RELAYTO Penetration Test Results (13/101)

Pass OpenSSL < 0.9.8j Signature Spooﬁng CVE-2008-5077 04 Jan 2012 5.8 (v2) Medium Pass Big Brother bb-hist.sh History Module Directory Traversal CVE-1999-1462 22 Jun 1999 5 (v2) Medium Pass MDaemon WebConﬁg HTTP Server URL Overﬂow DoS CVE-1999-0844 24 Nov 1999 5 (v2) Medium Pass Linux Kernel UDP Implementation IP Identiﬁcation Field Remote OS Disclosure CVE-2002-0510 20 Jan 2012 5.3 (v3) Medium Pass OpenSSH < 2.1.1p3 Format String Privilege Escalation CVE-2000-0999 18 Jan 2012 10 (v2) Critical Pass SiteEnable Multiple Input Validation Vulnerabilities CVE-2005-1011 CVE-2005-1012 05 Apr 2005 7.5 (v2) High Pass Google Mini Search Appliance search Script ie Parameter XSS CVE-2007-5255 02 Oct 2007 4.3 (v2) Medium Pass SurgeFTP LEAK Command Remote DoS CVE-2005-1034 08 Apr 2005 5 (v2) Medium Pass icat carbo.dll icatcommand Parameter Traversal Arbitrary File Access CVE-1999-1069 22 Jun 1999 5 (v2) Medium Pass RunCMS Remote Arbitrary File Upload CVE-2005-1031 06 Apr 2005 6 (v2) Medium Pass Active Auction Multiple Vulnerabilities (SQLi, XSS) CVE-2005-1029 CVE-2005-1030 07 Apr 2005 7.5 (v2) High Pass ProﬁtCode PayProCart usrdetails.php sgnuptype Parameter XSS CVE-2005-1004 07 Apr 2005 4.3 (v2) Medium Pass Multiple Unix Netstat Service Remote Information Disclosure CVE-1999-0650 22 Jun 1999 5 (v2) Medium Pass MS05-017: Vulnerability in MSMQ Could Allow Code Execution (892944) (uncredentialed check) CVE-2005-0059 12 Apr 2005 10 (v2) Critical Pass CA BrightStor ARCserve Backup Universal Agent Remote Overﬂow (QO66526) CVE-2005-1018 13 Apr 2005 10 (v2) Critical Pass Comersus Cart comersus_searchItem.asp curPage Parameter XSS CVE-2005-1188 12 Apr 2005 4.3 (v2) Medium Pass HP StorageWorks MSA P2000 Hidden 'admin' User Default Credentials CVE-2010-4115 23 Dec 2010 9.8 (v3) Critical Pass PeerCast Detection 06 Jun 2005 None Pass Sun Java System Web Server Search Module XSS CVE-2008-2166 09 May 2008 4.3 (v2) Medium Pass Sun Java System Web Proxy Server Unspeciﬁed Remote Overﬂow CVE-2005-1232 21 Apr 2005 7.5 (v2) High Pass UBB.threads < 6.5.2 beta Multiple Vulnerabilities CVE-2005-1199 CVE-2005-2057 CVE-2005-2058 CVE-2005-2059 CVE-2005-2060 CVE-2005-2061 20 Apr 2005 7.5 (v2) High Pass MailEnable HTTPMail Service Authorization Header Remote Overﬂow 25 Apr 2005 10 (v2) Critical Pass Xerox WorkCentre Device Detection 26 Apr 2005 None Pass TFS SMTP 3.2 MAIL FROM overﬂow CVE-1999-1516 08 Sep 1999 7.5 (v2) High Pass Horde Chora common-footer.inc Page Title XSS 26 Apr 2005 4.3 (v2) Medium Pass Intersoft NetTerm Netftpd USER Command Remote Overﬂow CVE-2005-1323 26 Apr 2005 7.5 (v2) High Pass XtraMail Control Service Username Overﬂow CVE-1999-1511 10 Nov 1999 7.5 (v2) High Pass Trend Micro TMCM Console Management Detection 02 May 2005 5 (v2) Medium Pass Websense Reporting Console Detection 02 