RELAYTO Penetration Test Results (100/101)

Pass Appweb 3.1.x / 3.2.x / 3.3.x < 3.3.3 mprUrlEncode Function Heap Overﬂow Vulnerability 02 Aug 2012 6.8 (v2) Medium Pass Symantec Web Gateway search.php SQL Injection (SYM12-011) CVE-2012-2961 06 Aug 2012 7.5 (v2) High Pass Mac OS X 10.11.x < 10.11.2 Multiple Vulnerabilities CVE-2011-2895 CVE-2012-0876 CVE-2012-1147 CVE-2012-1148 CVE-2015-3807 CVE-2015-5333 CVE-2015-5334 CVE-2015-6908 CVE-2015-7001 CVE-2015-7038 CVE-2015-7039 CVE-2015-7040 CVE-2015-7041 CVE-2015-7042 CVE-2015-7043 CVE-2015-7044 CVE-2015-7045 CVE-2015-7046 CVE-2015-7047 CVE-2015-7052 CVE-2015-7053 CVE-2015-7054 CVE-2015-7058 CVE-2015-7059 CVE-2015-7060 CVE-2015-7061 CVE-2015-7062 CVE-2015-7063 CVE-2015-7064 CVE-2015-7065 CVE-2015-7066 CVE-2015-7067 CVE-2015-7068 CVE-2015-7071 CVE-2015-7073 CVE-2015-7074 CVE-2015-7075 CVE-2015-7076 CVE-2015-7077 CVE-2015-7078 CVE-2015-7081 CVE-2015-7083 CVE-2015-7084 CVE-2015-7094 CVE-2015-7105 CVE-2015-7106 CVE-2015-7107 CVE-2015-7108 CVE-2015-7109 CVE-2015-7110 CVE-2015-7111 CVE-2015-7112 CVE-2015-7115 CVE-2015-7116 CVE-2015-7803 CVE-2015-780410 Dec 2015 10 (v2) Critical Pass HP Network Automation Multiple Remote Vulnerabilities (HPSBMU03264) CVE-2014-7886 23 Apr 2015 6.8 (v2) Medium Pass Juniper Junos J-Web Service Privilege Escalation (JSA10754) CVE-2016-1279 22 Jul 2016 10 (v2) Critical Pass Juniper Junos Certiﬁcate Validation Bypass (JSA10755) CVE-2016-1280 22 Jul 2016 5.8 (v2) Medium Pass Scrutinizer Default Credentials Check 20 Aug 2012 7.5 (v2) High Pass Scrutinizer < 9.5.2 d4d/statusFilter.php q Parameter SQL Injection CVE-2012-2962 20 Aug 2012 6.5 (v2) Medium Pass SquidClamav Specially Crafted Character Parsing Remote DoS CVE-2012-3501 10 Sep 2012 5 (v2) Medium Pass ManageEngine Security Manager Plus Default Administrator Credentials 10 Dec 2012 7.5 (v2) High Pass Novell eDirectory < 8.8 SP6 Patch 5 Multiple Vulnerabilities CVE-2010-1929 29 Aug 2012 9 (v2) High Pass VNC Server 'password' Password 29 Aug 2012 10 (v2) Critical Pass macOS 10.14.x < 10.14.4 Multiple Vulnerabilities CVE-2018-12015 CVE-2018-18311 CVE-2018-18313 CVE-2019-6207 CVE-2019-6237 CVE-2019-6239 CVE-2019-7293 CVE-2019-8502 CVE-2019-8504 CVE-2019-8507 CVE-2019-8508 CVE-2019-8510 CVE-2019-8511 CVE-2019-8513 CVE-2019-8514 CVE-2019-8516 CVE-2019-8517 CVE-2019-8519 CVE-2019-8520 CVE-2019-8521 CVE-2019-8522 CVE-2019-8526 CVE-2019-8527 CVE-2019-8529 CVE-2019-8530 CVE-2019-8533 CVE-2019-8537 CVE-2019-8540 CVE-2019-8542 CVE-2019-8545 CVE-2019-8546 CVE-2019-8549 CVE-2019-8550 CVE-2019-8552 CVE-2019-8555 CVE-2019-8561 CVE-2019-856527 Mar 2019 9.8 (v3) Critical Pass Kibana ESA-2018-06 CVE-2018-3823 25 Jan 2019 5.4 (v3) Medium Pass WAS Target Discovery for PCI 24 Jan 2019 None