RELAYTO Penetration Test Results (84/101)

Pass Serendipity XML-RPC for PHP Remote Code Injection CVE-2005-1921 01 Jul 2005 7.5 (v2) High Pass XOOPS < 2.0.12 Multiple Vulnerabilities CVE-2005-2112 CVE-2005-2113 05 Jul 2005 7.5 (v2) High Pass Cacti < 0.8.6f Authentication Bypass Vulnerability CVE-2005-2148 CVE-2005-2149 05 Jul 2005 7.5 (v2) High Pass phpBB < 2.0.17 Nested BBCode URL Tags XSS CVE-2005-2161 06 Jul 2005 3.5 (v2) Low Pass YaPiG Password Protected Directory Bypass 06 Jul 2005 5 (v2) Medium Pass phpWebSite <= 0.10.1 Multiple Vulnerabilities 07 Jul 2005 7.5 (v2) High Pass Drupal XML-RPC for PHP Remote Code Injection CVE-2005-1921 08 Jul 2005 7.5 (v2) High Pass Comersus Cart Multiple Vulnerabilities (SQLi, XSS) CVE-2005-2190 CVE-2005-2191 08 Jul 2005 7.5 (v2) High Pass Hydra: PostgreSQL 10 Jul 2005 7.5 (v2) High Pass Moodle < 1.5.1 Multiple Vulnerabilities CVE-2005-2247 13 Jul 2005 7.5 (v2) High Pass Apache Tomcat 7.x < 7.0.21 Arbitrary AJP Message Control CVE-2011-3190 02 Sep 2011 7.3 (v3) High Pass Phpauction <= 2.5 Multiple Vulnerabilities CVE-2005-2252 CVE-2005-2253 CVE-2005-2254 CVE-2005-2255 20 Jul 2005 7.5 (v2) High Pass PHP-Fusion <= 6.00.105 Multiple Vulnerabilities CVE-2005-2074 CVE-2005-2075 20 Jul 2005 5 (v2) Medium Pass Gossamer Threads Links user.cgi url Parameter XSS CVE-2005-1492 20 Jul 2005 4.3 (v2) Medium Pass PHPAuction Admin Authentication Bypass 20 Jul 2005 7.5 (v2) High Pass MDaemon IMAP Server Multiple AUTHENTICATE Commands Remote Overﬂow 21 Jul 2005 7.5 (v2) High Pass osCommerce update.php readme_ﬁle Parameter Arbitrary File Disclosure CVE-2005-2330 21 Jul 2005 5 (v2) Medium Pass PHPNews auth.php Multiple Parameter SQL Injection CVE-2005-2383 22 Jul 2005 6.8 (v2) Medium Pass UltraVNC w/ DSM Plugin Detection 24 Jul 2005 4 (v2) Medium Pass FtpLocate ﬂsearch.pl fsite Parameter Remote File Inclusion CVE-2005-2420 26 Jul 2005 7.5 (v2) High Pass Netquery <= 3.1 Multiple Vulnerabilities 26 Jul 2005 6.8 (v2) Medium Pass PHP-Fusion <= 6.00.106 Multiple Vulnerabilities CVE-2005-2401 CVE-2005-3159 29 Jul 2005 6 (v2) Medium Pass GForge <= 4.5 Multiple Script XSS CVE-2005-2430 29 Jul 2005 4.3 (v2) Medium Pass Kayako LiveResponse Multiple Vulnerabilities CVE-2005-2460 CVE-2005-2461 CVE-2005-2462 CVE-2005-2463 01 Aug 2005 6.4 (v2) Medium Pass AutoIndex PHP Script index.php search Parameter XSS CVE-2005-2163 04 Aug 2005 4.3 (v2) Medium Pass JAWS Glossary Gadget Multiple XSS CVE-2005-1231 CVE-2005-1800 08 Aug 2005 4.3 (v2) Medium Pass FlatNuke < 2.5.6 Multiple Remote Vulnerabilities CVE-2005-2537 CVE-2005-2538 CVE-2005-2539 CVE-2005-2540 08 Aug 2005 7.5 (v2) High Pass AWStats Referrer Header Arbitrary Command Execution CVE-2005-1527 10 Aug 2005 5.1 (v2) Medium Pass Mantis < 1.0.0rc2 Multiple Vulnerabilities CVE-2005-2556 CVE-2005-2557 CVE-2005-3090 CVE-2005-3091 22 Aug 2005 4.3 (v2) Medium Pass Home FTP Server Multiple Vulnerabilities CVE-2005-2726 CVE-2005-2727 25 Aug 2005 4.3 (v3) Medium Pass