Pass Apache Tomcat 7.x < 7.0.20 'jsvc' Information Disclosure CVE-2011-2729 16 Aug 2011 5.3 (v3) Medium Pass IBM WebSphere Application Server Liberty Detection 04 Aug 2016 None Pass HP UCMDB Server Java Deserialization RCE CVE-2016-4368 25 Jul 2016 9.8 (v3) Critical Pass Splunk Enterprise < 5.0.16 / 6.0.12 / 6.1.11 / 6.2.11 / 6.3.6 / 6.4.2 or Splunk Light < 6.4.2 Multiple VulnerabilitiesCVE-2013-0211 CVE-2015-2304 CVE-2016-1541 CVE-2016-2107 08 Aug 2016 8.8 (v3) High Pass VMware vRealize Log Insight 2.x / 3.x < 3.3.2 Multiple Vulnerabilities (VMSA-2016-0008) CVE-2016-2081 CVE-2016-2082 10 Aug 2016 8.8 (v3) High Pass ESXi 5.0 / 5.1 / 5.5 / 6.0 Multiple Vulnerabilities (VMSA-2016-0010) (remote check) CVE-2016-5330 CVE-2016-5331 12 Aug 2016 7.8 (v3) High Pass osTicket <= 1.2.7 Multiple Vulnerabilities CVE-2005-1436 CVE-2005-1437 CVE-2005-1438 CVE-2005-1439 04 May 2005 6.8 (v2) Medium Pass SonicWALL Global Management System (GMS) / Analyzer GMC Service XML External Entity (XXE) Injection 15 Aug 2016 9.3 (v3) Critical Pass PHP 5.6.x < 5.6.25 Multiple Vulnerabilities CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-713223 Aug 2016 9.8 (v3) Critical Pass Cisco UCS Central Software < 1.3(1c) HTTP Request Handling RCE CVE-2016-1352 25 Aug 2016 9.8 (v3) Critical Pass OpenSSL < 1.0.2i Default Weak 64-bit Block Cipher (SWEET32) CVE-2016-2183 25 Aug 2016 7.5 (v3) High Pass Portable SDK for UPnP Devices (libupnp) HTTP Arbitrary File Write CVE-2016-6255 30 Aug 2016 7.5 (v3) High Pass IBM BigFix Server 9.2.x < 9.2.7.53 BES Gather XSS CVE-2016-0269 30 Aug 2016 5.4 (v3) Medium Pass SAP RMI-P4 Protocol Detection 08 Sep 2016 None Pass BMC Server Automation rscd Service Authentication Bypass RCE CVE-2016-4322 23 Sep 2016 9.8 (v3) Critical Pass Moxa MiiNePort Blank Default Telnet Password CVE-2016-2286 15 Sep 2016 7.5 (v3) High Pass Symantec Protection for SharePoint Servers Detection 09 Sep 2016 None Pass McAfee Security Information and Event Management 9.5.x / 9.6.x < 9.6.0.3 ESM Authentication Bypass (KB87744)CVE-2016-8006 26 Sep 2016 4.4 (v3) Medium Pass OpenSSL 1.0.2i CRL Handling NULL Pointer Dereference DoS CVE-2016-7052 28 Sep 2016 7.5 (v3) High Pass OpenSSL 1.0.1 < 1.0.1u Multiple Vulnerabilities (SWEET32) CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-630630 Sep 2016 9.8 (v3) Critical Pass OpenSSL 1.0.2 < 1.0.2i Multiple Vulnerabilities (SWEET32) CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-630630 Sep 2016 9.8 (v3) Critical Pass UPnP File Share Detection 13 Oct 2016 4.3 (v3) Medium Pass UPnP API Listing 13 Oct 2016 4.3 (v3) Medium Pass Apple TV < 9.1 Multiple Vulnerabilities CVE-2011-2895 CVE-2015-7038 CVE-2015-7039 CVE-2015-7040 CVE-2015-7041 CVE-2015-7042 CVE-2015-7043 CVE-2015-7047 CVE-2015-7048 CVE-2015-7051 CVE-2015-7053 CVE-2015-7054 CVE-2015-7055 CVE-2015-7058 CVE-2015-7059 CVE-2015-7060 CVE-2015-7061 CVE-2015-7064 CVE-2015-7065 CVE-2015-7066 CVE-2015-7068 CVE-2015-7072 CVE-2015-7073 CVE-2015-7074 CVE-2015-7075 CVE-2015-7079 CVE-2015-7083 CVE-2015-7084 CVE-2015-7095 CVE-2015-7096 CVE-2015-7097 CVE-2015-7098 CVE-2015-7099 CVE-2015-7100 CVE-2015-7101 CVE-2015-7102 CVE-2015-7103 CVE-2015-7104 CVE-2015-7105 CVE-2015-7109 