RELAYTO Penetration Test Results (30/101)

Pass NextGEN Smooth Gallery Plugin for WordPress 'galleryID' Parameter SQL Injection 07 Sep 2010 6.8 (v2) Medium Pass Ektron CMS400.NET Default Credentials 30 Apr 2010 7.5 (v2) High Pass Syncrify < 2.1 Build 420 Multiple Security Bypass Vulnerabilities 23 Sep 2010 7.5 (v2) High Pass Community Link Pro login.cgi ﬁle Parameter Arbitrary Command Execution CVE-2005-2111 27 Jul 2005 7.5 (v2) High Pass Land Down Under <= 800 Multiple Vulnerabilities CVE-2005-2674 CVE-2005-2675 CVE-2005-2780 06 Sep 2005 6.8 (v2) Medium Pass Red Hat Administration Server (redhat-ds-admin) Multiple Remote Vulnerabilities CVE-2008-0892 CVE-2008-0893 23 Apr 2008 9 (v2) High Pass MODx < 2.0.3-pl class_key Parameter Local File Inclusion CVE-2010-5278 20 Oct 2011 6.8 (v2) Medium Pass ManageEngine Desktop Central < 10.1.2137.9 Authentication Bypass (uncredentialed check) CVE-2021-44757 24 Mar 2022 9.1 (v3) Critical Pass Ipswitch WhatsUp Professional Crafted Header Authentication Bypass CVE-2006-2531 18 May 2006 7.5 (v2) High Pass Emulive Server4 Authentication Bypass CVE-2004-1695 CVE-2004-1696 23 Sep 2004 7.5 (v2) High Pass PHPSurveyor Multiple SQL Injections CVE-2005-4586 03 Jan 2006 7.5 (v2) High Pass McAfee WebShield UI Authentication Bypass (SB10026) CVE-2012-4595 16 May 2012 7.5 (v2) High Pass Pretty Link Plugin for WordPress 'pretty-bar.php' 'url' Parameter XSS CVE-2011-4595 06 Jun 2012 4.3 (v2) Medium Pass Woltlab Burning Board Multiple SQL Injections CVE-2005-3369 CVE-2006-1094 08 Mar 2006 7.5 (v2) High Pass Symantec Message Filter Multiple Vulnerabilities (SYM12-010) CVE-2012-0300 CVE-2012-0301 CVE-2012-0302 CVE-2012-0303 03 Jul 2012 6.8 (v2) Medium Pass Symantec Reporting Server Improper URL Handling Exposure CVE-2009-1432 01 May 2009 4.3 (v2) Medium Pass Adobe ColdFusion On Apache Double Encoded NULL Byte Request File Content Disclosure CVE-2009-1876 21 Aug 2009 5.3 (v3) Medium Pass WaveMaker Studio Requires No Authentication 19 Jul 2012 7.5 (v2) High Pass CoolForum Multiple Vulnerabilities (SQLi, XSS) CVE-2005-0857 CVE-2005-0858 22 Mar 2005 5.1 (v2) Medium Pass AXIGEN Webmail < 7.1.0 HTML Body Script Insertion CVE-2009-1484 27 May 2009 4.3 (v2) Medium Pass Oracle Secure Backup Administration Server Authentication Bypass CVE-2009-1977 14 Sep 2009 10 (v2) Critical Pass ASG-Sentry CGI Default Credentials 14 Oct 2008 7.5 (v2) High Pass Sun Java System Directory Server Online Help Feature Information Disclosure CVE-2009-1332 04 Jun 2009 5 (v2) Medium Pass McAfee Common Management Agent < 3.6.0.603 FrameworkService.exe AVClient DoS CVE-2008-1855 23 Nov 2009 5.3 (v3) Medium Pass BASE < 1.2.5 readRoleCookie() Auth Bypass 26 Jun 2009 7.5 (v2) High Pass WordPress Pingback File Information Disclosure CVE-2007-0541 25 Jan 2007 5 (v2) Medium Pass GOsa Multiple Script plugin Parameter Remote File Inclusion CVE-2003-1412 27 Feb 2003 8.3 (v3) High Pass CockroachDB < 2.1.12 / 19.x < 19.1.8 / 19.2.x < 19.2.4 Broken Access Control Direct Check (A42567) 04 Apr 2022 9.1 (v3) Critical Pass Microsoft IIS