WebCalendar send_reminders.php includedir Parameter Remote File Inclusion CVE-2005-2717 25 Aug 2005 7.5 (v2) High Pass Cisco CallManager TFTP File Detection 26 Aug 2005 5 (v2) Medium Pass PhotoPost PHP Pro EXIF Data XSS CVE-2005-2737 27 Aug 2005 4.3 (v2) Medium Pass YaPiG <= 0.9.5b Multiple Vulnerabilities CVE-2005-2736 CVE-2005-4799 CVE-2006-4421 27 Aug 2005 5.1 (v2) Medium Pass phpMyAdmin < 2.6.4 Multiple XSS CVE-2005-2869 29 Aug 2005 4.3 (v2) Medium Pass PHP 7.1.x < 7.1.30 Multiple Vulnerabilities. CVE-2019-11038 CVE-2019-11039 CVE-2019-11040 31 May 2019 9.1 (v3) Critical Pass PHP 7.2.x < 7.2.19 Multiple Vulnerabilities. CVE-2019-11038 CVE-2019-11039 CVE-2019-11040 31 May 2019 9.1 (v3) Critical Pass PHP 7.3.x < 7.3.6 Multiple Vulnerabilities. CVE-2019-11038 CVE-2019-11039 CVE-2019-11040 04 Jun 2019 9.1 (v3) Critical Pass Oracle Database Multiple Vulnerabilities (January 2014 CPU) CVE-2013-5764 CVE-2013-5853 CVE-2013-5858 CVE-2014-0377 CVE-2014-0378 15 Jan 2014 4.1 (v2) Medium Pass Apache Tomcat 7.0.x < 7.0.50 Multiple Vulnerabilities CVE-2013-4322 CVE-2013-4590 25 Feb 2014 5.3 (v3) Medium Pass Jenkins < 2.84 / < 2.73.2 (LTS) Multiple Vulnerabilities CVE-2017-1000393 CVE-2017-1000394 CVE-2017-1000395 CVE-2017-1000396 CVE-2017-1000398 CVE-2017-1000399 CVE-2017-1000400 CVE-2017-100040105 Jun 2019 8.8 (v3) High Pass Apache Tomcat 6.0.x < 6.0.48 / 7.0.x < 7.0.73 / 8.0.x < 8.0.39 / 8.5.x < 8.5.8 / 9.0.x < 9.0.0.M13 Multiple VulnerabilitiesCVE-2016-6816 CVE-2016-6817 CVE-2016-8735 01 Dec 2016 9.8 (v3) Critical Pass Cisco IOS XE Software Locator/ID Separation Protocol Authentication Bypass Vulnerability CVE-2017-12236 06 Oct 2017 9.8 (v3) Critical Pass Jenkins < 2.121 / < 2.107.3 (LTS) Multiple Vulnerabilities CVE-2018-1000192 CVE-2018-1000193 CVE-2018-1000194 CVE-2018-1000195 05 Jun 2019 8.1 (v3) High Pass HPE Intelligent Management Center dbman Multiple Vulnerabilities CVE-2018-7123 CVE-2019-5355 CVE-2019-5390 CVE-2019-5391 CVE-2019-5392 CVE-2019-5393 06 Jun 2019 9.8 (v3) Critical Pass Apache Tomcat 7.0.0 < 7.0.91 Open Redirect Weakness CVE-2018-11784 10 Oct 2018 4.3 (v3) Medium Pass SSH Protocol Authentication Bypass (Remote Exploit Check) CVE-2018-10933 CVE-2018-1000805 17 Oct 2018 8.8 (v3) High Pass Ncat TLS Listener 19 Feb 2019 9.8 (v3) Critical Pass Cisco IOS XR Software DHCP Version 4 Server DoS (cisco-sa-iosxr-dhcp-dos-pjPVReLU) CVE-2021-34737 10 Sep 2021 7.5 (v3) High Pass phpMyAdmin 4.x < 4.9.0 CSRF vulnerablity (PMASA-2019-4) CVE-2019-12616 13 Jun 2019 6.5 (v3) Medium Pass Cisco IOS XR Software Border Gateway Protocol Resource Public Key Infrastructure DoS (cisco-sa-xrbgp-rpki-dos-gvmjqxbk)CVE-2021-1440 13 Sep 2021 6.8 (v3) Medium Pass Cisco IOS XR Software for 8000 Network Convergence System 540 Series Routers Image Veriﬁcation (cisco-sa-lnt-QN9mCzwn)CVE-2021-34708 CVE-2021-34709 13 Sep 2021 6.7 (v3) Medium Pass Oracle WebLogic Server Deserialization RCE (CVE-2019-2729) CVE-2019-2729 27 Jun 2019 9.8 (v3) Critical