RELAYTO Penetration Test Results (24/101)

Pass Apple TV < 10.0.1 Multiple Vulnerabilities CVE-2016-4613 CVE-2016-4660 CVE-2016-4664 CVE-2016-4665 CVE-2016-4666 CVE-2016-4669 CVE-2016-4673 CVE-2016-4675 CVE-2016-4677 CVE-2016-4679 CVE-2016-4680 CVE-2016-4688 CVE-2016-7578 CVE-2016-7579 CVE-2016-7584 CVE-2016-761327 Oct 2016 7.8 (v3) High Pass MySQL User-Deﬁned Functions Multiple Vulnerabilities CVE-2005-2572 18 Nov 2011 8.5 (v2) High Pass MS12-017: Vulnerability in DNS Server Could Allow Denial of Service (2647170) (uncredentialed check) CVE-2012-0006 05 Mar 2014 5 (v2) Medium Pass HP Integrated Lights-Out (iLO) Default Credentials 07 Mar 2014 10 (v2) Critical Pass NAT-PMP Detection (remote network) 20 Mar 2014 7.3 (v3) High Pass Cisco Prime Infrastructure Virtual Domain Privilege Escalation (cisco-sa-20190619-prime-privescal) CVE-2019-1906 04 Sep 2020 6.5 (v3) Medium Pass EMC Cloud Tiering Appliance XML External Entity (XXE) Arbitrary File Disclosure CVE-2014-0644 07 Apr 2014 7.8 (v2) High Pass Cisco TelePresence TC Software Parameter Authentication Bypass (CSCuv00604) CVE-2015-4271 10 Sep 2015 6.4 (v2) Medium Pass Cisco ONS 15454 Controller Card DoS (CSCug97348) CVE-2014-2140 10 Apr 2014 5 (v2) Medium Pass VMware vCenter Multiple Vulnerabilities (VMSA-2015-0007) CVE-2015-1047 CVE-2015-2342 02 Oct 2015 10 (v2) Critical Pass IceWarp webmail/basic/index.html _c Parameter Directory Traversal 09 Dec 2010 5 (v2) Medium Pass Oracle Identity Analytics / Sun Role Manager Unspeciﬁed Remote Vulnerability (April 2014 CPU) CVE-2014-2411 28 Apr 2014 6.5 (v2) Medium Pass Cisco NX-OS Software Border Gateway Protocol Multicast VPN DoS (cisco-sa-nxosbgp-nlri-dos-458rG2OQ)CVE-2020-3397 02 Sep 2020 8.6 (v3) High Pass VMware vCenter Server Arbitrary File Upload (VMSA-2021-0020) CVE-2021-22005 06 Oct 2021 9.8 (v3) Critical Pass Atlassian Jira Unauthenticated User Enumeration (CVE-2020-36289) CVE-2020-36289 13 Oct 2021 5.3 (v3) Medium Pass Zope Malformed XML RPC Request Path Disclosure 17 Feb 2003 5 (v2) Medium Pass Caldera '/costview3/xmlrpc_server/xmlrpc.php' XMLRPC Request Remote Command Execution CVE-2014-2935 05 Jun 2014 10 (v2) Critical Pass IBM WebSphere Application Server 6.1 < 6.1.0.35 Multiple Vulnerabilities CVE-2010-0783 CVE-2010-0785 CVE-2011-0315 CVE-2011-0316 CVE-2011-1310 CVE-2011-1313 CVE-2011-1319 CVE-2011-1320 13 Jan 2011 4.3 (v2) Medium Pass OpenSSL 1.0.1 < 1.0.1s Multiple Vulnerabilities (DROWN) CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799 CVE-2016-0800 02 Mar 2016 9.8 (v3) Critical Pass VMware ESX / ESXi VMCI Privilege Escalation (VMSA-2013-0002) (remote check) CVE-2013-1406 04 Mar 2016 7.2 (v2) High Pass Trend Micro ServerProtect Authentication Bypass Vulnerability (CVE-2021-36745) CVE-2021-36745 22 Oct 2021 9.8 (v3) Critical Pass Juniper Junos Privilege Escalation Vulnerability (JSA10977) CVE-2019-0070 09 Sep 2020 8.8 (v3) High Pass IBM WebSphere Application Server 7.0 < Fix Pack 17 Multiple Vulnerabilities CVE-2011-1209 CVE-2011-1683 17 Jun 2011 6.8 (v2) Medium Pass IBM WebSphere Application Server 