May 2005 5 (v2) Medium Pass MaxWebPortal <= 1.35 Multiple Vulnerabilities CVE-2005-1561 CVE-2005-1562 12 May 2005 7.5 (v2) High Pass EMC Avamar Server Incorrect Permission Assignment Vulnerability (DSA-2019-138) CVE-2019-3765 01 Nov 2019 8.1 (v3) High Pass PHP-Calendar includes/search.php Multiple Parameter SQL Injection CVE-2005-1397 29 Apr 2005 7.5 (v2) High Pass RM SafetyNet Plus snpﬁltered.pl u Parameter XSS 02 May 2005 4.3 (v2) Medium Pass Oracle Application Server Webcache Requests OHS mod_access Restriction Bypass CVE-2005-1383 02 May 2005 2.1 (v2) Low Pass Open WebMail Shell Escape Arbitrary Command Execution CVE-2005-1435 04 May 2005 6.5 (v2) Medium Pass Interspire ArticleLive Multiple Remote Vulnerabilities (XSS, Auth Bypass) CVE-2005-1482 CVE-2005-1483 05 May 2005 7.5 (v2) High Pass Kerio MailServer < 6.0.10 Multiple Mail Handling DoS 14 May 2005 4 (v2) Medium Pass Golden FTP Server Pro GET Traversal Arbitrary File Access CVE-2005-1484 04 May 2005 5.3 (v3) Medium Pass 602LAN SUITE Open Telnet Proxy 09 May 2005 5 (v2) Medium Pass PwsPHP proﬁl.php id Parameter XSS CVE-2005-1508 10 May 2005 6.8 (v2) Medium Pass Junos OS: srxpfe PIM DoS (JSA10976) CVE-2019-0075 04 Nov 2019 7.5 (v3) High Pass RaidenFTPD urlget Command Traversal Arbitrary File Access CVE-2005-1480 11 May 2005 5 (v2) Medium Pass McAfee E-Business Administration Agent Detection 27 Apr 2007 None Pass ITHouse Mail Server v1.04 To: Field Handling Overﬂow CVE-2000-0488 02 Jul 2000 10 (v2) Critical Pass JRun viewsource.jsp Directory Traversal Arbitrary File Access CVE-2000-0540 22 Jun 2000 5 (v2) Medium Pass boastMachine users.inc.php File Extension Validation Arbitrary File Upload CVE-2005-1580 12 May 2005 6.5 (v2) Medium Pass GoodTech SMTP Server Malformed RCPT TO Command DoS CVE-2005-1931 08 Jun 2005 5 (v2) Medium Pass TFTP Backdoor Detection 16 May 2005 10 (v2) Critical Pass Ultimate PHP Board < 1.9.7 viewforum.php Multiple Vulnerabilities CVE-2005-1614 CVE-2005-1615 CVE-2005-1616 14 May 2005 7.5 (v2) High Pass MailEnable HTTPMail Service Authorization Header Handling Remote DoS CVE-2004-2726 03 Sep 2004 5 (v2) Medium Pass CVSweb 1.80 cvsweb.cgi Arbitrary Command Execution CVE-2000-0670 15 Jul 2000 7.5 (v2) High Pass WebAPP apage.cgi f Parameter Arbitrary Command Execution CVE-2005-1628 17 May 2005 7.5 (v2) High Pass Allied Telesyn Router/Switch Default Password CVE-1999-0508 03 Jun 2005 10 (v2) Critical Pass Xerox DocuCentre / WorkCentre Postscript Interpreter Traversal (XRX05-001) 16 May 2005 7.8 (v2) High Pass Xerox Document Centre MicroServer Web Server Directory Navigation Crafted URL DoS (XRX05-004) 16 May 2005 7.8 (v2) High Pass ignitionServer < 0.3.6-P1 Multiple Vulnerabilities CVE-2005-1640 CVE-2005-1641 17 May 2005 7.5 (v2) High Pass Microsoft IIS Frontpage Server Extensions (FPSE) Malformed Form DoS CVE-2001-0096 22 Jul 