Pass Juniper Junos FreeBSD libc db Information Disclosure (JSA10756) CVE-2009-1436 22 Jul 2016 4.9 (v2) Medium Pass Cloudsafe365 Plugin for WordPress 'ﬁle' Parameter Traversal Arbitrary File Access 07 Sep 2012 5 (v2) Medium Pass DNS over TLS Server Detection 22 Mar 2021 None Pass JBoss Java Object Deserialization RCE CVE-2012-0874 CVE-2015-7501 10 Dec 2015 9.8 (v3) Critical Pass Mac Photo Gallery for WordPress 'albid' Parameter Traversal Arbitrary File Access 19 Sep 2012 5 (v2) Medium Pass Authentec UPEK Protector Suite Weak Password Storage 18 Oct 2012 2.1 (v2) Low Pass Mac Photo Gallery Plugin for WordPress 'macphtajax.php' Access Restriction Bypass 26 Sep 2012 5 (v2) Medium Pass OpenStack Keystone Default Credentials 27 Sep 2012 7.5 (v2) High Pass Yawcam Web Server Traversal Arbitrary File Access CVE-2005-1230 02 May 2005 5 (v2) Medium Pass ZEN Load Balancer global.conf Information Disclosure 28 Sep 2012 5.3 (v3) Medium Pass AttachmateWRQ Reﬂection for Secure IT Server < 6.0 Build 24 Multiple Vulnerabilities CVE-2005-2770 CVE-2005-2771 06 Sep 2005 4.6 (v2) Medium Pass Juniper Junos Crafted UDP Packet Handling DoS (JSA10758) CVE-2016-1263 22 Jul 2016 7.8 (v2) High Pass Transport Layer Security (TLS) Protocol CRIME Vulnerability CVE-2012-4929 CVE-2012-4930 16 Oct 2012 2.6 (v2) Low Pass RaidenFTPD Multiple Command Traversal Arbitrary File Access CVE-2001-0491 11 May 2005 6.4 (v2) Medium Pass SSL Root Certiﬁcation Authority Distrusted 17 Apr 2019 6.5 (v3) Medium Pass Xerox Document Centre Web Server Unspeciﬁed Unauthorized Access (XRX05-003) CVE-2005-1936 14 May 2005 7.5 (v2) High Pass Dream4 Koobi CMS index.php area Parameter SQL Injection CVE-2005-1373 16 Jun 2005 7.5 (v2) High Pass web-app.org WebAPP Encoded Request .dat File Disclosure CVE-2005-0927 17 May 2005 5 (v2) Medium Pass HP/H3C and Huawei SNMP User Data Information Disclosure CVE-2012-3268 30 Oct 2012 8.5 (v2) High Pass ManageEngine OpStor Default Administrator Credentials 01 Nov 2012 7.5 (v2) High Pass CoSoSys Endpoint Protector 4 Predictable Password CVE-2012-2994 16 Nov 2012 7.5 (v2) High Pass SolarWinds Orion NPM < 9.5 Login.asp SQLi 12 Nov 2012 7.5 (v2) High Pass MS12-073: Vulnerabilities in Microsoft IIS Could Allow Information Disclosure (2733829) (uncredentialed check)CVE-2012-2532 16 Nov 2012 5.3 (v3) Medium Pass Juniper Junos VPLS Ethernet Frame MAC Address Remote DoS (JSA10750) CVE-2016-1275 22 Jul 2016 6.1 (v2) Medium Pass Novell File Reporter Agent FSFUI UICMD 126 Arbitrary File Download CVE-2012-4958 20 Nov 2012 7.8 (v2) High Pass NetIQ Privileged User Manager Default Admin Password 21 Nov 2012 10 (v2) Critical Pass McAfee WebShield SMTP Unsupported 03 Dec 2012 10 (v2) Critical Pass Juniper Junos SRX Series