6.1 < 6.1.0.39 Multiple Vulnerabilities CVE-2011-1209 CVE-2011-1355 CVE-2011-1356 22 Jul 2011 5.8 (v2) Medium Pass Halon Security Router < 3.2r2 Multiple Vulnerabilities 11 Aug 2014 4.3 (v2) Medium Pass Computer Associates ARCserve D2D homepageServlet Servlet Information Disclosure CVE-2011-3011 28 Jul 2011 10 (v2) Critical Pass Palo Alto Networks PAN-OS 7.0.x < 7.0.5 Multiple Vulnerabilities 07 Jul 2016 10 (v2) Critical Pass OpenSSL < 0.9.8p / 1.0.0e Double Free Vulnerability CVE-2010-2939 04 Jan 2012 4.3 (v2) Medium Pass OpenSSL < 0.9.8s Multiple Vulnerabilities CVE-2011-1945 CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 09 Jan 2012 9.3 (v2) High Pass ESXi 5.1 < Build 1743201 Multiple Vulnerabilities (remote check) CVE-2013-5211 CVE-2014-8370 CVE-2015-1044 29 Jan 2015 6.4 (v2) Medium Pass OpenSSL < 0.9.8k Multiple Vulnerabilities CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-5146 04 Jan 2012 5 (v2) Medium Pass Cisco Content Security Management Appliance (SMA) Information Disclosure (cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP)CVE-2020-3547 08 Sep 2020 6.5 (v3) Medium Pass IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x <= 8.5.5.14 / 9.0.x <= 9.0.0.9 XSS (729547)CVE-2018-1767 10 Sep 2020 6.1 (v3) Medium Pass RealNetworks Helix Server 14.x < 14.3.x Multiple Vulnerabilities CVE-2012-0942 CVE-2012-1923 CVE-2012-1984 CVE-2012-1985 CVE-2012-2267 CVE-2012-2268 12 Apr 2012 10 (v2) Critical Pass Oracle Enterprise Data Quality Multiple Vulnerabilities (October 2014 CPU) CVE-2014-0114 CVE-2014-0119 30 Oct 2014 7.5 (v2) High Pass HP SiteScope SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) CVE-2014-3566 04 Dec 2014 4.3 (v2) Medium Pass Oracle GlassFish Server Multiple Vulnerabilities (April 2015 CPU) (POODLE) CVE-2013-4545 CVE-2014-1568 CVE-2014-3566 20 Apr 2015 7.5 (v2) High Pass DUPortal/DUPortal Pro Multiple Scripts SQL Injection (1) CVE-2005-1224 CVE-2005-1236 22 Apr 2005 7.5 (v2) High Pass WaveMaker < 6.4.6 Security Bypass 19 Jul 2012 7.5 (v2) High Pass EMail Security Virtual Appliance learn-msg.cgi Remote Code Execution 06 Sep 2012 7.5 (v2) High Pass OpenSSL 1.0.0 < 1.0.0s Multiple Vulnerabilities CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 12 Jun 2015 6.8 (v2) Medium Pass Apache mod_ssl ssl_hook_Access Error Handling DoS CVE-2005-3357 10 Jan 2006 5.9 (v3) Medium Pass SAP Host Control SOAP Web Service 'Database/Name' Command Execution (SAP Note 1341333) 25 Sep 2012 10 (v2) Critical Pass Apple iTunes < 10.5.1 Update Authenticity Veriﬁcation Weakness (uncredentialed check) CVE-2008-3434 18 Nov 2011 6.8 (v2) Medium Pass WANem index-advanced.php XSS 29 Oct 2012 4.3 (v2) Medium Pass ManageEngine OpStor availability730.do days Parameter XSS 01 Nov 2012 4.3 (v2) Medium Pass Novell eDirectory 8.8.x Multiple Security Vulnerabilities CVE-2012-0428 CVE-2012-0429 CVE-2012-0430 CVE-2012-0432 27 Dec 2012 10 (v2) Critical Pass Trend Micro OﬃceScan 7.3 Multiple Vulnerabilities CVE-2006-5157 CVE-2006-5211 CVE-2006-5212 CVE-2006-6178 CVE-2006-6179 14 Jul 2006 7.5 (v2) High Pass