Pass Multiple Command Injection Vulnerabilities in Grandstream Products CVE-2019-10655 CVE-2019-10656 CVE-2019-10657 CVE-2019-10658 CVE-2019-10659 CVE-2019-10660 CVE-2019-10661 CVE-2019-10662 CVE-2019-1066301 Apr 2019 9.8 (v3) Critical Pass D-Link Router HNAP GetDeviceSettings Remote Command Execution CVE-2015-2051 10 Jun 2015 10 (v2) Critical Pass MongoDB 3.0.x < 3.0.7 / 3.1.x < 3.1.9 Authentication Bypass CVE-2015-7882 05 Jul 2019 8.1 (v3) High Pass Apple TV < 7 Multiple Vulnerabilities CVE-2011-2391 CVE-2013-6663 CVE-2014-1384 CVE-2014-1385 CVE-2014-1387 CVE-2014-1388 CVE-2014-1389 CVE-2014-4357 CVE-2014-4364 CVE-2014-4369 CVE-2014-4371 CVE-2014-4372 CVE-2014-4373 CVE-2014-4375 CVE-2014-4377 CVE-2014-4378 CVE-2014-4379 CVE-2014-4380 CVE-2014-4381 CVE-2014-4383 CVE-2014-4388 CVE-2014-4389 CVE-2014-4404 CVE-2014-4405 CVE-2014-4407 CVE-2014-4408 CVE-2014-4410 CVE-2014-4411 CVE-2014-4412 CVE-2014-4413 CVE-2014-4414 CVE-2014-4415 CVE-2014-4418 CVE-2014-4419 CVE-2014-4420 CVE-2014-4421 CVE-2014-442224 Sep 2014 7.8 (v3) High Pass FTP Service AUTH TLS Command Support 15 Oct 2009 None Pass Hummingbird Connectivity FTP Service XCWD Command Overﬂow CVE-2004-2728 31 Dec 2004 4.3 (v3) Medium Pass FTP Writable Directories 04 Oct 2005 6.5 (v3) Medium Pass IBM DB2 Connection Port Detection 21 Sep 2006 None Pass Tor Server Detection 14 Sep 2007 None Pass Multiple Command Injection Vulnerabilities in Grandstream Products CVE-2019-10655 CVE-2019-10659 CVE-2019-10660 CVE-2019-10661 CVE-2019-10662 CVE-2019-10663 19 Apr 2019 9.8 (v3) Critical Noise Common Platform Enumeration (CPE) 21 Apr 2010 None Pass Mac OS X < 10.10 Multiple Vulnerabilities (POODLE) (Shellshock) CVE-2011-2391 CVE-2013-5150 CVE-2013-6438 CVE-2014-0098 CVE-2014-3537 CVE-2014-3566 CVE-2014-4351 CVE-2014-4364 CVE-2014-4371 CVE-2014-4373 CVE-2014-4375 CVE-2014-4380 CVE-2014-4388 CVE-2014-4391 CVE-2014-4404 CVE-2014-4405 CVE-2014-4407 CVE-2014-4408 CVE-2014-4417 CVE-2014-4418 CVE-2014-4419 CVE-2014-4420 CVE-2014-4421 CVE-2014-4422 CVE-2014-4425 CVE-2014-4426 CVE-2014-4427 CVE-2014-4428 CVE-2014-4430 CVE-2014-4431 CVE-2014-4432 CVE-2014-4433 CVE-2014-4434 CVE-2014-4435 CVE-2014-4436 CVE-2014-4437 CVE-2014-4438 CVE-2014-4439 CVE-2014-4440 CVE-2014-4441 CVE-2014-4442 CVE-2014-4443 CVE-2014-4444 CVE-2014-6271 CVE-2014-716917 Oct 2014 10 (v2) Critical Pass Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK) CVE-2013-0118 CVE-2013-5704 CVE-2013-6438 CVE-2013-6712 CVE-2014-0098 CVE-2014-0117 CVE-2014-0118 CVE-2014-0207 CVE-2014-0226 CVE-2014-0231 CVE-2014-0237 CVE-2014-0238 CVE-2014-2497 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3523 CVE-2014-3538 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 CVE-2014-3981 CVE-2014-4049 CVE-2014-4380 CVE-2014-4404 CVE-2014-4405 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120 CVE-2014-8275 CVE-2014-8830 CVE-2014-9298 CVE-2015-0204 CVE-2015-1069 CVE-2015-1088 CVE-2015-1089 CVE-2015-1091 CVE-2015-1093 CVE-2015-1095 