Application Layer Gateway DoS (JSA10751) CVE-2016-1276 22 Jul 2016 7.8 (v2) High Pass Juniper Junos Crafted ICMP Packet DoS (JSA10752) CVE-2016-1277 22 Jul 2016 7.8 (v2) High Pass ManageEngine Applications Manager Default Administrator Credentials 05 Dec 2012 7.5 (v2) High Pass Oracle Primavera Uniﬁer Multiple Vulnerabilities (Oct 2018 CPU) CVE-2018-3148 CVE-2018-12023 01 Nov 2018 6.1 (v3) Medium Pass ESXi 5.1 < Build 2323236 Third-Party Libraries Multiple Vulnerabilities (remote check) (BEAST) CVE-2011-3389 CVE-2012-0845 CVE-2012-0876 CVE-2012-1150 CVE-2013-0242 CVE-2013-1752 CVE-2013-1914 CVE-2013-2877 CVE-2013-4238 CVE-2013-4332 CVE-2014-0015 CVE-2014-0138 CVE-2014-019112 Dec 2014 6.4 (v2) Medium Pass NetIQ Privileged User Manager Password Change Authentication Bypass (version check) CVE-2012-5930 07 Dec 2012 6.4 (v2) Medium Pass Cisco Small Business RV320 and RV325 Routers Multiple Vulnerabilities CVE-2019-1827 CVE-2019-1828 15 Apr 2019 8.1 (v3) High Pass Slideshow Plugin for WordPress 'settings.php' Multiple Parameter XSS 19 Dec 2012 4.3 (v2) Medium Pass HP LaserJet XSS Vulnerability CVE-2012-3272 15 Jan 2013 4.3 (v2) Medium Pass Apple TV < 12.1.1 Multiple Vulnerabilities CVE-2018-4303 CVE-2018-4431 CVE-2018-4435 CVE-2018-4436 CVE-2018-4437 CVE-2018-4438 CVE-2018-4441 CVE-2018-4442 CVE-2018-4443 CVE-2018-4447 CVE-2018-4460 CVE-2018-4461 CVE-2018-4464 CVE-2018-446521 Dec 2018 8.8 (v3) High Pass IronMail IronWebMail IM_FILE Identiﬁer Encoded Traversal Arbitrary File Access CVE-2006-5210 20 Oct 2006 5 (v2) Medium Pass Dell OpenManage Server Administrator index_main.htm DOM-based XSS CVE-2012-6272 11 Jan 2013 4.3 (v2) Medium Pass Google Doc Embedder Plugin for WordPress 'File' Parameter Traversal Arbitrary File Disclosure CVE-2012-4915 24 Jan 2013 5 (v2) Medium Pass NetIQ Privileged User Manager regclnt.dll Directory Traversal CVE-2012-5931 24 Jan 2013 5.5 (v2) Medium Pass Kibana ESA-2018-08 CVE-2018-3824 25 Jan 2019 6.1 (v3) Medium Pass IBM WebSphere Application Server 8.0 < Fix Pack 7 Multiple Vulnerabilities CVE-2012-2098 CVE-2013-0169 CVE-2013-0597 CVE-2013-1768 CVE-2013-1862 CVE-2013-1896 CVE-2013-2967 CVE-2013-2976 CVE-2013-3029 CVE-2013-4004 CVE-2013-400523 Aug 2013 7.5 (v2) High Pass ManageEngine AssetExplorer Detection 24 Jan 2013 None Pass ManageEngine AssetExplorer Default Administrator Credentials 24 Jan 2013 7.5 (v2) High Pass Silver Peak VX < 6.2.4 XSS CVE-2014-2975 25 Sep 2014 4.3 (v2) Medium Pass Browser Rejector Plugin for WordPress 'wppath' Parameter Remote File Inclusion 25 Jan 2013 7.5 (v2) High Pass Portable phpMyAdmin Plugin for WordPress 'wp-pma-mod' Authentication Bypass CVE-2012-5469 25 Jan 2013 7.5 (v2) High Pass GRAND Flash Album Gallery Plugin for WordPress 