Translate f: ASP/ASA Source Disclosure CVE-2000-0778 23 Aug 2000 5 (v2) Medium Pass Directory Pro Traversal Arbitrary File Access CVE-2001-0780 29 May 2001 5 (v2) Medium Pass ht://Dig htsearch Multiple Vulnerabilities CVE-2001-0834 17 Oct 2001 5.8 (v2) Medium Pass HP Operations Orchestration 10.x < 10.22.001 XSRF CVE-2015-5451 02 Dec 2015 6.8 (v2) Medium Pass Novell 'modulemanager' Servlet Arbitrary File Upload (safe check) CVE-2010-0284 01 Jul 2010 10 (v2) Critical Pass LiteSpeed Web Server MIME Type Injection Null Byte Script Source Code Disclosure CVE-2007-5654 23 Oct 2007 5 (v2) Medium Pass Woppoware PostMaster <= 4.2.2 Multiple Vulnerabilities CVE-2005-1650 CVE-2005-1651 CVE-2005-1652 CVE-2005-1653 12 May 2005 5 (v2) Medium Pass Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure CVE-2002-1148 CVE-2002-1394 28 Nov 2002 5.3 (v3) Medium Pass TWiki 'rev' Parameter Arbitrary Command Execution CVE-2005-2877 15 Sep 2005 8.8 (v3) High Pass Spring Framework Spring4Shell (CVE-2022-22965) CVE-2022-22965 06 Apr 2022 9.8 (v3) Critical Pass WordPress < 1.5.1.3 XMLRPC SQL Injection CVE-2005-2108 01 Jul 2005 7.5 (v2) High Pass HP OpenView Network Node Manager Multiple CGI Remote Overﬂows CVE-2007-6204 07 Dec 2007 7.5 (v2) High Pass Site@School slideshow_full.php album_name Parameter SQL Injection CVE-2008-0129 04 Jan 2008 6.8 (v2) Medium Pass VMware Workspace One Access / VMware Identity Manager Multiple Vulnerabilities (VMSA-2022-0011) CVE-2022-22954 CVE-2022-22955 CVE-2022-22956 CVE-2022-22957 CVE-2022-22958 CVE-2022-22959 CVE-2022-22960 CVE-2022-2296106 Apr 2022 9.8 (v3) Critical Pass Vignette Application Portal Diagnostic Utility Information Disclosure CVE-2004-0917 29 Sep 2004 5 (v2) Medium Pass Alexandria-dev Multiple Script Upload Spooﬁng Arbitrary File Access 28 Mar 2003 4 (v2) Medium Pass Mambo Site Server MD5 Hash Session ID Privilege Escalation CVE-2003-1245 12 Mar 2003 10 (v2) Critical Pass MPC SoftWeb Guestbook Multiple Vulnerabilities 07 May 2003 5 (v2) Medium Pass phPay admin/phpinfo.php Information Disclosure 14 Apr 2003 6.4 (v2) Medium Pass eZ Publish settings/site.ini Conﬁguration Disclosure 15 Apr 2003 5 (v2) Medium Pass MultiHTML multihtml.pl Traversal Arbitrary File Access CVE-2000-0912 16 Sep 2000 5 (v2) Medium Pass HappyMall Multiple Script Arbitrary Command Execution CVE-2003-0243 08 May 2003 10 (v2) Critical Pass ttCMS 2.2 Multiple Vulnerabilities CVE-2003-1458 CVE-2003-1459 19 May 2003 7.3 (v3) High Pass Symantec LiveUpdate Administrator < 2.3.2.110 Multiple Vulnerabilities (SYM14-005) CVE-2014-1644 CVE-2014-1645 31 Mar 2014 7.5 (v2) High Pass ATutor < 1.5.1-pl1 Multiple Remote Vulnerabilities (XSS, RFI, Command Exe) CVE-2005-3403 CVE-2005-3404 CVE-2005-3405 27 Oct 2005 7.5 (v2) High Pass GD Star Rating Plugin for WordPress 'export.php' Authentication Bypass Information Disclosure 27 Mar 2013 5 (v2) Medium Pass WF-Chat User Account Disclosure CVE-2003-1540 02 Jun 2003 5 (v2) Medium Pass IRCXPro Default Admin Password 03 Jun 2003 6.4 (v2) Medium Pass SquirrelMail Multiple Remote Vulnerabilities 