RELAYTO Penetration Test Results (79/101)

Pass Coppermine imageObjectIM.class.php Command Execution Vulnerabilities CVE-2008-0506 31 Jan 2008 8.8 (v3) High Pass XOT Detection 29 Jan 2008 None Pass LPD Detection 08 Feb 2008 None Pass netsaint-statd Daemon Detection 06 Oct 2010 None Pass F5 BIG-IP Web Management Interface Detection 11 Feb 2008 None Pass MikroTik RouterOS Detection 11 Feb 2008 None Pass RTMP Server Detection 15 Feb 2008 None Pass Sniplets Plugin for WordPress execute.php 'text' Parameter Arbitrary Command Execution CVE-2008-1060 26 Feb 2008 8.8 (v3) High Pass KiSS PC-Link Server Detection (UDP) 14 Mar 2008 None Pass Acronis Agent Detection (UDP) 25 Mar 2008 None Pass DNS Sender Policy Framework (SPF) Enabled 26 Mar 2008 None Pass SSL Anonymous Cipher Suites Supported CVE-2007-1858 28 Mar 2008 5.9 (v3) Medium Pass SQL Anywhere Broadcast Repeater Detection 01 Apr 2008 None Pass Symantec Storage Foundation Scheduler Service Detection 15 Apr 2008 None Pass MobiLink Server Detection 01 Apr 2008 None Pass FTP Server Any Command Accepted (possible backdoor/proxy) 19 May 2008 None Pass FTP Server No Command Accepted (possible backdoor/proxy) 19 May 2008 None Pass FTP Server Bad Command Sequence Accepted (possible backdoor/proxy) 19 May 2008 None Pass MDAP Service Detection 22 May 2008 None Pass File Transfer (P2P) Detection 26 Mar 2008 None Pass Sympa Detection 01 Apr 2008 None Pass WS-Management Server Detection 11 Jun 2008 None Pass Owner Free File System Client Detection 20 Jun 2008 None Pass CA Secure Content Manager HTTP Gateway Service Detection 11 Jun 2008 None Pass Microsoft Dynamics GP Distributed Process Manager Detection 02 Jul 2008 None Pass Sun Java System ASP Server < 4.0.3 Multiple Vulnerabilities CVE-2008-2405 CVE-2008-2406 08 Jul 2008 8.8 (v3) High Pass Multiple Vendor DNS Query ID Field Prediction Cache Poisoning CVE-2008-1447 09 Jul 2008 9.1 (v3) Critical Pass LANDesk Remote Control Service Detection 29 Jul 2008 None Pass SNMP Query Routing Information Disclosure 21 Aug 2008 None Pass PowerDNS Version Detection 25 Aug 2008 None Pass .NET NegotiateStream Server Detection 15 Jul 2008 None Pass Openlink Virtuoso Server Detection 25 Jul 2008 None Pass LANDesk QIP Server Detection 17 Sep 2008 None Pass IRC Bouncer (BNC) Detection 17 Sep 2008 None Pass LogMeIn Agent Detection 23 Sep 2008 None Pass Default Password (bank) for 'bank' Account CVE-1999-0502 04 Sep 2008 9.8 (v3) Critical Pass Default Password (trans) for 'trans' Account CVE-1999-0502 04 Sep 2008 9.8 (v3) Critical Pass Kyocera Mita Scanner File Utility Detection 09 Sep 2008 None Pass Simple PHP Blog Detection 08 Sep 2008 None Pass ASG-Sentry SNMP Agent Detection 14 Oct 2008 None Pass phpScheduleIt reserve.php start_date Parameter Arbitrary Command Injection CVE-2008-6132 03 Oct 2008 8.8 (v3) High Pass Blue Coat Reporter Detection 03 Oct 2008 None Pass Broken Web Server Detection 22 Oct 2008 None Pass phpScheduleIt Detection 03 Oct 2008 None Pass Apache Struts 2 < 2.0.12 / 2.1.3 Dispatcher Directory Traversal CVE-2008-6505 24 Nov 2008 7.5 (v3) High Pass SNMP Protocol Version Detection 06 Jan 2009 None Pass HDHomeRun Discovery Service Detection 13 Jan 2009 None Pass DNS Server hostname.bind Map Hostname Disclosure 15 Jan 2009 None Pass SSL Service Requests Client Certiﬁcate 06 Jan 2009 None Pass CA Unicenter Cron Scheduler Detection 08 Jan 2009 None Pass DNS Server DNSSEC Aware Resolver 15 Jan 2009 None Pass Scan for UPnP hosts (multicast) 19 Feb 2009 None Pass DNS Server Spoofed Request Ampliﬁcation DDoS CVE-2006-0987 22 Jan 2009 7.5 (v3) High Pass GigaTribe Detection 28 Jan 2009 None Pass OS Identiﬁcation : FTP 12 Feb 2009 None Pass UPnP Internet Gateway Device (IGD) External