Pass Oracle Primavera Gateway Multiple Vulnerabilities (July 2017 CPU) CVE-2015-0254 CVE-2016-6814 21 Jul 2017 9.8 (v3) Critical Pass IBM BigFix Platform 9.1.x < 9.1.1328.0 / 9.2.x < 9.2.11.19 Multiple Vulnerabilities CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1203 CVE-2017-1219 27 Jul 2017 9.8 (v3) Critical Pass GoAhead System.ini Leak CVE-2017-8225 03 Aug 2017 9.8 (v3) Critical Pass ESXi 6.0 < Build 5485776 Multiple Vulnerabilities (VMSA-2017-0015) (remote check) CVE-2016-2183 CVE-2016-7055 CVE-2016-1000110 CVE-2017-3730 CVE-2017-3731 CVE-2017-3732 CVE-2017-4925 20 Sep 2017 7.5 (v3) High Pass Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability CVE-2017-6767 25 Aug 2017 7.1 (v3) High Pass Fuji Electric V-Server Detection 24 Jul 2017 None Pass HP Operations Orchestration 10.x < 10.80 Remote Code Execution CVE-2017-8994 05 Sep 2017 9.8 (v3) Critical Pass IBM BigFix Remote Control < 9.1.4 Authentication Bypass CVE-2016-2930 13 Sep 2017 7.5 (v3) High Pass D-Link DIR Router Missing Authentication Check CVE-2017-14417 14 Sep 2017 9.8 (v3) Critical Pass ESXi 5.5 < Build 6480267 RPC NULL Pointer Dereference Vulnerability (VMSA-2017-0015) (remote check) CVE-2017-4925 21 Sep 2017 5.5 (v3) Medium Pass VMware vCenter Server 6.5.x < 6.5u1 H5 Client Stored XSS (VMSA-2017-0015) CVE-2017-4926 21 Sep 2017 5.4 (v3) Medium Pass EMC Data Protection Advisor < 6.4.130 Hardcoded Password Vulnerability CVE-2017-8013 21 Sep 2017 9.8 (v3) Critical Pass Apache Solr < 6.6.1 Kerberos Plugin Delegation Token Handling Remote Information Disclosure CVE-2017-9803 27 Sep 2017 7.5 (v3) High Pass Apple iTunes < 12.7 WebKit Multiple Vulnerabilities (uncredentialed check) CVE-2017-7081 CVE-2017-7087 CVE-2017-7090 CVE-2017-7091 CVE-2017-7092 CVE-2017-7093 CVE-2017-7094 CVE-2017-7095 CVE-2017-7096 CVE-2017-7098 CVE-2017-7099 CVE-2017-7100 CVE-2017-7102 CVE-2017-7104 CVE-2017-7107 CVE-2017-7109 CVE-2017-7111 CVE-2017-7117 CVE-2017-712027 Sep 2017 8.8 (v3) High Pass Trihedral VTScada Detection 28 Sep 2017 None Pass HP UCMDB Server BeanUtils Java Deserialization RCE CVE-2017-14353 09 Oct 2017 8.8 (v3) High Pass EMC RSA Archer < 6.2.0.5 Multiple Vulnerabilities CVE-2017-8016 CVE-2017-8025 CVE-2017-14369 CVE-2017-14370 CVE-2017-14371 CVE-2017-14372 12 Oct 2017 7.4 (v3) High Pass Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed) CVE-2017-9798 13 Oct 2017 7.5 (v3) High Pass Trend Micro OfficeScan Web Interface Detection 19 Oct 2017 None Pass ONVIF Device Services 17 Oct 2017 None Pass ONVIF Camera Snapshot 17 Oct 2017 None Pass ONVIF Get Device User List 17 Oct 2017 None Pass Ubiquiti Networks UniFi < 3.9.3.7537 (KRACK) CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13084 CVE-2017-13086 CVE-2017-13087 CVE-2017-1308817 Oct 2017 8.1 (v3) High Pass Microsoft Windows SMB Server (2017-10) Multiple Vulnerabilities (uncredentialed check) CVE-2017-11780 CVE-2017-11781 17 Oct 