WordPress Poll Plugin 'poll_id' Parameter SQL Injection CVE-2013-1400 26 Feb 2013 7.5 (v2) High Pass Apache 2.4.x < 2.4.16 Multiple Vulnerabilities CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185 23 Jul 2015 5.3 (v3) Medium Pass Apple iTunes < 11.1.2 Multiple Vulnerabilities (uncredentialed check) CVE-2011-3102 CVE-2012-0841 CVE-2012-2807 CVE-2012-2825 CVE-2012-2870 CVE-2012-2871 CVE-2012-5134 CVE-2013-1024 CVE-2013-1037 CVE-2013-1038 CVE-2013-1039 CVE-2013-1040 CVE-2013-1041 CVE-2013-1042 CVE-2013-1043 CVE-2013-1044 CVE-2013-1045 CVE-2013-1046 CVE-2013-1047 CVE-2013-2842 CVE-2013-5125 CVE-2013-5126 CVE-2013-5127 CVE-2013-512824 Oct 2013 7.5 (v2) High Pass airVision NVR path Parameter Traversal Arbitrary File Access 04 Mar 2013 5 (v2) Medium Pass Novell ZENworks Conﬁguration Management < 11.2.4 Multiple Vulnerabilities CVE-2013-1084 CVE-2013-6344 CVE-2013-6345 CVE-2013-6346 CVE-2013-6347 01 Nov 2013 10 (v2) Critical Pass ESXi 5.0 < Build 702118 Multiple Vulnerabilities (remote check) CVE-2012-2448 CVE-2012-2449 CVE-2012-2450 13 Nov 2013 9 (v2) High Pass W3 Total Cache Plugin for WordPress Multiple Insecure PHP Code Inclusion Macros Remote Code ExecutionCVE-2013-2010 03 May 2013 8.8 (v3) High Pass Monitorix Built-in HTTP Server Remote Command Execution CVE-2013-7070 04 Dec 2013 10 (v2) Critical Pass Cerb Multiple Vulnerabilities 03 Apr 2013 4.3 (v2) Medium Pass HP Intelligent Management Center BIMS Module Information Disclosure CVE-2013-4823 09 Jan 2014 5 (v2) Medium Pass SSL Null Cipher Suites Supported 10 Jun 2013 5.3 (v3) Medium Pass CommuniGate Pro WebMail < 5.2.15 XSS 29 Jul 2009 4.3 (v2) Medium Pass Landing Pages Plugin for WordPress 'wp-admin/edit.php' 'post' Parameter SQL Injection CVE-2013-6243 27 Jan 2014 7.5 (v2) High Pass IceWarp /rpc/gw.html XML External Entity Arbitrary File Disclosure 19 Jul 2013 5 (v2) Medium Pass Cisco Prime Network / Wireless Control System Health Monitor Reﬂected XSS CVE-2012-5990 25 Jul 2013 4.3 (v2) Medium Pass HP SiteScope Multiple Unspeciﬁed Remote Code Execution Vulnerabilities CVE-2013-2367 CVE-2013-4835 CVE-2013-6207 02 Aug 2013 10 (v2) Critical Pass WP Online Store Plugin for WordPress Multiple Parameter File Disclosure 30 Aug 2013 5.3 (v3) Medium Pass Palo Alto Networks PAN-OS 8.1.x < 8.1.16 / 9.0.x < 9.0.10 / 9.1.x < 9.1.3 Command Injection CVE-2020-2037 11 Sep 2020 7.2 (v3) High Pass Artica < 1.4.101900 mailattach Parameter Directory Traversal 25 Oct 2010 7.8 (v2) High Pass Multiple Vulnerabilities in Cisco Security Agent (cisco-sa-20100217-csa) CVE-2010-0146 CVE-2010-0147 CVE-2010-0148 18 Sep 2013 6.8 (v2) Medium Pass FileZilla Server < 0.9.44 OpenSSL Heartbeat Information Disclosure (Heartbleed) CVE-2014-0160 21 Apr 2014 7.5 (v3) High Pass Palo Alto Networks PAN-OS 10.0.x < 10.0.1 Buﬀer Overﬂow CVE-2020-2042 11 Sep 2020 7.2 (v3) High Pass Serv-U < 10.3.0.1 SFTP Authentication Bypass 19 Nov 2010 6.8 (v2) Medium Pass Atmail Webmail 4.x < 4.6.1 (4.61) 'Global.pm' XSS CVE-2006-6702 18 Apr 2014 6.8 (v2) Medium Pass jRSS Widget Plugin for WordPress proxy.php 