CVE-2015-1096 CVE-2015-1098 CVE-2015-1099 CVE-2015-1100 CVE-2015-1101 CVE-2015-1102 CVE-2015-1103 CVE-2015-1104 CVE-2015-1105 CVE-2015-1117 CVE-2015-1118 CVE-2015-1130 CVE-2015-1131 CVE-2015-1132 CVE-2015-1133 CVE-2015-1134 CVE-2015-1135 CVE-2015-1136 CVE-2015-1137 CVE-2015-1138 CVE-2015-1139 CVE-2015-1140 CVE-2015-1141 CVE-2015-1142 CVE-2015-1143 CVE-2015-1144 CVE-2015-1145 CVE-2015-1146 CVE-2015-1147 CVE-2015-1148 CVE-2015-1160 CVE-2015-1545 CVE-2015-154610 Apr 2015 10 (v2) Critical Pass CockroachDB Web Console Detection 11 Feb 2022 None Pass Juniper Junos RPD MPLS RCE (JSA10877) CVE-2018-0043 19 Oct 2018 8.8 (v3) High Pass Juniper Junos Memory Exhaustion RDP DOS with JET support (JSA10882) CVE-2018-0048 19 Oct 2018 7.5 (v3) High Pass Microsoft Windows SMBv3 Compression RCE (ADV200005)(CVE-2020-0796)(Remote) CVE-2020-0796 02 Apr 2020 10 (v3) Critical Pass WordPress Plugin 'File Manager' 6.x < 6.9 Remote Code Execution CVE-2020-25213 04 Sep 2020 9.8 (v3) Critical Pass PHP 7.4.x < 7.4.26 CVE-2021-21707 18 Nov 2021 5.3 (v3) Medium Pass PHP 8.0.x < 8.0.13 CVE-2021-21707 19 Nov 2021 5.3 (v3) Medium Pass Jenkins Enterprise and Operations Center < 2.249.31.0.3 / 2.277.4.2 Multiple Vulnerabilities (CloudBees Security Advisory 2021-05-05) 19 Nov 2021 5.4 (v3) Medium Pass Cisco IOS XE Software Web UI DoS Vulnerability (cisco-sa-20180926-webuidos) CVE-2018-0469 05 Oct 2018 6.8 (v3) Medium Pass Cisco Expressway Series and TelePresence Video Communication Server Image Veriﬁcation RCE (cisco-sa-ewverCVE-2021-34715-c6WZPXRx) 25 Aug 2021 7.2 (v3) High Pass Oracle E-Business Multiple Vulnerabilities (Oct 2018 CPU) CVE-2018-2971 CVE-2018-3011 CVE-2018-3138 CVE-2018-3151 CVE-2018-3167 CVE-2018-3188 CVE-2018-3189 CVE-2018-3190 CVE-2018-3196 CVE-2018-3235 CVE-2018-3236 CVE-2018-3237 CVE-2018-3242 CVE-2018-3243 CVE-2018-3244 CVE-2018-325618 Oct 2018 8.2 (v3) High Pass Apache Struts 2.5.x < 2.5.14.1 Json-lib JSON Parsing Unspeciﬁed DoS (S2-054) (S2-055) CVE-2017-7525 CVE-2017-15707 04 Dec 2017 9.8 (v3) Critical Pass Apache Tomcat 7.0.79 < 7.0.83 Insecure CGI Servlet Search Algorithm Description Weakness CVE-2017-15706 09 Feb 2018 5.3 (v3) Medium Pass Apache Tomcat 8.5.16 < 8.5.24 Insecure CGI Servlet Search Algorithm Description Weakness CVE-2017-15706 09 Feb 2018 3.7 (v3) Low Pass Apache Tomcat 8.5.x < 8.5.28 Security Constraint Weakness CVE-2018-1304 CVE-2018-1305 23 Feb 2018 3.7 (v3) Low Pass Cisco IOS XE Software Shell Access Authentication Bypass (cisco-sa-20180926-shell-access) CVE-2018-15371 05 Apr 2019 6.7 (v3) Medium Pass Oracle Primavera Uniﬁer Multiple Vulnerabilities (Jul 2019 CPU) CVE-2015-9251 CVE-2017-3164 CVE-2018-17197 CVE-2019-0192 19 Jul 2019 9.8 (v3) Critical Pass Oracle E-Business Suite Multiple Vulnerabilities (Jul 2019 CPU) CVE-2019-2666 CVE-2019-2668 CVE-2019-2672 CVE-2019-2761 CVE-2019-2773 CVE-2019-2775 CVE-2019-2782 CVE-2019-2783 CVE-2019-2809 CVE-2019-2825 CVE-2019-2828 CVE-2019-2829 CVE-2019-283719 