2017 7 (v3) High Pass Trend Micro OfficeScan cgiShowClientAdm Remote Memory Corruption CVE-2017-14083 CVE-2017-14084 CVE-2017-14085 CVE-2017-14086 CVE-2017-14087 CVE-2017-14088 CVE-2017-14089 19 Oct 2017 9.8 (v3) Critical Pass Linksys E1500/E2500 Authenticated Command Execution 25 Oct 2017 9.1 (v3) Critical Pass ONVIF Stream URI 31 Oct 2017 None Pass Apache Solr 5.x < 5.5.5 / 6.x < 6.6.2 / 7.x < 7.1.0 Multiple Vulnerabilities CVE-2017-12629 02 Nov 2017 9.8 (v3) Critical Pass IBM BigFix Platform 9.2.x < 9.2.12 / 9.5.x < 9.5.7 Multiple Vulnerabilities CVE-2017-1218 CVE-2017-1220 CVE-2017-1222 CVE-2017-1225 CVE-2017-1226 CVE-2017-1228 CVE-2017-1230 CVE-2017-1232 CVE-2017-152102 Nov 2017 8.8 (v3) High Pass Apple iTunes < 12.7.1 WebKit Multiple Vulnerabilities (uncredentialed check) CVE-2017-13783 CVE-2017-13784 CVE-2017-13785 CVE-2017-13788 CVE-2017-13791 CVE-2017-13792 CVE-2017-13793 CVE-2017-13794 CVE-2017-13795 CVE-2017-13796 CVE-2017-13797 CVE-2017-13798 CVE-2017-13802 CVE-2017-1380302 Nov 2017 8.8 (v3) High Pass IBM Storwize 1.5.x / 1.6.x < 1.6.2.0 RC4 Initial Keystream Bias Vulnerability (CVE-2017-1375) CVE-2017-1375 03 Nov 2017 7.5 (v3) High Pass Cisco APIC-EM 1.x < 1.5 Unauthorized Access (credentialed check) CVE-2017-12262 09 Nov 2017 8.8 (v3) High Pass Adobe Connect < 9.7 Multiple Vulnerabilities (APSB17-35) CVE-2017-11287 CVE-2017-11288 CVE-2017-11289 CVE-2017-11290 CVE-2017-11291 15 Nov 2017 10 (v3) Critical Pass VMware vCenter Server 5.5.x < 5.5u3f / 6.0.x < 6.0u3c / 6.5.x < 6.5u1 Multiple Vulnerabilities (VMSA-2017-0017)CVE-2017-4927 CVE-2017-4928 17 Nov 2017 7.5 (v3) High Pass Vanilla Forums Header Injection Remote Code Execution CVE-2016-10073 17 Nov 2017 7.5 (v3) High Pass PHP 5.6.x < 5.6.32 Multiple Vulnerabilities CVE-2016-1283 CVE-2017-16642 16 Nov 2017 9.8 (v3) Critical Pass HP LaserJet Printers RCE (HPSBPI03569) CVE-2017-2750 28 Nov 2017 9.8 (v3) Critical Pass Exim < 4.89.1 Use-After-Free BDAT Remote Code Execution CVE-2017-16943 29 Nov 2017 9.8 (v3) Critical Pass Samba Version 30 Nov 2017 None Pass EMC RSA Authentication Manager < 8.2 SP1 Patch 6 Stored Cross-Site Scripting (ESA-2017-152) CVE-2017-14379 30 Nov 2017 5.4 (v3) Medium Pass WP Google Maps for WordPress < 7.11.17 Unauthenticated SQL Injection (CVE-2019-10692) CVE-2019-10692 03 Apr 2019 9.8 (v3) Critical Pass Network Time Protocol Daemon (ntpd) read_mru_list() Remote DoS CVE-2016-7434 29 Nov 2016 7.5 (v3) High Pass Observium Detection 29 Nov 2016 None Pass Veritas NetBackup Appliance < 2.7.2 / 3.1.0 Multiple Vulnerabilities (VTS17-003) CVE-2017-6399 CVE-2017-6400 CVE-2017-6401 CVE-2017-6402 CVE-2017-6403 CVE-2017-6404 CVE-2017-6405 CVE-2017-6406 CVE-2017-6407 CVE-2017-6408 CVE-2017-640930 Nov 2017 9.8 (v3) Critical Pass Default Password 'QwestM0dem' for 'admin' Account CVE-1999-0502 01 Dec 2017 9.8 (v3) Critical Pass VMware vCenter Server 5.5.x < 5.5u3e / 6.0.x < 6.0u2a