CVE-2015-7110 CVE-2015-7111 CVE-2015-7112 CVE-2015-7115 CVE-2015-711613 Oct 2016 4.3 (v3) Medium Pass Oracle GlassFish Server 2.1.1.x < 2.1.1.29 Mozilla NSS ASN.1 Structure Handling RCE (October 2016 CPU)CVE-2016-1950 20 Oct 2016 8.8 (v3) High Pass Oracle GlassFish Server 2.1.1.x < 2.1.1.29 / 3.0.1.x < 3.0.1.14 / 3.1.2.x < 3.1.2.15 Java Server Faces RCE (October 2016 CPU)CVE-2016-5519 20 Oct 2016 8.8 (v3) High Pass EMC Legato Networker Remote Exec Service Stack Overflow RCE CVE-2007-3618 20 Oct 2016 9.1 (v3) Critical Pass Unprotected 'admin' Account CVE-1999-0502 28 Oct 2016 9.8 (v3) Critical Pass Default Password '666666' for '666666' Account CVE-1999-0502 28 Oct 2016 9.8 (v3) Critical Pass Default Password '12345' for 'guest' Account CVE-1999-0502 28 Oct 2016 9.8 (v3) Critical Pass Default Password 'klv123' for 'root' Account CVE-1999-0502 28 Oct 2016 9.8 (v3) Critical Pass F5 Networks BIG-IP : BIG-IP Virtual Server HTTP Explicit Proxy / SOCKS Profile RCE (SOL35520031) (uncrCVE-2016-5700edentialed check) 28 Oct 2016 9.8 (v3) Critical Pass Default Password 'supervisor' for 'supervisor' Account CVE-1999-0502 28 Oct 2016 9.8 (v3) Critical Pass Default Password 'support' for 'support' Account CVE-1999-0502 28 Oct 2016 9.8 (v3) Critical Noise SSL Root Certification Authority Certificate Information 14 Nov 2016 None Pass Apple iTunes < 12.5.2 Multiple Vulnerabilities (Uncredentialed Check) CVE-2016-4613 CVE-2016-7578 17 Nov 2016 8.8 (v3) High Pass OpenSSL 1.1.0 < 1.1.0c Multiple Vulnerabilities CVE-2016-7053 CVE-2016-7054 CVE-2016-7055 18 Nov 2016 7.5 (v3) High Pass PHP 7.0.x < 7.0.13 Multiple Vulnerabilities CVE-2016-7478 CVE-2016-9933 CVE-2016-9934 18 Nov 2016 7.5 (v3) High Pass Apple iTunes < 12.5.1 Multiple Vulnerabilities (uncredentialed Check) CVE-2016-4728 CVE-2016-4758 CVE-2016-4759 CVE-2016-4760 CVE-2016-4762 CVE-2016-4763 CVE-2016-4764 CVE-2016-4765 CVE-2016-4766 CVE-2016-4767 CVE-2016-4768 CVE-2016-476918 Nov 2016 8.8 (v3) High Pass Accellion Secure File Transfer Appliance 'oauth_token' Parameter Remote Command Execution CVE-2015-2857 27 Jul 2015 9.8 (v3) Critical Pass Accellion Secure File Transfer Appliance 'statecode' Cookie Remote File Disclosure CVE-2015-2856 27 Jul 2015 7.5 (v3) High Pass PHP 5.5.x < 5.5.28 Multiple Vulnerabilities CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6836 CVE-2015-8835 CVE-2015-8867 CVE-2015-8873 CVE-2015-8876 11 Aug 2015 9.8 (v3) Critical Pass Invision Power Board index.php Multiple Parameter XSS CVE-2005-1443 05 May 2005 4.3 (v2) Medium Pass Web Application Cookies Not Marked HttpOnly 24 Aug 2015 None Pass Web Application Cookies Not Marked Secure 24 Aug 2015 None Pass SSL Certificate Signed Using SHA-1 Algorithm 22 Sep 2015 None Pass Symantec Web Gateway Database < 5.0.0.1277 Multiple Vulnerabilities (SYM15-009) (credentialed check) CVE-2015-5690 CVE-2015-5691 CVE-2015-5692 CVE-2015-5693 CVE-2015-6547 CVE-2015-6548 25 Sep 2015 9.9 (v3) Critical Pass OrientDB < 2.0.15 / 2.1.1 XSRF CVE-2015-2912 08 Oct 2015 8.8 (v3) High Pass Janitza Hard-Coded FTP Password CVE-2015-3968 17 Nov 2015 9.8 (v3) Critical Pass VMware ESXi 5.0 < Build 3021432 OpenSLP RCE (VMSA-2015-0007) CVE-2015-1047 CVE-2015-2342 