pl conﬁgdir Parameter Arbitrary Command Execution CVE-2005-0116 18 Jan 2005 7.5 (v2) High Pass phpBB < 2.0.11 Multiple Vulnerabilities (ESMARKCONANT) CVE-2004-1315 18 Jan 2005 7.3 (v3) High Pass Google Analytics on An Internal Web Server Detection 21 Aug 2009 None Pass ISC BIND 9 Dynamic Update Handling Remote DoS (intrusive check) CVE-2009-0696 31 Jul 2009 5 (v2) Medium Pass phpSANE ﬁle_save Parameter Remote File Include CVE-2009-3188 28 Aug 2009 7.5 (v2) High Pass PHP-Fusion < 6.00.110 Multiple Scripts SQL Injection CVE-2005-3157 CVE-2005-3158 CVE-2005-3160 CVE-2005-3161 12 Oct 2005 6.8 (v2) Medium Pass WebGUI < 6.7.6 Asset.pm Asset Addition Arbitrary Code Execution CVE-2005-4694 17 Oct 2005 7.5 (v2) High Pass ViewVC Detection 03 Nov 2009 None Pass LDAP Service STARTTLS Command Support 30 Oct 2009 None Pass vBulletin includes/init.php Unspeciﬁed Vulnerability 18 Jan 2005 7.5 (v2) High Pass phpMyWebHosting Authentication SQL Injection CVE-2004-2218 19 Jan 2005 7.3 (v3) High Pass sslh Detection 12 Nov 2009 None Pass eMule IRC Module / Web Server DecodeBase16 Function Remote Overﬂow CVE-2004-1892 17 Nov 2009 7.5 (v2) High Pass pfSense 2.3.x <= 2.3.5-p2 / 2.4.x < 2.4.4 Multiple Vulnerabilities (SA-18_06 / SA-18_07 / SA-18_08) CVE-2018-3620 CVE-2018-3646 CVE-2018-6922 CVE-2018-6923 CVE-2018-6924 CVE-2018-14526 CVE-2018-15473 CVE-2018-16055 27 Dec 2018 8.8 (v3) High Pass Oracle Database Multiple Vulnerabilities (January 2005 CPU) CVE-2004-0637 CVE-2004-0638 CVE-2004-1362 CVE-2004-1363 CVE-2004-1364 CVE-2004-1365 CVE-2004-1366 CVE-2004-1367 CVE-2004-1368 CVE-2004-1369 CVE-2004-1370 CVE-2004-137119 Jan 2005 7.5 (v2) High Pass phpLDAPadmin Detection 23 Dec 2009 None Pass Cisco FXOS Software Cisco Fabric Services Arbitrary Code Execution (cisco-sa-20180620-fxnxos-ace) CVE-2018-0304 14 Jul 2020 9.8 (v3) Critical Pass HP Web Jetadmin Detection 28 Jan 2010 None Pass PHPLinks Multiple Input Validation Vulnerabilities 19 Jan 2005 7.3 (v3) High Pass MySQL 8.0.x < 8.0.27 Multiple Vulnerabilities (Oct 2021 CPU) CVE-2021-2478 CVE-2021-2479 CVE-2021-2481 CVE-2021-3711 CVE-2021-22926 CVE-2021-35546 CVE-2021-35575 CVE-2021-35577 CVE-2021-35591 CVE-2021-35596 CVE-2021-35597 CVE-2021-35602 CVE-2021-35604 CVE-2021-35607 CVE-2021-35608 CVE-2021-35610 CVE-2021-35612 CVE-2021-35622 CVE-2021-35623 CVE-2021-35624 CVE-2021-35625 CVE-2021-35626 CVE-2021-35627 CVE-2021-35628 CVE-2021-35630 CVE-2021-35631 CVE-2021-35632 CVE-2021-35633 CVE-2021-35634 CVE-2021-35635 CVE-2021-35636 CVE-2021-35637 CVE-2021-35638 CVE-2021-35639 CVE-2021-35640 CVE-2021-35641 CVE-2021-35642 CVE-2021-35643 CVE-2021-35644 CVE-2021-35645 CVE-2021-35646 CVE-2021-35647 CVE-2021-35648 CVE-2021-36222 CVE-2022-21278 CVE-2022-21297 CVE-2022-2135220 Oct 2021 9.8 (v3) Critical Pass ClamAV Antivirus Detection and Status 28 Apr 2010 10 (v2) Critical Pass SquirrelMail < 1.4.4 Multiple Vulnerabilities CVE-2005-0075 CVE-2005-0103 CVE-2005-0104 24 Jan 2005 4.3 (v2) Medium Pass GForge Multiple Script Traversal Arbitrary Directory Listing CVE-2005-0299 21 Jan 2005 5 (v2) Medium Pass HP System Management Homepage < 6.1.0.102 / 6.1.0-103 Multiple Vulnerabilities CVE-2009-3555 19 May 2010 6.5 (v3) Medium Pass NolaPro Detection 24 May 2010 None Pass TikiWiki Detection 27 May 2010 None Pass IBM DB2 9.7 < Fix Pack 2 Multiple Vulnerabilities CVE-2009-3471 CVE-2009-3555 CVE-2010-0462 CVE-2010-0472 CVE-2010-3193 CVE-2010-3194 CVE-2010-3195 CVE-2010-3196 CVE-2010-3197 CVE-2011-075701 Jun 2010 6.5 (v3) Medium Pass Apache Tomcat JSP2 Examples XSS CVE-2005-4838 13 Jul 2010 5.3 (v3) Medium Pass XLight FTP Server 3.x SFTP Directory Traversal CVE-2010-2695 08 Jul 2010 6.5 (v2) Medium 66

RELAYTO Penetration Test Results - Page 66

RELAYTO Penetration Test Results Page 65 Page 67