Multiple XXE Vulnerabilities (VMSA-2016-0022) CVE-2016-7459 CVE-2016-7460 02 Dec 2016 9.1 (v3) Critical Pass HP Network Automation RPCServlet Java Object Deserialization RCE CVE-2016-8511 09 Dec 2016 9.8 (v3) Critical Pass Apple iTunes < 12.5.4 Multiple Vulnerabilities (uncredentialed check) CVE-2016-4692 CVE-2016-4743 CVE-2016-7586 CVE-2016-7587 CVE-2016-7589 CVE-2016-7592 CVE-2016-7598 CVE-2016-7599 CVE-2016-7610 CVE-2016-7611 CVE-2016-7632 CVE-2016-7635 CVE-2016-7639 CVE-2016-7640 CVE-2016-7641 CVE-2016-7642 CVE-2016-7645 CVE-2016-7646 CVE-2016-7648 CVE-2016-7649 CVE-2016-7652 CVE-2016-7654 CVE-2016-765614 Dec 2016 8.8 (v3) High Pass EMC Avamar ADS / AVE Server Detection 16 Dec 2016 None Pass IBM BigFix Remote Control < 9.1.3 Multiple Vulnerabilities (SWEET32) CVE-2016-2177 CVE-2016-2178 CVE-2016-2183 CVE-2016-2928 CVE-2016-2931 CVE-2016-2932 CVE-2016-2933 CVE-2016-2934 CVE-2016-2935 CVE-2016-2943 CVE-2016-6304 CVE-2016-630627 Dec 2016 9.8 (v3) Critical Pass Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy) CVE-2016-0736 CVE-2016-2161 CVE-2016-4975 CVE-2016-5387 CVE-2016-8740 CVE-2016-8743 CVE-2020-11985 12 Jan 2017 8.1 (v3) High Pass IBM Spectrum Protect Mount Detection 27 Dec 2016 None Pass Cisco IOS IKEv1 Packet Handling Remote Information Disclosure (cisco-sa-20160916-ikev1) (BENIGNCERCVE-2016-6415TAIN) (uncredentialed check) 26 Jan 2017 7.5 (v3) High Pass Oracle WebLogic Java Object RMI Connect-Back Deserialization RCE (January 2017 CPU) CVE-2017-3248 26 Jan 2017 9.8 (v3) Critical Pass Apple iTunes < 12.5.5 Multiple Vulnerabilities (uncredentialed check) CVE-2017-2354 CVE-2017-2355 CVE-2017-2356 CVE-2017-2366 27 Jan 2017 8.8 (v3) High Pass Server Message Block (SMB) Protocol Version 1 Enabled (uncredentialed check) 03 Feb 2017 None Pass Splunk Enterprise < 5.0.17 / 6.0.13 / 6.1.12 / 6.2.13 / 6.3.9 / 6.4.5 / 6.5.2 or Splunk Light < 6.5.2 Multiple VCVE-2016-5418 CVE-2016-8688 CVE-2017-5607 CVE-2017-5880ulnerabilities 10 Feb 2017 7.5 (v3) High Pass Tenable Nessus 6.8.x and 6.9.x < 6.9.1 Stored XSS (TNS-2016-17) CVE-2016-9259 15 Feb 2017 5.4 (v3) Medium Pass F5 TLS Session Ticket Implementation Remote Memory Disclosure (Ticketbleed) (uncredentialed check) CVE-2016-9244 15 Feb 2017 7.5 (v3) High Pass WordPress 4.7.x < 4.7.2 REST API 'id' Parameter Privilege Escalation CVE-2017-1001000 16 Feb 2017 7.5 (v3) High Pass McAfee ePolicy Orchestrator Agent Remote Log Detection 16 Feb 2017 None Pass IBM DataPower Gateway Detection 06 Feb 2017 None Pass OpenSSL 1.1.0 < 1.1.0e Encrypt-Then-Mac Extension DoS CVE-2017-3733 23 Feb 2017 7.5 (v3) High Pass Splunk Enterprise 6.4.x < 6.4.6 Stored XSS Vulnerability CVE-2017-12572 03 Mar 2017 4.8 (v3) Medium Pass Kodi Local File Inclusion Information Disclosure CVE-2017-5982 22 Mar 2017 7.5 (v3) High Pass Siemens S7 Protocol Support Detection 03 Apr 2017 None Pass OS Identification and Installed Software Enumeration