18 Jun 2003 7.5 (v2) High Pass CGI Generic SQL Injection (2nd pass) 12 Nov 2009 7.5 (v2) High Pass PHPCatalog id Parameter SQL Injection 31 Dec 2003 7.5 (v2) High Pass Smart Publisher index.php ﬁledata Parameter Arbitrary Command Execution CVE-2008-0503 29 Jan 2008 8.8 (v3) High Pass Ocean12 ASP Calendar Administrative Access CVE-2004-1400 15 Dec 2004 7.5 (v2) High Pass Puppet Enterprise < 3.0.1 Multiple Vulnerabilities CVE-2013-4073 CVE-2013-4761 CVE-2013-4762 CVE-2013-4955 CVE-2013-4956 CVE-2013-4958 CVE-2013-4959 CVE-2013-4961 CVE-2013-4962 CVE-2013-4963 CVE-2013-4964 CVE-2013-4967 CVE-2013-496828 Oct 2013 6.9 (v2) Medium Pass HP Web JetAdmin <=7.0 Multiple Vulnerabilities (XSS, Code Exe, DoS, more) 05 May 2004 10 (v2) Critical Pass Novell iManager < 2.7 SP1 Property Book Pages Arbitrary Plug-in Studio Deletion CVE-2008-3488 12 Aug 2008 5 (v2) Medium Pass JBoss Enterprise Application Platform (EAP) Status Servlet Request Remote Information Disclosure CVE-2008-3273 CVE-2010-1429 13 Aug 2008 5 (v2) Medium Pass cformsII Plugin for WordPress 'rs' Parameter XSS CVE-2010-3977 08 Nov 2010 4.3 (v2) Medium Pass ELOG Web Logbook < 2.5.7 Multiple Remote Vulnerabilities (OF, Traversal) CVE-2005-0439 CVE-2005-0440 16 Feb 2005 7.5 (v2) High Pass Puppet Enterprise 3.x < 3.2.0 Multiple Vulnerabilities CVE-2013-4966 CVE-2013-4971 CVE-2014-0060 CVE-2014-0082 21 Mar 2014 6.4 (v2) Medium Pass CuteNews show_archives.php archive Parameter XSS 20 Aug 2004 4.7 (v3) Medium Pass Microsoft IIS global.asa Remote Information Disclosure 05 Jun 2002 1.9 (v2) Low Pass ManageEngine ServiceDesk Plus FileDownload.jsp FILENAME Parameter Traversal Arbitrary File Access CVE-2011-2755 CVE-2011-2756 CVE-2011-2757 28 Jun 2011 5 (v2) Medium Pass PerlDesk pdesk.cgi lang Parameter Traversal Arbitrary File Access CVE-2004-1678 15 Sep 2004 5 (v2) Medium Pass Dell KACE K2000 Web Backdoor Account CVE-2011-4046 09 Nov 2011 7.5 (v2) High Pass WordPress < 1.2.2 Multiple XSS CVE-2004-1559 28 Sep 2004 4.3 (v2) Medium Pass Symantec Web Gateway timer.php XSS (SYM12-006) CVE-2012-0296 15 May 2012 4.3 (v2) Medium Pass ocPortal index.php req_path Parameter Remote File Inclusion CVE-2004-1592 13 Oct 2004 8.3 (v3) High Pass Limbo CMS Multiple Vulnerabilities CVE-2005-4317 CVE-2005-4318 CVE-2005-4319 CVE-2005-4320 30 Jan 2006 7.5 (v2) High Pass paNews admin_setup.php Multiple Parameter Arbitrary PHP Code Injection CVE-2005-0647 23 Feb 2005 7.3 (v3) High Pass OpenConnect WebConnect < 6.5.1 Multiple Vulnerabilities CVE-2004-0465 CVE-2004-0466 24 Feb 2005 5 (v2) Medium Pass UBB.threads ubbthreads.php debug Parameter XSS CVE-2006-2755 31 May 2006 4.3 (v2) Medium Pass Greymatter 1.3 Multiple Vulnerabilities 08 Jan 2005 4.3 (v2) Medium Pass IBM Websphere Commerce Database Update Information Disclosure 15 Jan 2005 2.6 (v2) Low Pass Novell 'modulemanager' Servlet Arbitrary File Upload (intrusive check) CVE-2010-0284 01 Jul 2010 10 (v2) Critical Pass SmarterTools SmarterMail Attachment Upload XSS 31 Jan 2005 4.3 (v2) Medium Pass TYPO3 Default Credentials 22 Jan 2010 