CVE-2015-5177 19 Nov 2015 8.6 (v3) High Pass VMware ESXi 5.1 < Build 3021178 OpenSLP RCE (VMSA-2015-0007) CVE-2015-1047 CVE-2015-2342 CVE-2015-5177 19 Nov 2015 8.6 (v3) High Pass VMware ESXi 5.5 < Build 3029944 OpenSLP RCE (VMSA-2015-0007) CVE-2015-1047 CVE-2015-2342 CVE-2015-5177 19 Nov 2015 8.6 (v3) High Pass 7-Technologies / Schneider-Electric IGSS Data Collector Detection 04 Dec 2015 None Pass Nessus 5.x < 5.2.12 / 6.x < 6.4 Multiple OpenSSL Vulnerabilities CVE-2015-1788 CVE-2015-1789 19 Nov 2015 7.5 (v3) High Pass TLS NPN Supported Protocol Enumeration 08 Dec 2015 None Pass Puppet Enterprise Installation Process Local CA Key Disclosure CVE-2015-7328 17 Dec 2015 4.7 (v3) Medium Pass Emerson SM-Ethernet FTP Server Default Credentials 01 Dec 2015 9.8 (v3) Critical Pass Unbound DNS Resolver Remote Version Detection 12 Jan 2016 None Pass HP Virtual Table Server Detection 20 Jan 2016 None Pass OpenSSL 1.0.1 < 1.0.1r Multiple Vulnerabilities (Logjam) CVE-2015-3197 CVE-2015-4000 02 Feb 2016 3.7 (v3) Low Pass OpenSSL 1.0.2 < 1.0.2f Multiple Vulnerabilities (Logjam) CVE-2015-3197 CVE-2015-4000 CVE-2016-0701 02 Feb 2016 3.7 (v3) Low Pass Joomla! User-Agent Object Injection RCE CVE-2015-8562 29 Jan 2016 9.8 (v3) Critical Pass Cisco TelePresence Video Communication Server (VCS) Web UI Detection 02 Feb 2016 None Pass Ipswitch WhatsUp Gold < 16.4 Multiple Vulnerabilities CVE-2015-6004 CVE-2015-6005 CVE-2015-8261 15 Feb 2016 9.8 (v3) Critical Pass Nessus SQLite Multiple RCE CVE-2015-5895 25 Feb 2016 8.8 (v3) High Pass ESXi 5.5 < Build 3568722 / 6.0 < Build 3568940 glibc DNS Resolver RCE (VMSA-2016-0002) (remote check)CVE-2015-7547 23 Feb 2016 8.1 (v3) High Pass Ipswitch WhatsUp Gold Detection 15 Feb 2016 None Pass IBM Tivoli Storage Manager FastBack 5.5.x / 6.1.x < 6.1.12.2 Multiple Vulnerabilities CVE-2015-8519 CVE-2015-8520 CVE-2015-8521 CVE-2015-8522 CVE-2015-8523 09 Mar 2016 9.8 (v3) Critical Pass Visual Mining NetCharts Server Arbitrary File Upload CVE-2014-8516 17 Dec 2014 8.8 (v3) High Pass Symantec Encryption Management Server Remote Administrator Enumeration CVE-2015-8148 11 Mar 2016 7.5 (v3) High Pass Default Password (abc123) for 'admin' Account CVE-1999-0502 22 Dec 2014 9.8 (v3) Critical Pass 7-Technologies / Schneider-Electric IGSS ODBC Service Detection 29 Feb 2016 None Pass 7-Technologies / Schneider-Electric IGSS ODBC Version Identification 29 Feb 2016 None Pass Default Password (centreon) for 'root' Account CVE-1999-0502 23 Dec 2014 9.8 (v3) Critical Pass Apache Traffic Server 5.1.x < 5.1.1 Multiple Vulnerabilities (POODLE) CVE-2014-3566 CVE-2014-3624 22 Jan 2015 9.8 (v3) Critical Pass Default Password (passw0rd) for 'superuser' Account CVE-1999-0502 23 Jan 2015 9.8 (v3) Critical Pass Centreon Detection 23 Dec 2014 None Pass HP SiteScope 11.1x < 11.13 or 11.2x < 11.24 IP3 Remote Privilege Escalation CVE-2014-7882 06 Feb 2015 8.1 (v3) High Pass Default Password (changemenow) for 'root' Account CVE-1999-0502 04 Feb 2015 9.8 (v3) Critical Pass Jetty HttpParser Error Remote Memory Disclosure CVE-2015-2080 27 Feb 2015 7.5 (v3) High Pass MongoDB Service Without Authentication Detection 12 Mar 2015 9.8 (v3) Critical Pass Apple TV < 7.1 