'url' Parameter Arbitrary File Access 12 Nov 2010 5 (v2) Medium Pass CGI Generic Command Execution (time-based, intrusive) 14 Jan 2011 7.5 (v2) High Pass Cisco Small Business Series Switch Detection 12 Nov 2021 None Pass Altiris Deployment Solution Server < 6.9.430 Multiple Vulnerabilities (SYM09-011) CVE-2009-3107 CVE-2009-3108 CVE-2009-3109 CVE-2009-3110 08 Jan 2010 7.9 (v2) High Pass Crystal Reports Server InfoView logonAction Parameter XSS 28 Jan 2011 4.3 (v2) Medium Pass F-Secure Internet Gatekeeper for Linux Log Disclosure (FSC-2011-1) CVE-2011-0453 18 Feb 2011 5 (v2) Medium Pass OpenSSL 1.0.1 < 1.0.1h Multiple Vulnerabilities CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2015-0292 06 Jun 2014 7.5 (v2) High Pass Check Point Endpoint Security Server Information Disclosure 17 Feb 2011 5.3 (v3) Medium Pass IBM Lotus Sametime Server stconf.nsf messageString Parameter XSS CVE-2011-1038 14 Mar 2011 5.8 (v2) Medium Pass TaskFreak! loadByKey() SQL Injection CVE-2010-1583 04 May 2010 7.5 (v2) High Pass IBM Lotus Domino iCalendar Email Address ORGANIZER:mailto Header Remote Overﬂow CVE-2010-3407 22 Apr 2011 9.3 (v2) High Pass Courier Mail Server < 0.50.1 DNS SPF Record Lookup Failure Memory Corruption DoS CVE-2005-2151 06 Jul 2005 2.6 (v2) Low Pass NNTP Service STARTTLS Plaintext Command Injection CVE-2012-3523 09 May 2011 4 (v2) Medium Pass ManageEngine SupportCenter Plus Default Administrator Credentials 28 Jun 2011 7.5 (v2) High Pass ACAP Service STARTTLS Plaintext Command Injection 27 May 2011 4 (v2) Medium Pass Adobe RoboHelp FlashHelp Unspeciﬁed XSS (APSB11-09) (uncredentialed check) CVE-2011-0613 20 May 2011 5.8 (v2) Medium Pass Apple iTunes < 10.5 Multiple Vulnerabilities (uncredentialed check) CVE-2010-1823 CVE-2011-0164 CVE-2011-0200 CVE-2011-0204 CVE-2011-0215 CVE-2011-0218 CVE-2011-0221 CVE-2011-0222 CVE-2011-0223 CVE-2011-0225 CVE-2011-0232 CVE-2011-0233 CVE-2011-0234 CVE-2011-0235 CVE-2011-0237 CVE-2011-0238 CVE-2011-0240 CVE-2011-0253 CVE-2011-0254 CVE-2011-0255 CVE-2011-0259 CVE-2011-0981 CVE-2011-0983 CVE-2011-1109 CVE-2011-1114 CVE-2011-1115 CVE-2011-1117 CVE-2011-1121 CVE-2011-1188 CVE-2011-1203 CVE-2011-1204 CVE-2011-1288 CVE-2011-1293 CVE-2011-1296 CVE-2011-1440 CVE-2011-1449 CVE-2011-1451 CVE-2011-1453 CVE-2011-1457 CVE-2011-1462 CVE-2011-1774 CVE-2011-1797 CVE-2011-2338 CVE-2011-2339 CVE-2011-2341 CVE-2011-2351 CVE-2011-2352 CVE-2011-2354 CVE-2011-2356 CVE-2011-2359 CVE-2011-2788 CVE-2011-2790 CVE-2011-2792 CVE-2011-2797 CVE-2011-2799 CVE-2011-2809 CVE-2011-2811 CVE-2011-2813 CVE-2011-2814 CVE-2011-2815 CVE-2011-2816 CVE-2011-2817 CVE-2011-2818 CVE-2011-2820 CVE-2011-2823 CVE-2011-2827 CVE-2011-2831 CVE-2011-3219 CVE-2011-3232 CVE-2011-3233 CVE-2011-3234 CVE-2011-3235 CVE-2011-3236 CVE-2011-3237 CVE-2011-3238 CVE-2011-3239 CVE-2011-3241 CVE-2011-3244 CVE-2011-325212 Oct 2011 9.3 (v2) High Pass HP Intelligent Management Center Branch Intelligent Management Module 7.x < 7.0-E0201P02 Multiple VulnerabilitiesCVE-2014-2618 CVE-2014-2619 CVE-2014-2620 CVE-2014-2621 CVE-2014-2622 21 Jul 2014 8.5 (v2) High