RELAYTO Penetration Test Results (68/101)

Pass Sasser Virus Detection 01 May 2004 10 (v2) Critical Pass VMware Carbon Black App Control Unsupported Version Detection 29 Jun 2021 10 (v3) Critical Pass Apache Tomcat 10.0.0.M1 < 10.0.0.M7 multiple vulnerabilities CVE-2020-13934 CVE-2020-13935 21 Jun 2021 7.5 (v3) High Pass Apache Tomcat 10.0.0.M1 < 10.0.0.M10 multiple vulnerabilities CVE-2020-17527 CVE-2021-24122 21 Jun 2021 7.5 (v3) High Pass osTicket Detection 30 Jul 2004 None Pass Hydra: SMB 01 Dec 2004 8.3 (v3) High Pass Open WebMail Detection 10 Jul 2004 None Pass ignitionServer SERVER Command Spoofed Server Saturation DoS 26 Aug 2004 5 (v2) Medium Pass AWStats Totals awstatstotals.php multisort() Function sort Parameter Arbitrary PHP Code Execution CVE-2008-3922 27 Aug 2008 7.5 (v2) High Pass IlohaMail Software Detection 02 Sep 2004 None Pass Liferay Portal 7.3.x < 7.3.6 Information Disclosure CVE-2021-29052 13 Jul 2021 4.3 (v3) Medium Pass identd Service UID Association 07 Sep 2004 None Pass Liferay Portal 7.3.4 < 7.3.6 XSS CVE-2021-29048 13 Jul 2021 6.1 (v3) Medium Pass Liferay Portal 7.3.5 SQLi CVE-2021-29053 14 Jul 2021 8.8 (v3) High Pass Cisco IOS EnergyWise DoS (cisco-sa-20170419-energywise) CVE-2017-3860 CVE-2017-3861 CVE-2017-3862 CVE-2017-3863 26 Apr 2017 8.6 (v3) High Pass Horde Software Detection 02 Nov 2004 None Pass Hydra: CVS 01 Dec 2004 7.5 (v2) High Pass Symantec Reporter Web Interface Detection 03 May 2019 None Pass PunBB Detection 13 Dec 2004 None Pass Hydra: PC-NFS 01 Dec 2004 7.5 (v2) High Pass MS04-035: WINS Code Execution (870763) (uncredentialed check) CVE-2004-0567 CVE-2004-1080 15 Dec 2004 10 (v2) Critical Pass PhpDig < 1.8.5 Unspeciﬁed Vulnerability 13 Dec 2004 5 (v2) Medium Pass Juniper Junos rpd RIP DoS (JSA10772) CVE-2017-2303 20 Jan 2017 5.9 (v3) Medium Pass Sendmail < 8.14.9 close-on-exec SMTP Connection Manipulation CVE-2014-3956 03 Jun 2014 3.3 (v3) Low Pass UMN Gopherd Unauthorized FTP Proxy 18 Jan 2005 5 (v2) Medium Pass ngIRCd < 0.8.2 Lists_MakeMask() Remote Overﬂow DoS CVE-2005-0199 29 Jan 2005 10 (v2) Critical Pass ArGoSoft Mail Server Multiple Traversals CVE-2005-0367 10 Feb 2005 6.5 (v2) Medium Pass RaidenHTTPD Crafted Request Arbitrary File Access 07 Feb 2005 7.8 (v2) High Pass PHP-Fusion Detection 09 Feb 2005 None Pass Mailman Detection 10 Feb 2005 None Pass Sybase TCP/IP Listener Service Detection 21 Feb 2005 None Pass Oracle Primavera P6 Enterprise Project Portfolio Management (Jul 2021 CPU) CVE-2021-2366 CVE-2021-2386 21 Jul 2021 6.4 (v3) Medium Pass OpenVMS WASD HTTP Server Multiple Vulnerabilities CVE-2002-1825 19 Feb 2005 10 (v2) Critical Pass Invision Power Board Software Detection 23 Feb 2005 None Pass phpMyAdmin Detection 25 Feb 2005 None Pass NNTP Server Message Header Handling Remote Overﬂow 28 Feb 2005 7.5 (v2) High Pass NNTP Server Password Handling Remote Overﬂow 28 Feb 2005 7.5 (v2) High Pass paNews Detection 02 Mar 2005 None Pass phpWebSite Detection 25 Feb 2005 None Pass phpMyFAQ Detection 09 Mar 2005 None Pass Eudora Internet Mail Server for Mac OS USER Overﬂow CVE-1999-1113 08 Mar 2005 10 (v2) Critical Pass Cyrus IMAP Server < 2.2.11 