'f' Parameter Traversal Arbitrary Directory Enumeration 28 Jan 2013 5 (v2) Medium Pass MySQL Protocol Remote User Enumeration CVE-2012-5615 28 Jan 2013 5 (v2) Medium Pass WordPress 'xmlrpc.php' pingback.ping Server-Side Request Forgery CVE-2013-0235 04 Feb 2013 6.4 (v2) Medium Pass UnrealIRCd Unspeciﬁed DoS 06 Feb 2013 5 (v2) Medium Pass EMC Avamar ADS / AVE 7.2.x < 7.2.1 Hotﬁx HOTFIX 300440 / 7.3.x < 7.3.1 Hotﬁx 300439 / 7.4.x < 7.4.1 HotCVE-2018-11066 CVE-2018-11067ﬁx 300438 / 7.5.0 < 7.5.0 Hotﬁx 300441 / 7.5.1 < 7.5.1 Hotﬁx 300442 / 18.1 < 18.1 Hotﬁx 300443 Multiple Vulnerabilities (DSA-2018-145)30 Nov 2018 9.8 (v3) Critical Pass Voice Vulnerabilities in Cisco IOS and Cisco Uniﬁed Communications Manager - Cisco Systems CVE-2007-4291 CVE-2007-4292 CVE-2007-4293 CVE-2007-4294 CVE-2007-4295 01 Sep 2010 9.3 (v2) High Pass SolarWinds Orion NPM < 10.3.1 Multiple Vulnerabilities CVE-2012-2577 CVE-2012-2602 17 Sep 2012 6.8 (v2) Medium Pass OpenSSL 1.0.1 < 1.0.1e Information Disclosure CVE-2013-0169 13 Feb 2013 2.6 (v2) Low Pass rsync < 2.5.7 Unspeciﬁed Remote Heap Overﬂow CVE-2003-0962 04 Dec 2003 7.5 (v2) High Pass Oracle Application Express (Apex) CVE-2012-1708 CVE-2012-1708 20 Feb 2013 4.3 (v2) Medium Pass Oracle Application Express (Apex) Unspeciﬁed Issues (pre 2.2.1) CVE-2006-5351 CVE-2006-5352 20 Feb 2013 10 (v2) Critical Pass Oracle Application Express (Apex) CVE-2011-3525 CVE-2011-3525 20 Feb 2013 6.5 (v2) Medium Pass ShadowIRCd m_capab.c Denial of Service CVE-2012-6084 11 Mar 2013 5 (v2) Medium Pass Cisco Prime LAN Management Solution Web Detection 21 Feb 2013 None Pass Nagios XI 2011R1.9 Multiple SQL Injection Vulnerabilities 19 Feb 2013 6.5 (v2) Medium Pass Cisco IOS IPS Denial of Service Vulnerability - Cisco Systems CVE-2008-2739 01 Sep 2010 7.8 (v2) High Pass Buﬀalo LinkStation Direct Request Remote File Disclosure 27 Feb 2013 5 (v2) Medium Pass W3 Total Cache Plugin for WordPress Cache File Direct Request Information Disclosure 04 Mar 2013 4.3 (v2) Medium Pass Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities - Cisco Systems CVE-2009-0633 CVE-2009-0634 01 Sep 2010 7.8 (v2) High Pass VMware vCenter Server Denial of Service (VMSA-2012-0018) CVE-2012-6326 12 Mar 2013 7.8 (v2) High Pass CVS < 1.11.17 / 1.12.9 Multiple Vulnerabilities CVE-2004-0414 CVE-2004-0416 CVE-2004-0417 CVE-2004-0418 CVE-2004-1471 09 Jun 2004 7.1 (v2) High Pass Cuyahoga FCKEditor Misconﬁguration Unrestricted File Upload CVE-2007-0147 10 Jan 2007 5 (v2) Medium Pass LogAnalyzer asktheoracle.php 'query' Parameter XSS 05 Mar 2013 4.3 (v2) Medium Pass Foswiki Detection 06 Mar 2013 None Pass Cisco Small Business RV Series Routers Management Interface Vulnerabilities (cisco-sa-rv-routers-injection-tWC7krKQ)CVE-2020-3268 