RELAYTO Penetration Test Results (32/101)

Pass PBLang 4.65 Multiple Vulnerabilities CVE-2005-2892 CVE-2005-2893 CVE-2005-2894 CVE-2005-2895 08 Sep 2005 7.5 (v2) High Pass CiscoWorks Common Services HTTP Response Splitting CVE-2011-4237 01 May 2012 4.3 (v2) Medium Pass MS15-087: Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459) (uncredentialed check)CVE-2015-2475 13 Aug 2015 4.3 (v2) Medium Pass Symantec Message Filter Management Interface Default Credentials 03 Jul 2012 7.5 (v2) High Pass Symantec Web Gateway Multiple Script Shell Command Execution (SYM12-011) CVE-2012-2957 CVE-2012-2976 06 Aug 2012 10 (v2) Critical Pass osCommerce ﬁle_manager.php Arbitrary PHP Code Injection (intrusive check) 03 Nov 2009 8.8 (v3) High Pass Sun Secure Global Desktop / Tarantella < 4.20.983 Multiple XSS CVE-2006-4958 CVE-2006-4959 03 Oct 2006 6.8 (v2) Medium Pass McAfee WebShield UI ProcessTextFile bodyStyle Parameter XSS (SB10020) CVE-2012-4580 03 Apr 2012 4.3 (v2) Medium Pass op5 Monitor < 6.1.0 Information Disclosure and Security Bypass Vulnerabilities 27 Jun 2013 5 (v2) Medium Pass CGI Generic Local File Inclusion (2nd pass) 19 Nov 2009 6.8 (v2) Medium Pass GitLab < 14.8.6 / 14.9.x < 14.9.4 / 14.10.x < 14.10.1 Multiple Vulnerabilities CVE-2022-1124 CVE-2022-1428 06 May 2022 4.3 (v3) Medium Pass MS10-072: Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048) (remote check) CVE-2010-3243 CVE-2010-3324 18 Oct 2010 4.3 (v2) Medium Pass SAP BusinessObjects viewError.jsp 'error' Parameter XSS 01 Feb 2010 4.3 (v2) Medium Pass VMware Host Agent Directory Traversal (VMSA-2009-0015) CVE-2009-3733 17 Feb 2010 5 (v2) Medium Pass GroundWork Monitor Enterprise Foundation Webapp Admin Arbitrary File Access CVE-2013-3500 28 Jun 2013 7.5 (v2) High Pass NetIQ Access Manager 4.0 < 4.0 SP1 Hotﬁx 3 Multiple Vulnerabilities CVE-2014-5214 CVE-2014-5215 CVE-2014-5216 CVE-2014-5217 18 Feb 2015 6.8 (v2) Medium Pass AjaXplorer checkInstall.php Arbitrary Command Injection 12 Apr 2010 7.5 (v2) High Pass CuteNews Multiple Script Traversal Privilege Escalation CVE-2005-3507 04 Nov 2005 7.5 (v2) High Pass Contact Form 7 Plugin for WordPress CAPTCHA Validation Bypass CVE-2014-2265 20 Jun 2014 5 (v2) Medium Pass NolaPro Default Credentials 24 May 2010 7.5 (v2) High Pass TaskFreak! logout.php tznMessage Parameter XSS CVE-2010-1520 30 Jun 2010 4.3 (v2) Medium Pass Microsoft IIS / Site Server showcode.asp source Parameter Traversal Arbitrary File Access CVE-1999-0736 08 Jul 1999 7.8 (v2) High Pass Simple:Press Plugin for WordPress 'value' parameter SQL Injection 08 Jul 2010 7.5 (v2) High Pass Splunk Default Administrator Credentials (Splunk Web) 01 Sep 2010 7.5 (v2) High Pass phpMyAdmin error.php BBcode Tag XSS (PMASA-2010-9) CVE-2010-4480 06 Jan 2011 4.3 (v2) Medium Pass FireStats window-add-excluded-ip.php 'edit' parameter XSS 16 Jul 2010 4.3 (v2) Medium Pass WordPress AdServe 'adclick.php' 'id' Parameter SQL Injection CVE-2008-0507 30 Jan 2008 7.5 (v2) High Pass ManageEngine OpManager Multiple Directory Traversal Vulnerabilities CVE-2014-6034 CVE-2014-6035 CVE-2014-6036 16 Feb 2015 7.5 (v2) High Pass Centreon GetXMLTrapsForVendor.php 