over SSH v2 (Using New SSH Library) 30 May 2017 None Pass Default Password 'adminIWSS85' for 'admin' Account CVE-1999-0502 07 Apr 2017 9.8 (v3) Critical Pass VMware vCenter Server 6.0.x < 6.0u3b / 6.5.x < 6.5c BlazeDS AMF3 RCE (VMSA-2017-0007) CVE-2017-5641 19 Apr 2017 9.8 (v3) Critical Pass Tenable Nessus 6.8.x < 6.10.2 Arbitrary File Upload (TNS-2017-06) CVE-2017-6543 18 Apr 2017 7.3 (v3) High Pass NetGain Enterprise Manager Detection 10 Mar 2017 None Pass Adobe ColdFusion BlazeDS Java Object Deserialization RCE CVE-2017-3066 28 Apr 2017 9.8 (v3) Critical Pass Cisco Prime LAN Management Solution Java Object Deserialization RCE (CSCux34647) CVE-2015-6420 02 May 2017 9.8 (v3) Critical Pass Comelit Actuator Detection 21 Apr 2017 None Pass Powershell Empire Detection 21 Apr 2017 None Pass Cisco TelePresence CE 8.1.1 < 8.3.2 ICMP Packet Handling DoS (cisco-sa-20170503-ctp) CVE-2017-3825 04 May 2017 7.5 (v3) High Pass Jenkins < 2.46.2 / 2.57 and Jenkins Enterprise < 1.625.24.1 / 1.651.24.1 / 2.7.24.0.1 / 2.46.2.1 Multiple VulnerabilitiesCVE-2017-1000353 CVE-2017-1000354 CVE-2017-1000355 CVE-2017-1000356 04 May 2017 9.8 (v3) Critical Pass Dell iDRAC6 / iDRAC7 / iDRAC8 Path Traversal Authentication Bypass CVE-2015-7270 01 Apr 2016 7.8 (v3) High Pass QNAP Signage Station Arbitrary File Upload Vulnerability CVE-2015-6036 25 Mar 2016 7.5 (v3) High Pass Apache Jetspeed Detection 28 Mar 2016 None Pass Apple TV < 7.2.1 Multiple Vulnerabilities CVE-2012-6685 CVE-2014-0191 CVE-2014-3660 CVE-2015-3730 CVE-2015-3731 CVE-2015-3732 CVE-2015-3733 CVE-2015-3734 CVE-2015-3735 CVE-2015-3736 CVE-2015-3737 CVE-2015-3738 CVE-2015-3739 CVE-2015-3740 CVE-2015-3741 CVE-2015-3742 CVE-2015-3743 CVE-2015-3744 CVE-2015-3745 CVE-2015-3746 CVE-2015-3747 CVE-2015-3748 CVE-2015-3749 CVE-2015-3750 CVE-2015-3751 CVE-2015-3752 CVE-2015-3753 CVE-2015-3759 CVE-2015-3766 CVE-2015-3768 CVE-2015-3776 CVE-2015-3778 CVE-2015-3782 CVE-2015-3784 CVE-2015-3793 CVE-2015-3795 CVE-2015-3796 CVE-2015-3797 CVE-2015-3798 CVE-2015-3800 CVE-2015-3802 CVE-2015-3803 CVE-2015-3804 CVE-2015-3805 CVE-2015-3806 CVE-2015-3807 CVE-2015-5749 CVE-2015-5755 CVE-2015-5756 CVE-2015-5757 CVE-2015-5758 CVE-2015-5761 CVE-2015-5773 CVE-2015-5774 CVE-2015-5775 CVE-2015-5776 CVE-2015-5777 CVE-2015-5778 CVE-2015-5781 CVE-2015-5782 CVE-2015-799504 Apr 2016 9.8 (v3) Critical Pass VMware vRealize Business Unspecified Stored XSS (VMSA-2016-0003) CVE-2016-2075 06 Apr 2016 5.4 (v3) Medium Pass QNAP Signage Station Server Detection 25 Mar 2016 None Pass VMware vRealize Business Web UI Detection 06 Apr 2016 None Pass Cisco TelePresence Server Crafted IPv6 Packet Handling DoS (cisco-sa-20160406-cts) CVE-2016-1346 15 Apr 2016 5.9 (v3) Medium Pass Cisco Prime Infrastructure Java Deserialization RCE (cisco-sa-20160406-remcode) CVE-2016-1291 19 Apr 2016 9.8 (v3) Critical Pass Oracle WebLogic Server Java Object Deserialization RCE (April 2016 