2003 7.8 (v2) High Pass WebAPP Detection 17 May 2005 None Pass Junos OS: Insecure PKI key pair export ﬁle permissions (JSA10974) CVE-2019-0073 05 Nov 2019 7.1 (v3) High Pass Symantec Messaging Gateway 10.x < 10.6.3-266 Multiple Vulnerabilities (SYM17-004) CVE-2017-6324 CVE-2017-6325 CVE-2017-6326 30 Jun 2017 10 (v3) Critical Pass NETFile Default Credentials 17 May 2005 7.5 (v2) High Pass Fusion News comments.php X-Forwarded-For HTTP Header Arbitrary Code Injection 19 May 2005 7.5 (v2) High Pass Sambar Server Administrative Interface Multiple XSS 24 May 2005 4.3 (v2) Medium Pass Qpopper < 4.0.6 Multiple Insecure File Handling Local Privilege Escalation CVE-2005-1151 CVE-2005-1152 24 May 2005 7.2 (v2) High Pass SMTP Server Non-standard Port Detection 29 May 2005 5 (v2) Medium Pass Hosting Controller addsubsite.asp Security Bypass CVE-2005-1654 24 May 2005 5 (v2) Medium Pass Athena Web Registration athenareg.php pass Parameter Command Execution CVE-2004-1782 27 May 2005 7.5 (v2) High Pass MaxWebPortal memKey Parameter SQL Injection CVE-2005-1779 26 May 2005 7.5 (v2) High Pass IRC Bot Detection 29 May 2005 10 (v2) Critical Pass slident / fake identd Detection 27 May 2005 None Pass Entropy Gathering Daemon (EGD) Detection 29 May 2005 None Pass Apple iTunes < 12.6.2 Multiple Vulnerabilities (uncredentialed check) CVE-2017-7010 CVE-2017-7012 CVE-2017-7013 CVE-2017-7018 CVE-2017-7019 CVE-2017-7020 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7039 CVE-2017-7040 CVE-2017-7041 CVE-2017-7042 CVE-2017-7043 CVE-2017-7046 CVE-2017-7048 CVE-2017-7049 CVE-2017-7052 CVE-2017-7053 CVE-2017-7055 CVE-2017-7056 CVE-2017-7061 CVE-2017-706425 Jul 2017 7.8 (v3) High Pass PeerCast URL Error Message Format String CVE-2005-1806 06 Jun 2005 7.5 (v2) High Pass Junos OS: SIP ALG ﬂowd DoS (JSA10953) CVE-2019-0055 05 Nov 2019 7.5 (v3) High Pass Juniper JSA10940 CVE-2015-6564 CVE-2015-8325 CVE-2016-6210 CVE-2016-6515 CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 06 Nov 2019 7.8 (v3) High Pass Junos OS: MC-LAG DoS (JSA10966) CVE-2019-0067 06 Nov 2019 6.5 (v3) Medium Pass MiniShare Webserver HTTP GET Request Remote Overﬂow CVE-2004-2271 06 Jun 2005 7.5 (v2) High Pass Juniper JSA10949 CVE-2019-1559 06 Nov 2019 5.9 (v3) Medium Pass Enterasys Dragon Enterprise Reporting Detection 20 Jun 2005 None Pass Intrusion.com SecureNet Provider Detection 20 Jun 2005 None Pass Intrusion.com SecureNet Sensor Detection 20 Jun 2005 None Pass Juniper JSA10947 CVE-2019-0053 06 Nov 2019 7.8 (v3) High Pass Novell ZENworks Multiple Remote Pre-Authentication Overﬂows CVE-2005-1543 17 Jun 2005 10 (v2) Critical Pass VERITAS Backup Exec Agent for Windows CONNECT_CLIENT_AUTH Remote Overﬂow CVE-2005-0773 23 Jun 2005 10 (v2) Critical Pass SSH Tectia Server Host Authentication Authorization Bypass Vulnerability CVE-2005-4310 16 Dec 2005 7.5 (v2) High