'mnftr_id' Parameter SQLi CVE-2014-3828 23 Dec 2014 10 (v2) Critical Pass Apache Hadoop Jetty XSS CVE-2009-1524 24 Aug 2011 4.3 (v2) Medium Pass Splunk Enterprise 6.2.x < 6.2.2 Multiple Vulnerabilities (FREAK) CVE-2014-3572 CVE-2015-0204 13 Mar 2015 5 (v2) Medium Pass ISS ICEcap Default Password CVE-2000-0350 18 May 2000 5 (v2) Medium Pass Symantec Backup Exec System Recovery Manager Traversal Arbitrary File Access CVE-2008-2512 29 May 2008 5 (v2) Medium Pass Apache Tomcat 10.1.0.M1 < 10.1.0.M15 vulnerability CVE-2022-29885 10 May 2022 7.5 (v3) High Pass Basilix Webmail .class / .inc Direct Request Remote Information Disclosure CVE-2001-1044 25 Jan 2001 5 (v2) Medium Pass w-Agora 4.1.6a Multiple Input Validation Vulnerabilities CVE-2004-1562 CVE-2004-1563 CVE-2004-1564 CVE-2004-1565 01 Oct 2004 7.5 (v2) High Pass DokuWiki conﬁg_cascade Parameter Remote File Inclusion CVE-2009-1960 27 May 2009 6.8 (v2) Medium Pass Alt-N WebAdmin Multiple Remote Vulnerabilities (XSS, Bypass Access) CVE-2005-0317 CVE-2005-0318 CVE-2005-0319 28 Jan 2005 6 (v2) Medium Pass Puppet Enterprise 3.x < 3.1.1 Multiple Vulnerabilities CVE-2013-4164 CVE-2013-4363 CVE-2013-4491 CVE-2013-4969 CVE-2013-6414 CVE-2013-6415 CVE-2013-6417 21 Mar 2014 6.8 (v2) Medium Pass Jetty CookieDump.java Sample Application Persistent XSS CVE-2009-3579 13 Nov 2009 4.3 (v2) Medium Pass Symantec Messaging Gateway 9.5.x Multiple Vulnerabilities (SYM12-013) CVE-2012-0307 CVE-2012-0308 CVE-2012-3579 CVE-2012-3580 CVE-2012-3581 CVE-2012-4347 07 Sep 2012 7.9 (v2) High Pass Sambar Server /session/sendmail Arbitrary Mail Relay 25 May 2000 5 (v2) Medium Pass Mini SQL CGI content-length Field Remote Overﬂow CVE-2000-0012 03 Jan 2000 10 (v2) Critical Pass Sojourn Search Engine sojourn.cgi cat Parameter Traversal Arbitrary File Access CVE-2000-0180 17 Mar 2000 5 (v2) Medium Pass Sawmill Weak Password Encryption Scheme Information Disclosure CVE-2000-0589 27 Jun 2000 7.5 (v2) High Pass WebsitePro Remote Request Overﬂow CVE-2000-0623 22 Jul 2000 7.5 (v2) High Pass Anaconda Foundation Directory apexec.pl template Parameter Traversal Arbitrary File Retrieval CVE-2000-0975 14 Oct 2000 5 (v2) Medium Pass Verity UltraSeek 3.1.x Malformed URL Remote DoS CVE-2000-1019 01 Nov 2000 5 (v2) Medium Pass Master Index search.cgi Traversal Arbitrary File/Directory Access CVE-2000-0924 28 Nov 2000 5 (v2) Medium Pass SiteScope Web Service Unpassworded Access CVE-1999-0508 28 Sep 2001 10 (v2) Critical Pass Palo Alto Networks PAN-OS 8.1.x < 8.1.23 / 9.0.x < 9.0.16 / 9.1.x < 9.1.13 / 10.0.x < 10.0.10 / 10.1.x < 10.1.5 VCVE-2022-0024ulnerability 11 May 2022 7.2 (v3) High Pass csSearch csSearch.cgi setup Parameter Arbitrary Command Execution CVE-2002-0495 27 Mar 2002 7.5 (v2) High Pass Tivoli Provisioning Manager Express for Software Distribution Multiple SQL Injections CVE-2012-0199 29 Mar 2012 7.5 (v2) High Pass PHP 5.2 < 5.2.15 Multiple Vulnerabilities CVE-2010-3436 CVE-2010-3709 CVE-2010-4150 CVE-2010-4697 CVE-2010-4698 CVE-2011-0752 13 Dec 2010 6.8 (v2) Medium Pass PHP < 4.2.x mail Function CRLF Injection CVE-2002-0986 22 Jul 2002 7.5 (v2) High Pass Symantec Web Gateway < 5.0.3 