CVE-2020-3269 15 Oct 2020 7.2 (v3) High Pass War FTP Daemon 1.82 Denial of Service CVE-2013-2278 11 Mar 2013 10 (v2) Critical Pass OpenFTPD SITE MSG FTP Command Format String CVE-2004-2523 01 Aug 2004 6.5 (v2) Medium Pass Ruby ftpd Gem 'ﬁlename' Parameter Remote Command Execution 07 Mar 2013 7.5 (v2) High Pass Cisco IOS Software Multiple Features Crafted UDP Packet Vulnerability - Cisco Systems CVE-2009-0631 01 Sep 2010 7.8 (v2) High Pass Juniper Junos Packet Forwarding Engine Potential RCE (JSA10906) CVE-2019-0006 10 Jan 2019 9.8 (v3) Critical Pass Cisco IOS Software Secure Copy Privilege Escalation Vulnerability - Cisco Systems CVE-2009-0637 01 Sep 2010 9 (v2) High Pass Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability - Cisco Systems CVE-2009-0629 01 Sep 2010 7.8 (v2) High Pass Nagios XI < 2012R1.6 Multiple Vulnerabilities 18 Mar 2013 6.5 (v2) Medium Pass SQLiteManager SQLiteManager_currentTheme Cookie Traversal Local File Inclusion CVE-2007-1232 27 Feb 2007 5.1 (v2) Medium Pass SSL RC4 Cipher Suites Supported (Bar Mitzvah) CVE-2013-2566 CVE-2015-2808 05 Apr 2013 5.9 (v3) Medium Pass Junos OS: Stateless ﬁrewall ﬁlter ignores IPv6 extension headers (JSA10905) CVE-2019-0005 15 Feb 2019 5.3 (v3) Medium Pass McAfee Vulnerability Manager cert_cn Parameter XSS CVE-2013-5094 29 Mar 2013 4.3 (v2) Medium Pass l2tpd < 0.68 Multiple Vulnerabilities CVE-2002-0872 CVE-2002-0873 14 Mar 2003 7.5 (v2) High Pass Cisco NX-OS Software Netstack DoS (cisco-sa-20190306-nxos-netstack) CVE-2019-1599 27 Mar 2020 8.6 (v3) High Pass IBM InfoSphere Data Replication Dashboard Unpassworded User Enumeration CVE-2013-0584 10 Apr 2013 5 (v2) Medium Pass IBM InfoSphere Data Replication Dashboard Default Credentials 10 Apr 2013 7.5 (v2) High Pass Cisco IOS Software WebVPN and SSLVPN Vulnerabilities - Cisco Systems CVE-2009-0626 CVE-2009-0628 01 Sep 2010 7.8 (v2) High Pass Multiple IRC Client Non-registered User parse_client_queued Saturation DoS CVE-2004-0605 10 Aug 2004 5 (v2) Medium Pass Ultimate Product Catalog Plugin for WordPress < 4.2.26 PHP Object Injection 05 Dec 2017 8.3 (v3) High Pass ESXi 5.1 < Build 911593 Multiple Vulnerabilities (remote check) CVE-2011-3048 CVE-2013-1406 CVE-2013-1659 13 Nov 2013 7.6 (v2) High Pass D-Link DIR-645 getcfg.php Admin Password Disclosure 26 Apr 2013 5 (v2) Medium Pass op5 Monitor < 5.7.3 Multiple Vulnerabilities 30 Apr 2013 3.5 (v2) Low Pass Exim with Dovecot use_shell Command Injection 10 May 2013 6.8 (v2) Medium Pass Jenkins JDK / Ant Tools Job Conﬁguration Stored XSS Vulnerability (SECURITY-624) (deprecated) CVE-2017-17383 15 Dec 2017 4.1 (v3) Medium 100

RELAYTO Penetration Test Results - Page 100

RELAYTO Penetration Test Results Page 99 Page 101