Jul 2019 9.6 (v3) Critical Pass Ansible Tower 3.x < 3.3.3 Unauthorized Access vulnerability CVE-2018-16879 05 Aug 2019 9.8 (v3) Critical Pass Ansible Tower 3.3.x < 3.3.6 / 3.4.x < 3.4.4 / 3.5.x < 3.5.1 CRLF Vulnerability CVE-2019-9740 05 Aug 2019 6.1 (v3) Medium Pass PHP 7.2.x < 7.2.21 Multiple Vulnerabilities. CVE-2019-11041 CVE-2019-11042 12 Aug 2019 7.1 (v3) High Pass PHP 7.3.x < 7.3.8 Multiple Vulnerabilities. CVE-2019-11041 CVE-2019-11042 12 Aug 2019 7.1 (v3) High Pass Atlassian JIRA 7.6.5 / 7.7.x < 7.7.4 / 7.8.x < 7.8.4 / 7.9.x < 7.9.2 Multiple Vulnerabilities (SB18-141) CVE-2018-5230 CVE-2018-5231 25 May 2018 6.1 (v3) Medium Pass Apache Struts 2.3.x < 2.3.33 Denial of Service (S2-049) CVE-2017-9787 05 Nov 2018 7.5 (v3) High Pass Apache Struts <= 2.3.36 FileUpload Deserialization Vulnerability CVE-2016-1000031 05 Nov 2018 9.8 (v3) Critical Pass Juniper Junos OS Multiple Vulnerabilities (JSA11207) CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 14 Jul 2021 7.5 (v3) High Pass Juniper Junos OS Vulnerability (JSA11195) 14 Jul 2021 7.5 (v3) High Pass Juniper Junos OS Vulnerability (JSA11193) 14 Jul 2021 7.5 (v3) High Pass Apache Log4Shell RCE detection via callback correlation (Direct Check PPTP) CVE-2021-44228 04 Jan 2022 10 (v3) Critical Pass Juniper Junos OS Vulnerability (JSA11191) 14 Jul 2021 7.4 (v3) High Pass Juniper Junos OS Vulnerability (JSA11181) 14 Jul 2021 6.2 (v3) Medium Pass nginx 1.9.5 < 1.16.1 / 1.17.x < 1.17.3 Multiple Vulnerabilities CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 16 Aug 2019 7.5 (v3) High Pass IBM WebSphere Application Server 7.0.x <= 7.0.0.45 / 8.0.x <= 8.0.0.14 / 8.5.x < 8.5.5.21 / 9.0.x < 9.0.5.9 Privilege EscalationCVE-2021-29736 03 Aug 2021 8.8 (v3) High Pass Apache 2.4.x < 2.4.34 Multiple Vulnerabilities CVE-2018-1333 CVE-2018-8011 16 Aug 2018 7.5 (v3) High Pass MSSQL Host Information in NTLM SSP 30 Mar 2018 None Pass Pulse Connect Secure Detection 18 May 2018 None Pass VMware vCenter Server 6.7 Sensitive Information Disclosure Vulnerability (VMSA-2020-0006) CVE-2020-3952 13 Apr 2020 9.8 (v3) Critical Pass Unsupported PAN-OS Operating System 21 Jan 2015 10 (v3) Critical Pass IBM DB2 Login Possible 24 Jun 2016 None Pass Oracle DB Login Possible 24 Jun 2016 None Pass Oracle Default Accounts 19 Jul 2006 9.8 (v3) Critical Pass Advantech WebAccess/SCADA Network Service Detection 10 Sep 2018 None Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.19 / 9.0.x < 9.0.5.6 Information DisclosurCVE-2020-4576 e (CVE-2020-4576) 16 Oct 2020 7.5 (v3) High Pass Cisco IOS XE Software ROM Monitor for Industrial Switches Command Injection (cisco-sa-iosxe-romvar-cmd-inj-N56fYbrw)CVE-2021-1452 12 Apr 2021 6.8 (v3) Medium Pass ManageEngine Log360 Detection 24 Sep 2021 None Pass ManageEngine Log360 < Build 5229 REST API Restriction Bypass RCE CVE-2021-40539 24 Sep 2021 9.8 (v3) Critical 84

RELAYTO Penetration Test Results - Page 84

RELAYTO Penetration Test Results Page 83 Page 85