Multiple Vulnerabilities (SYM12-006) (version check) CVE-2012-0296 CVE-2012-0297 CVE-2012-0298 CVE-2012-0299 21 May 2012 10 (v2) Critical Pass MondoSearch MsmMask.exe Arbitrary Script Source Disclosure CVE-2002-1528 25 Nov 2002 5 (v2) Medium Pass Oracle Database Secure Enterprise Search search/query/search search_p_groups Parameter XSS CVE-2009-1968 11 Aug 2009 4.3 (v2) Medium Pass N/X Web Content Management Multiple Script Remote File Inclusion CVE-2003-1251 17 Feb 2003 8.3 (v3) High Pass cPanel guestbook.cgi template Parameter Arbitrary Command Execution CVE-2003-1425 28 Feb 2003 7.5 (v2) High Pass GTcatalog index.php custom Parameter Remote File Inclusion 04 Mar 2003 10 (v3) Critical Pass WebWho+ whois.pl time Parameter Arbitrary Command Execution CVE-2000-0010 09 Mar 2003 7.5 (v2) High Pass Wordit Logbook logbook.pl ﬁle Parameter Arbitrary File Access 12 Mar 2003 5 (v2) Medium Pass Cross-Referencing Linux (lxr) CGI v Parameter Traversal Arbitrary File Access CVE-2003-0156 12 Mar 2003 5 (v2) Medium Pass VPOPMail for SquirrelMail vpopmail.php Arbitrary Command Execution 15 Mar 2003 7.5 (v2) High Pass Instaboard index.cfm Multiple Parameter SQL Injection 14 Apr 2003 7.5 (v2) High Pass OpenBB index.php CID Parameter SQL Injection 26 Apr 2003 7.5 (v2) High Pass StockMan Shopping Cart shop.plx page Parameter Arbitrary Command Execution 05 May 2003 7.5 (v2) High Pass webERP Conﬁguration File Remote Access CVE-2003-1383 20 May 2003 7.5 (v2) High Pass D-Link 704p Web Interface syslog.htm Malformed Query Remote DoS 27 May 2003 7.8 (v2) High Pass ImageFolio Default Password 05 Jun 2003 7.5 (v2) High Pass NetWin CWmail.exe Item Parameter Remote Overﬂow CVE-2002-0273 11 Jun 2003 4.6 (v2) Medium Pass ION ion-p.exe page Parameter Traversal Arbitrary File Retrieval CVE-2002-1559 11 Jun 2003 5 (v2) Medium Pass AspUpload Test11.asp Arbitrary File Upload CVE-2001-0938 17 Jun 2003 7.5 (v2) High Pass iXmail Multiple Script Arbitrary File Manipulation 27 Jun 2003 6.5 (v2) Medium Pass paFileDB <= 3.1 Multiple Vulnerabilities (1) CVE-2004-1219 CVE-2004-1551 CVE-2004-1975 CVE-2005-0326 CVE-2005-0327 CVE-2005-0723 CVE-2005-0724 CVE-2005-0781 CVE-2005-078224 Jul 2003 7.5 (v2) High Pass AtomicBoard Multiple Remote Vulnerabilities (Traversal, Path Disc) 21 Jul 2003 5 (v2) Medium Pass ATutor Password Reminder SQL Injection CVE-2005-2954 20 Sep 2005 7.5 (v2) High Pass QuikStore Shopping Cart quikstore.cgi template Parameter Traversal Arbitrary File Access 01 Jan 2004 5 (v2) Medium Pass PHPix index.phtml Multiple Parameter Arbitrary Command Execution 20 Jan 2004 7.5 (v2) High Pass Aztek Forum Multiple Script XSS CVE-2004-2725 22 Nov 2004 4.3 (v2) Medium Pass Java (.java / .class) Source Code Disclosure 20 May 2004 5 (v2) Medium Pass osTicket setup.php Accessibility 14 Jul 2004 6.4 (v2) Medium Pass MyServer 0.6.2 math_sum.mscgi Multiple Vulnerabilities 02 Aug 2004 7.5 (v2) High Pass Simple Form Multiple Parameter Arbitrary Mail Relaying 17 Aug 2004 5 (v2) Medium Pass CVSTrac ﬁlediﬀ Arbitrary Remote Code Execution CVE-2004-1456 09 Aug 2004 7.5 (v2) High Pass WackoWiki TextSearch phrase Parameter XSS CVE-2004-2624 09 Aug 2004 4.3 (v2) Medium Pass CVSTrac CVSROOT/passwd Arbitrary Account Deletion 17 Aug 2004 6.4 (v2) Medium Pass CVSTrac history.c history_update Function Overﬂow 17 Aug 2004 7.5 (v2) High Pass Basilix Webmail tmp Directory Permission Weakness Attachment Disclosure CVE-2002-1711 09 Aug 2004 2.1 (v2) Low Pass Cerberus Helpdesk GUI Agent < 2.7.1 Multiple Remote Vulnerabilities (SQLi, XSS) CVE-2005-4427 CVE-2005-4428 29 Dec 2005 7.5 (v2) High Pass Apache Tomcat 8.5.0 < 8.5.76 vulnerability CVE-2022-25762 13 May 2022 8.6 (v3) High Pass ColdFusion / JRun on IIS Double Encoded NULL Byte Request File Content Disclosure CVE-2006-5858 08 Feb 2007 5.3 (v3) Medium Pass IlohaMail Unspeciﬁed Database Password Disclosure Weakness 02 Sep 2004 5 (v2) Medium Pass Help Center Live Multiple Vulnerabilities (SQLi, XSS, CSRF) CVE-2005-1672 CVE-2005-1673 CVE-2005-1674 18 May 2005 6.8 (v2) Medium Pass Sawmill < 7.1.6 Multiple Vulnerabilities CVE-2005-1900 CVE-2005-1901 17 Jun 2005 6.5 (v2) Medium Pass Interchange < 5.0.2 / 5.2.1 Multiple Vulnerabilities (SQLi, Code Exe) CVE-2005-3072 CVE-2005-3073 26 Sep 2005 7.5 (v2) High Pass IceWarp Web Mail Multiple Flaws (1) CVE-2004-1669 CVE-2004-1670 CVE-2004-1671 CVE-2004-1672 CVE-2004-1673 CVE-2004-1674 13 Oct 2004 7.5 (v2) High Pass UBB.threads dosearch.php SQL injection CVE-2004-1622 25 Oct 2004 7.5 (v2) High Pass ELOG < 2.6.1 Multiple Remote Vulnerabilities (Traversal, FS) CVE-2006-0347 CVE-2006-0348 20 Jan 2006 5 (v2) Medium Pass KorWeblog < 1.6.2 Multiple Vulnerabilities CVE-2004-1426 CVE-2004-1427 CVE-2004-1543 24 Nov 2004 4.4 (v2) Medium Pass PunBB IMG Tag Client Side Scripting XSS 13 Dec 2004 4.3 (v2) Medium Pass PunBB URL Quote Tag XSS 13 Dec 2004 4.3 (v2) Medium Pass Symantec Messaging Gateway 10.x < 10.5.2 Management Console XSS (SYM14-006) CVE-2014-1648 24 Apr 2014 4.3 (v2) Medium Pass ManageEngine Password Manager Pro REST API Restriction Bypass (CVE-2022-29081) CVE-2022-29081 13 May 2022 9.8 (v3) Critical Pass PHPWind Board faq.php skin Parameter Remote File Inclusion 10 Jan 2005 7.5 (v2) High Pass Cisco Firepower Management Center < 6.6.1 sftunnel MitM (cisco-sa-ftdfmc-sft-mitm-tc8AzFs2) CVE-2020-3549 13 May 2022 8.1 (v3) High Pass Minis minis.php month Parameter Traversal Arbitrary File Access CVE-2005-0293 17 Jan 2005 5 (v2) Medium Pass Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.10 / 2.332.2.6 Multiple Vulnerabilities (CloudBees Security Advisory 2022-04-12)CVE-2022-29036 CVE-2022-29037 CVE-2022-29038 CVE-2022-29039 CVE-2022-29040 CVE-2022-29041 CVE-2022-29042 CVE-2022-29043 CVE-2022-29044 CVE-2022-29045 CVE-2022-29046 CVE-2022-29047 CVE-2022-29048 CVE-2022-29049 CVE-2022-29050 CVE-2022-29051 CVE-2022-2905216 May 2022 8.8 (v3) High Pass McAfee Common Management Agent < 3.6.0.546 Multiple Vulnerabilities CVE-2006-5271 CVE-2006-5272 CVE-2006-5273 CVE-2006-5274 10 Jul 2007 8.1 (v3) High Pass PunBB include/common.php language Parameter Local File Inclusion CVE-2006-5735 03 Nov 2006 7.3 (v3) High Pass BizMail bizmail.cgi Arbitrary Mail Relay CVE-2005-0493 22 Feb 2005 5 (v2) Medium 32

RELAYTO Penetration Test Results - Page 32

RELAYTO Penetration Test Results Page 31 Page 33