IP Address Reachable 19 Feb 2009 None Pass Web Server UPnP Detection 19 Feb 2009 None Pass TeamSpeak Server Administration Detection 20 Feb 2009 None Pass OS Identiﬁcation : HTML 05 Mar 2009 None Pass Thecus NAS Device Detection 10 Mar 2009 None Pass EMC RepliStor Detection 26 Jan 2009 None Pass Zabbix Web Interface Detection 07 Mar 2009 None Pass Fortify 360 Web Interface Detection 24 Apr 2009 None Pass FogBugz Interface Detection 24 Apr 2009 None Pass Microsoft SharePoint Server Detection 27 Apr 2009 None Pass pam_ssh Login Prompt Remote Username Enumeration CVE-2009-1273 28 Apr 2009 9.4 (v3) Critical Pass A-A-S Application Access Server Detection 14 May 2009 None Pass Samhain Server (yule) Detection 17 Mar 2009 None Pass HP LaserJet Printer Detection 10 Apr 2009 None Pass Open Virtual Desktop Detection 14 May 2009 None Pass AWStats Detection 20 Mar 2009 None Pass Geeklog Detection 13 Apr 2009 None Pass Atmail Webmail / AtmailOpen Webmail Detection 30 Apr 2009 None Pass NSD version Directive Remote Version Disclosure 21 May 2009 None Pass Vulture Reverse Proxy Detection 08 Jun 2009 None Pass ClamAV Version Detection 17 Jun 2009 None Pass Apache Tomcat Detection 18 Jun 2009 None Pass HTTP Server Cookies Set 19 Jun 2009 None Pass Backported Security Patch Detection (FTP) 25 Jun 2009 None Pass Backported Security Patch Detection (SSH) 25 Jun 2009 None Pass Backported Security Patch Detection (WWW) 25 Jun 2009 None Pass TinyWebGallery lang Parameter Local File Inclusion CVE-2009-1911 26 May 2009 8.8 (v3) High Pass SquirrelMail map_yp_alias Username Mapping Alias Arbitrary Code Execution CVE-2009-1579 15 May 2009 8.8 (v3) High Pass Zen Cart Detection 24 Jun 2009 None Pass Movable Type Detection 26 Jun 2009 None Pass HP DDMI on Windows Unspeciﬁed Remote Agent Access CVE-2009-1419 06 Jul 2009 8.8 (v3) High Pass Adobe ColdFusion FCKeditor 'CurrentFolder' File Upload CVE-2009-2265 14 Jul 2009 8.8 (v3) High Pass Symantec pcAnywhere Status Service Detection (UDP) 12 Dec 1999 None Pass Identd Service Detection 22 Jun 1999 None Pass DNS Server BIND version Directive Remote Version Detection 12 Oct 1999 None Pass Daytime Service Detection 22 Jun 1999 None Pass WU-FTPD SITE EXEC Arbitrary Local Command Execution CVE-1999-0080 CVE-1999-0955 22 Jun 1999 8.1 (v3) High Pass rsh NULL Login Remote Privilege Escalation CVE-1999-0180 25 Jul 2002 8.8 (v3) High Noise HTTP Server Type and Version 04 Jan 2000 None Pass ICMP Netmask Request Information Disclosure CVE-1999-0524 29 Jul 1999 None Info Pass ICMP Timestamp Request Remote Date Disclosure CVE-1999-0524 01 Aug 1999 None Info Pass LinuxConf Detection 03 Mar 2000 None Pass Windows NetBIOS / SMB Remote Host Information Disclosure 12 Oct 1999 None Pass NIS Server Detection 30 Aug 1999 None Pass NNTP Server Detection 12 Oct 1999 None Pass rlogin -froot Remote Root Access CVE-1999-0113 26 Aug 2002 8.8 (v3) High Pass Windows NT FTP 'guest' Account Present CVE-1999-0546 22 Jun 1999 9.8 (v3) Critical Pass POP Server Detection 12 Oct 1999 None Pass HTTP Proxy CONNECT Request Relaying 22 Jun 1999 None Pass Microsoft SQL Server TCP/IP Listener Detection 12 Oct 1999 None Pass Nessus Server Detection 12 Oct 1999 None Pass HTTP Proxy POST Request Relaying 22 Jun 1999 5.3 (v3) Medium Pass HTTP Proxy Open Relay Detection 22 Jun 1999 None Pass HP Remote Watch showdisk Remote Privilege Escalation CVE-1999-0246 31 Aug 1999 8.8 (v3) High Pass RPC portmapper Service Detection CVE-1999-0632 19 Aug 1999 None Info Pass rquotad Service Detection CVE-1999-0625 19 Aug 1999 None Info Pass RPC rstatd Service Detection CVE-1999-0624 19 Aug 1999 None Info 79

RELAYTO Penetration Test Results - Page 79

RELAYTO Penetration Test Results Page 78 Page 80