Multiple Vulnerabilities (FREAK) CVE-2015-1061 CVE-2015-1062 CVE-2015-1067 12 Mar 2015 9.8 (v3) Critical Pass ManageEngine OpManager Detection 16 Feb 2015 None Pass Symantec Data Center Security Web Console Interface Detection 26 Feb 2015 None Pass Siemens SIMATIC S7-1200 PLC Firmware Detection 02 Mar 2015 None Pass ManageEngine Desktop Central Remote Security Bypass (Intrusive Check) CVE-2014-7862 25 Mar 2015 9.8 (v3) Critical Pass ManageEngine Desktop Central Remote Security Bypass CVE-2014-7862 25 Mar 2015 9.8 (v3) Critical Pass ManageEngine Desktop Central < 9 Build 90135 Unauthenticated Admin Password Reset CVE-2015-2560 31 Mar 2015 9.8 (v3) Critical Pass ClusterLabs Pacemaker PCS Daemon Detection 07 May 2015 None Pass Apple TV < 7.2 Multiple Vulnerabilities CVE-2015-1068 CVE-2015-1069 CVE-2015-1070 CVE-2015-1071 CVE-2015-1072 CVE-2015-1073 CVE-2015-1074 CVE-2015-1076 CVE-2015-1077 CVE-2015-1078 CVE-2015-1079 CVE-2015-1080 CVE-2015-1081 CVE-2015-1082 CVE-2015-1083 CVE-2015-1086 CVE-2015-1092 CVE-2015-1094 CVE-2015-1095 CVE-2015-1096 CVE-2015-1097 CVE-2015-1099 CVE-2015-1100 CVE-2015-1101 CVE-2015-1102 CVE-2015-1103 CVE-2015-1104 CVE-2015-1105 CVE-2015-1110 CVE-2015-1114 CVE-2015-1117 CVE-2015-1118 CVE-2015-1119 CVE-2015-1120 CVE-2015-1121 CVE-2015-1122 CVE-2015-1123 CVE-2015-112410 Apr 2015 9.8 (v3) Critical Pass Novell ZENworks Configuration Management < 11.3.2 Remote Code Execution (intrusive check) CVE-2015-0779 08 May 2015 8.8 (v3) High Noise SSL Certificate Chain Contains Certificates Expiring Soon 08 May 2015 None Pass IBM Tivoli Storage Manager FastBack Server Detection 08 May 2015 None Pass Default Password (123456) for 'nexthink' Account CVE-1999-0502 01 Apr 2015 9.8 (v3) Critical Pass sobby Server Detection 29 Apr 2015 None Pass Gearman Server Detection 14 May 2015 None Pass Apache Tomcat 7.0.x < 7.0.60 Multiple Vulnerabilities (FREAK) CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-029319 May 2015 7.3 (v3) High Pass Cisco TelePresence IP VCR Detection 21 May 2015 None Pass Cisco TelePresence Server Detection 21 May 2015 None Pass eFront Detection 26 May 2015 None Pass Default Password (password) for 'emcupdate' Account CVE-1999-0502 CVE-2015-0529 22 May 2015 9.8 (v3) Critical Pass Cisco Ironport Security Appliance Authorized Key Vulnerability CVE-2015-4216 02 Jul 2015 7.2 (v3) High Pass HSTS Missing From HTTPS Server 02 Jul 2015 None Pass PostgreSQL < 8.0.3 Multiple Vulnerabilities CVE-2005-1409 CVE-2005-1410 05 May 2005 6.5 (v2) Medium Pass Backported Security Patch Detection (PHP) 07 Jul 2015 None Pass Puppet Enterprise 3.x < 3.8.1 Multiple Vulnerabilities (Logjam) CVE-2014-3600 CVE-2014-3612 CVE-2014-8110 CVE-2014-8176 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 CVE-2015-400023 Jul 2015 9.8 (v3) Critical Pass IBM DB2 Content Manager eClient Detection 23 Sep 2013 None Pass Cisco Unified MeetingPlace Detection 23 Sep 2013 None Pass Cisco CUCM / CUPS Detection 24 Sep 2013 None Pass HP Network Automation Detection 24 Sep 2013 None Pass HP Onboard Administrator Detection 26 Sep 2013 None Pass HP Network Node Manager i (NNMi) Console Detection 26 Sep 2013 None 74
RELAYTO Penetration Test Results Page 73 Page 75