Multiple Remote Overﬂows CVE-2005-0546 24 Feb 2005 7.5 (v2) High Pass ESXi 6.0 < Build 3380124 Shared Folders (HGFS) Guest Privilege Escalation (VMSA-2016-0001) (remote check)CVE-2015-6933 15 Jan 2016 6.3 (v3) Medium Pass ArGoSoft FTP Server DELE Command Remote Buﬀer Overrun CVE-2005-0696 09 Mar 2005 6 (v2) Medium Pass Cisco IOS TFTP File Disclosure 16 Mar 2005 5 (v2) Medium Pass Jetty < 4.2.19 HTTP Server HttpRequest.java Content-Length Handling Remote Overﬂow DoS CVE-2004-2381 17 Mar 2005 5 (v2) Medium Pass Oracle Enterprise Manager Web Console Detection 21 Mar 2005 None Pass ISS Deployment Manager Detection 21 Mar 2005 None Pass Avaya P330 Stackable Switch Default Password CVE-1999-0508 28 Mar 2005 10 (v2) Critical Pass Oracle HTTP Server (January 2007 CPU) CVE-2007-0279 CVE-2007-0280 CVE-2007-0281 CVE-2007-0282 21 Nov 2011 7.5 (v2) High Pass Sendmail < 8.13.8 Header Processing Overﬂow DoS CVE-2006-4434 18 Nov 2011 5.3 (v3) Medium Pass Sun Java Web Console BeginLogin.jsp redirect_url Parameter URI Redirection CVE-2008-5550 18 Nov 2011 4.3 (v2) Medium Pass OpenSSL 0.9.6 CA Basic Constraints Validation Vulnerability CVE-2009-0653 04 Jan 2012 7.5 (v2) High Pass OpenSSL < 0.9.8k Signature Repudiation CVE-2009-0591 04 Jan 2012 2.6 (v2) Low Pass OpenSSL 1.0.0 < 1.0.0-beta2 DoS CVE-2009-1379 CVE-2009-1387 04 Jan 2012 5 (v2) Medium Pass Web Server GET Request Saturation Remote DoS 25 May 2005 None Pass CubeCart Detection 08 Apr 2005 None Pass Cisco 675 Router Default Unpassworded Account CVE-1999-0889 22 Aug 1999 10 (v2) Critical Pass Novell GroupWise Enhancement Pack Java Server URL Handling Overﬂow DoS CVE-2000-0146 08 Feb 2000 5.3 (v3) Medium Pass Compaq WBEM HTTP Server Remote Overﬂow CVE-2005-4823 07 Apr 2005 10 (v2) Critical Pass Serendipity Detection 15 Apr 2005 None Pass RealServer G2 Malformed Telnet Data Remote Overﬂow CVE-1999-0271 04 Nov 1999 10 (v2) Critical Pass Xerox Document Centre Device Detection 21 Apr 2005 None Pass Kibuv Worm Detection 25 May 2005 10 (v2) Critical Pass Horde Mnemo Detection 26 Apr 2005 None Noise Service Detection 19 Aug 2007 None Pass Horde Nag Detection 26 Apr 2005 None Pass Stacheldraht Trojan Detection CVE-2000-0138 28 Jan 2000 10 (v2) Critical Pass WinGate Telnet Proxy localhost Connection Saturation DoS CVE-1999-0290 22 Jun 1999 5 (v2) Medium Pass Novell NetMail < 3.52C IMAP Agent Multiple Remote Overﬂows CVE-2005-1758 17 Jun 2005 7.5 (v2) High Pass PlanetFileServer mshftp.dll Data Processing Remote Overﬂow CVE-2005-2159 05 Jul 2005 10 (v2) Critical Pass 4D WebSTAR Symlink Privilege Escalation CVE-2004-0698 09 Aug 2004 3.6 (v2) Low Pass MailEnable IMAP STATUS Command Remote Overﬂow CVE-2005-2278 14 Jul 2005 7.2 (v2) High Pass Cisco IOS Software Internet Group Management Protocol Denial of Service Vulnerability (cisco-sa-20100922-igmp)CVE-2010-2830 10 Jan 2012 7.1 (v2) High Pass WordPress Plugin 'ThemeGrill Demo Importer' 1.3.4 < 1.6.3 Database Wipe and Auth Bypass 21 Feb 2020 8.8 (v3) High Pass VNC Server Security Type Detection 22 Jul 2005 None Pass Microsoft Windows SMTP Service Malformed BDAT Request Remote DoS CVE-2002-0055 08 Mar 2002 5 (v2) Medium Pass