7.5 (v2) High Pass WebCalendar login.php webcalendar_session Cookie SQL Injection CVE-2005-0474 18 Feb 2005 7.3 (v3) High Pass Claroline add_course.php Multiple Parameter XSS 08 Feb 2005 4.3 (v2) Medium Pass Microsoft Outlook Web Access (OWA) Anonymous Access CVE-2001-0660 10 Oct 2001 5 (v2) Medium Pass CProxy 3.3.x - 3.4.4 Multiple Vulnerabilities CVE-2005-0657 05 Mar 2005 7.8 (v2) High Pass zFeeder admin.php Direct Request Admin Authentication Bypass CVE-2009-0807 09 Mar 2009 7.5 (v2) High Pass VICIDIAL Call Center Suite admin.php SQL Injection CVE-2009-2234 26 May 2009 6.8 (v2) Medium Pass Redhat Stronghold status / info Request Information Disclosure CVE-2001-0868 25 Nov 2001 5 (v2) Medium Pass Nuked-Klan 1.2b Multiple Vulnerabilities CVE-2003-1238 CVE-2003-1370 CVE-2003-1371 28 Feb 2003 5.8 (v2) Medium Pass PHP 5.6.x < 5.6.12 Multiple Vulnerabilities CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-8867 CVE-2015-8874 CVE-2015-8879 11 Aug 2015 7.3 (v3) High Pass HotNews Multiple Script Remote File Inclusion CVE-2004-1796 05 Jan 2004 8.3 (v3) High Pass Basilix Webmail Attachment Crafted POST Arbitrary File Access CVE-2002-1710 09 Aug 2004 5 (v2) Medium Pass Coppermine Photo Gallery init.inc.php X-Forwarded-For XSS CVE-2005-1172 18 Apr 2005 3.5 (v2) Low Pass Splunk Enterprise < 5.0.14 / 6.0.10 / 6.1.9 / 6.2.5 or Splunk Light < 6.2.5 Multiple Vulnerabilities CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-1793 21 Aug 2015 6.8 (v2) Medium Pass MetaCart E-Shop productsByCategory.ASP Multiple Vulnerabilities CVE-2005-1361 CVE-2005-1363 CVE-2005-1622 17 May 2005 7.5 (v2) High Pass WP Symposium Plugin for WordPress forum_functions.php 'topic_id' Parameter SQLi 25 Aug 2015 7.5 (v2) High Pass ProductCart Multiple Input Validation Vulnerabilities CVE-2005-0994 CVE-2005-0995 06 Apr 2005 7.5 (v2) High Pass Splunk Enterprise 6.2.x < 6.2.6 / Splunk Light 6.2.x < 6.2.6 Splunk Web XSS 16 Sep 2015 4.3 (v2) Medium Pass WebHints hints.pl Arbitrary Command Execution CVE-2005-1950 13 Jun 2005 7.5 (v2) High Pass ezUpload <= 2.2 Multiple Remote Vulnerabilities (SQLi, RFI, LFI) CVE-2005-2616 CVE-2005-4308 CVE-2005-4309 10 Aug 2005 7.5 (v2) High Pass ManageEngine ServiceDesk Plus User and Domain Enumeration 20 Oct 2015 5 (v2) Medium Pass MercuryBoard User-Agent SQL Injection CVE-2005-2028 21 Jun 2005 6.5 (v2) Medium Pass DUclassmate Multiple Scripts SQL Injection CVE-2005-2049 28 Jun 2005 7.5 (v2) High Pass DUpaypal Pro Multiple Scripts SQL Injection CVE-2005-2047 CVE-2006-6365 28 Jun 2005 7.5 (v2) High Pass IBM InfoSphere Data Replication Dashboard User Enumeration CVE-2013-0584 10 Apr 2013 5 (v2) Medium Pass Cisco IOS XR Software for ASR 9000 Series Routers Lightspeed Plus Line Cards DoS (cisco-sa-lsplus-Z6AQEOjk)CVE-2022-20714 22 Apr 2022 8.6 (v3) High Pass ManageEngine ServiceDesk Plus Multiple Vulnerabilities 16 Nov 2015 5 (v2) Medium Pass Gossamer Threads Links < 3.0.4 Multiple Script XSS 20 Jul 2005 4.7 (v3) Medium 30

RELAYTO Penetration Test Results - Page 30

RELAYTO Penetration Test Results Page 29 Page 31