Pass Simple Machines Forum msg Parameter SQL Injection Vulnerability 23 Jun 2005 7.5 (v2) High Pass DUforum Multiple Scripts SQL Injection CVE-2005-2048 28 Jun 2005 7.5 (v2) High Pass DUportal Pro Multiple Scripts SQL Injection (2) CVE-2005-2045 28 Jun 2005 7.5 (v2) High Pass Zyxel D1000 CWMP Get Default Password 12 Jan 2017 9.8 (v3) Critical Pass Crob FTP Server < 3.6.1 build 263 Multiple Vulnerabilities CVE-2005-1873 CVE-2006-6558 20 Jul 2005 5 (v2) Medium Pass phpBB Fetch All < 2.0.12 Multiple Scripts SQL Injection 09 Aug 2004 7.5 (v2) High Pass K-COLLECT CSV_DB / i_DB csv_db.cgi ﬁle Parameter Arbitrary Command Execution 27 Jun 2005 7.5 (v2) High Pass GlobalSCAPE Secure FTP Server User Input Overﬂow CVE-2005-1415 06 Jul 2005 10 (v2) Critical Pass WPS Web-Portal-System wps_shop.cgi art Parameter Arbitrary Command Injection CVE-2005-2290 27 Jul 2005 7.5 (v2) High Pass Cisco IOS XE Cluster Management Protocol Telnet Option Handling RCE (cisco-sa-20170317-cmp) CVE-2017-3881 27 Mar 2017 9.8 (v3) Critical Pass phpBB < 2.0.16 viewtopic.php Highlighting Feature Arbitrary PHP Code Execution CVE-2005-2086 29 Jun 2005 7.5 (v2) High Pass DCE Services Enumeration 26 Aug 2001 None Pass Xerox WorkCentre Multiple Vulnerabilities (XRX05-006) CVE-2005-2200 CVE-2005-2201 CVE-2005-2202 08 Jul 2005 7.5 (v2) High Pass Symantec pcAnywhere Service Unrestricted Access CVE-1999-0508 07 Nov 2001 10 (v2) Critical Pass Sambar Server search.pl results.stm Overﬂow DoS 08 Jul 2005 7.5 (v2) High Pass Mac OS X < 10.3.4 Multiple Vulnerabilities CVE-2004-0171 CVE-2004-0430 CVE-2004-0485 CVE-2004-0513 CVE-2004-0514 CVE-2004-0515 CVE-2004-0516 CVE-2004-0517 CVE-2004-051801 Jun 2004 10 (v2) Critical Pass Sybase EAServer WebConsole jaqadmin Default Password 18 Jul 2005 7.5 (v2) High Pass SPiD lang.php lang_path Remote File Inclusion CVE-2005-2198 11 Jul 2005 6.8 (v2) Medium Pass PPA functions.inc.php conﬁg[ppa_root_path] Parameter Remote File Inclusion CVE-2005-2199 11 Jul 2005 7.5 (v2) High Pass PunBB < 1.2.6 Multiple Vulnerabilities CVE-2005-2193 10 Jul 2005 7.5 (v2) High Pass Hydra: MySQL 10 Jul 2005 7.5 (v2) High Pass SysV /bin/login Environment Remote Overﬂow (telnet check) CVE-2001-0797 15 Dec 2001 10 (v2) Critical Pass VP-ASP Multiple Script SQL Injection 20 Jul 2005 7.5 (v2) High Pass IBM Lotus Domino Server time/date Fields Remote Overﬂow CVE-2005-1101 20 Jul 2005 7.5 (v2) High Pass Puppet Enterprise 2015.x / 2016.x < 2016.4.0 Multiple Vulnerabilities CVE-2016-5715 29 Nov 2016 6.1 (v3) Medium Pass Cisco IOS Software Network Address Translation Vulnerabilities (cisco-sa-20100922-nat) CVE-2010-2831 CVE-2010-2832 CVE-2010-2833 10 Jan 2012 7.8 (v2) High Pass FTPshell Server 3.38 Malformed PORT/QUIT DoS CVE-2005-2426 27 Jul 2005 4 (v2) Medium 13

RELAYTO Penetration Test Results - Page 13

RELAYTO Penetration Test Results Page 12 Page 14