CPU) CVE-2016-0638 26 Apr 2016 9.8 (v3) Critical Pass Oracle iPlanet Web Server 7.0.x < 7.0.23 NSS ASN.1 Decoder RCE (April 2016 CPU) CVE-2015-7182 21 Apr 2016 9.8 (v3) Critical Pass Oracle GlassFish Server 2.1.1.x < 2.1.1.27 NSS ASN.1 Decoder RCE (April 2016 CPU) CVE-2015-7182 22 Apr 2016 9.8 (v3) Critical Pass VMware vCenter Server 5.5.x < 5.5u3d / 6.0.x < 6.0u2 Client Integration Plugin Session Hijacking (VMSA-2016-0004)CVE-2016-2076 26 Apr 2016 7.6 (v3) High Pass OpenSSL 1.0.1 < 1.0.1t Multiple Vulnerabilities CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 04 May 2016 8.2 (v3) High Pass OpenSSL 1.0.2 < 1.0.2h Multiple Vulnerabilities CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 04 May 2016 8.2 (v3) High Pass Symantec Messaging Gateway 10.x < 10.6.1 Management Console Multiple Vulnerabilities (SYM16-005) CVE-2016-2203 CVE-2016-2204 05 May 2016 8.2 (v3) High Pass NetIQ Sentinel Detection 20 Apr 2016 None Pass BMC BladeLogic Server Automation RSCD Agent Detection 10 May 2016 None Pass Cisco TelePresence XML API HTTP Request Handling Authentication Bypass (cisco-sa-20160504-tpxml) CVE-2016-1387 13 May 2016 9.8 (v3) Critical Pass Moxa NPort Serial-to-Ethernet Server Detection 20 May 2016 None Pass PostgreSQL Server Login Possible 24 Jun 2016 None Pass Red Hat JBoss Operations Network Java Object Deserialization RCE CVE-2016-3737 06 Jun 2016 9.8 (v3) Critical Pass OpenSSL AES-NI Padding Oracle MitM Information Disclosure CVE-2016-2107 13 Jun 2016 5.9 (v3) Medium Noise HyperText Transfer Protocol (HTTP) Redirect Information 16 Jun 2016 None Pass Cisco APIC Detection 21 Jun 2016 None Noise Web Application Sitemap 24 Jun 2016 None Pass Wireless Access Controller Detection 06 Jun 2016 None Pass Symantec Messaging Gateway 10.x < 10.6.1-4 Multiple Vulnerabilities (SYM16-010) CVE-2016-2207 CVE-2016-2209 CVE-2016-2210 CVE-2016-2211 CVE-2016-3644 CVE-2016-3645 CVE-2016-3646 30 Jun 2016 8.4 (v3) High Pass BMC Server Automation RSCD Agent Weak ACL NSH Arbitrary Command Execution 05 Jul 2016 10 (v2) Critical Pass HPE LoadRunner Virtual Table Server import_csv Remote File Deletion DoS CVE-2016-4360 07 Jul 2016 9.1 (v3) Critical Pass PHP 5.6.x < 5.6.23 Multiple Vulnerabilities CVE-2016-4473 CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-577301 Jul 2016 9.8 (v3) Critical Pass Symantec Web Gateway Anti-Virus Definition < 20160628.037 Multiple Vulnerabilities (SYM16-010) (credentialed check)CVE-2016-2207 CVE-2016-2209 CVE-2016-2210 CVE-2016-2211 CVE-2016-3644 CVE-2016-3645 CVE-2016-3646 12 Jul 2016 8.4 (v3) High Pass Untangle NG Firewall Detection 15 Jul 2016 None Pass Apache 2.4.18 / 2.4.20 X.509 Certificate Authentication Bypass CVE-2016-4979 15 Jul 2016 7.5 (v3) High Pass Apache Tomcat 7.x < 7.0.17 Multiple Vulnerabilities CVE-2011-2204 CVE-2011-2481 CVE-2011-2526 03 Aug 2011 7.3 (v3) High 73
RELAYTO Penetration Test Results Page 72 Page 74