Cisco Regular Expression Processing DoS CVE-2007-4430 10 Jan 2012 5 (v2) Medium Pass MDaemon Content Filter Traversal Arbitrary File Write 27 Jul 2005 9.3 (v2) High Pass Cisco IOS Line Printer Daemon (LPD) Stack Overﬂow CVE-2007-5381 10 Jan 2012 9.3 (v2) High Pass LocalWeb2000 2.1.0 Multiple Remote Vulnerabilities CVE-2001-0189 CVE-2002-0897 05 Jun 2002 7.5 (v2) High Pass Zotob Worm Detection 16 Aug 2005 10 (v2) Critical Pass SugarCRM Detection 24 Aug 2005 None Pass EMC Cloud Tiering Appliance Web Interface Detection 07 Apr 2014 None Pass GameSpy 3D Based Games Spoofed UDP Response Ampliﬁcation DDoS CVE-2003-1354 22 Jan 2003 5 (v2) Medium Pass Embedded Web Server Detection 14 Sep 2005 None Pass Microsoft Windows Vista Unsupported Installation Detection 17 Apr 2017 10 (v3) Critical Pass Py2Play Game Engine Detection 19 Sep 2005 None Pass SNMP settings 20 Sep 2005 None Pass SBLIM-SFCB Multiple Buﬀer Overﬂows CVE-2010-1937 CVE-2010-2054 07 Jun 2010 10 (v2) Critical Pass Ethernet Card Manufacturer Detection 19 Feb 2009 None Pass Squid Crafted NTLM Authentication Header DoS CVE-2005-2917 12 Oct 2005 5.3 (v3) Medium Pass F5 BIG-IP Cookie Remote Information Disclosure 26 Oct 2005 5 (v2) Medium Pass Mailgust Password Reminder email Field SQL Injection CVE-2005-3063 06 Oct 2005 6.8 (v2) Medium Pass HSQLDB Server Detection 20 Oct 2005 None Pass VLAN Membership Policy Server Detection 20 Oct 2005 None Pass GpsDrive friendsd2 dir Field Remote Format String CVE-2005-3523 07 Nov 2005 7.5 (v2) High Pass CA Message Queuing Service Detection 04 Nov 2005 None Pass phpWebSite < 0.9.x Multiple Vulnerabilities CVE-2003-0735 CVE-2003-0736 CVE-2003-0737 CVE-2003-0738 11 Aug 2003 7.5 (v2) High Pass Ipswitch IMail Server IMAP LIST Command Remote Overﬂow DoS CVE-2005-2923 19 Dec 2005 7.8 (v2) High Pass MS04-042: Windows NT Multiple DHCP Vulnerabilities (885249) (uncredentialed check) CVE-2004-0899 CVE-2004-0900 03 Jan 2006 10 (v2) Critical Pass MailEnable IMAP EXAMINE Command Remote Overﬂow CVE-2005-4456 20 Dec 2005 7.8 (v2) High Pass Eudora Internet Mail Server (EIMS) < 3.2.8 Multiple DoS CVE-2006-0141 11 Jan 2006 5 (v2) Medium Pass Samba Mangling Method Hash Overﬂow CVE-2004-0686 22 Jul 2004 5 (v2) Medium Pass phpCOIN <= 1.2.1b Multiple Vulnerabilities CVE-2005-0669 CVE-2005-0670 CVE-2005-0932 CVE-2005-0933 CVE-2005-0946 CVE-2005-0947 01 Mar 2005 7.5 (v2) High Pass 4D WebStar Pre-authentication FTP Overﬂow CVE-2004-0695 03 Aug 2004 10 (v2) Critical Pass PHPNews auth.php path Parameter Remote File Inclusion CVE-2005-0632 02 Mar 2005 6.8 (v2) Medium Pass phpList <= 2.6.3 Multiple Vulnerabilities 03 Mar 2005 7.5 (v2) High Pass SquirrelMail < 1.4.3 Multiple Vulnerabilities CVE-2004-0519 CVE-2004-0520 CVE-2004-0521 05 May 2004 7.5 (v2) High Pass Adobe Document Server Default Credentials 18 Mar 2006 7.5 (v2) High Pass CubeCart < 2.0.6 settings.inc.php Multiple Script XSS CVE-2005-0606 CVE-2005-0607 03 Mar 2005 5 (v2) Medium Pass TYPO3 'cmw_linklist Extension' 'category_uid' Parameter SQL Injection CVE-2005-0658 04 Mar 2005 7.5 (v2) High 68

RELAYTO Penetration Test Results - Page 68

RELAYTO Penetration Test Results Page 67 Page 69