Pass IBM WebSphere Application Server 8.0 < Fix Pack 1 Multiple Vulnerabilities CVE-2011-1355 CVE-2011-1356 CVE-2011-1359 CVE-2011-1368 CVE-2011-1411 CVE-2011-3192 30 Sep 2011 7.8 (v2) High Pass NNTP Service Cleartext Login Permitted 19 Dec 2011 2.6 (v2) Low Pass Ipswitch WS_FTP Server Manager /WSFTPSVR/FTPLogServer/LogViewer.asp Authentication Bypass CVE-2008-5692 08 Feb 2008 5 (v2) Medium Pass Puppet Enterprise 3.3.0 Bundled Oracle Java Vulnerabilities CVE-2014-2483 CVE-2014-2490 CVE-2014-4208 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4220 CVE-2014-4221 CVE-2014-4223 CVE-2014-4227 CVE-2014-4244 CVE-2014-4247 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4265 CVE-2014-4266 CVE-2014-426820 Aug 2014 10 (v2) Critical Pass BasiliX Webmail Content-Type Header XSS 09 Aug 2004 4.3 (v2) Medium Pass Oracle GlassFish Server 3.0.1 / 3.1.1 < 3.0.1.5 / 3.1.1.3 Administration Component Unspeciﬁed VulnerabilityCVE-2012-0104 02 Feb 2012 5 (v2) Medium Pass HP Data Protector Media Operations DBServer opcode 0x10 Traversal Arbitrary File Access 19 Mar 2012 5 (v2) Medium Pass Symantec Endpoint Protection Manager TestConnection.jsp 'Msg' Parameter XSS (SYM11-009 & SYM12-001)CVE-2011-0550 01 Feb 2012 4.3 (v2) Medium Pass MySQL Enterprise Monitor < 2.1.2 Multiple XSRF Vulnerabilities 07 Jun 2010 6.8 (v2) Medium Pass HP OpenView Network Node Manager Multiple Code Execution Vulnerabilities (HPSBMU02712 SSRT100649)CVE-2011-3165 CVE-2011-3166 CVE-2011-3167 28 Mar 2012 10 (v2) Critical Pass Oracle Primavera P6 Enterprise Project Portfolio Management Multiple Vulnerabilities (Jul 2020 CPU) CVE-2017-12610 CVE-2018-1288 CVE-2018-17196 CVE-2020-10683 CVE-2020-14653 CVE-2020-14706 15 Jul 2020 9.8 (v3) Critical Pass Lenovo ThinkManagement Console RunAMTCommand Operation -PutUpdateFileCore Command Parsing Arbitrary File UploadCVE-2012-1195 10 Apr 2012 10 (v2) Critical Pass TIBCO Spotﬁre Analytics Server Web Application Multiple Vulnerabilities CVE-2011-3132 CVE-2011-3133 CVE-2011-3134 13 Oct 2014 7.5 (v2) High Pass OpenSSL 1.0.0 < 1.0.0i ASN.1 asn1_d2i_read_bio Memory Corruption CVE-2012-2110 19 Apr 2012 7.5 (v2) High Pass OpenSSL 0.9.8 < 0.9.8x DTLS CBC Denial of Service CVE-2012-2333 11 May 2012 5 (v2) Medium Pass HP OpenView Network Node Manager Multiple Services Remote Overﬂow CVE-2005-1056 15 Sep 2005 10 (v2) Critical Pass Sharebar Plugin for WordPress 'sharebar-admin.php' 'status' Parameter XSS 30 May 2012 4.3 (v2) Medium Pass DNSSEC NSEC Records 12 Jul 2012 5 (v2) Medium Pass Oracle iPlanet Web Server 7.0.x < 7.0.15 Multiple Vulnerabilities CVE-2012-0516 CVE-2012-1738 27 Jun 2012 6.8 (v2) Medium Pass OpenSSH < 4.5 Multiple Vulnerabilities CVE-2006-4925 CVE-2006-5794 CVE-2007-0726 04 Oct 2011 7.5 (v2) High Pass Ipswitch WS_FTP Server < 6.1.1 Multiple Vulnerabilities (uncredentialed check) CVE-2008-0590 CVE-2008-0608 CVE-2008-5692 CVE-2008-5693 24 Aug 2009 9 (v2) High Pass Palo Alto Networks PAN-OS 8.1.x < 8.1.20-h1 / 9.0.x < 9.0.14-h3 / 9.1.x < 9.1.11-h2 / 10.0.x < 10.0.8 / 10.1.x < 10.1.3 VCVE-2021-3061ulnerability 18 Nov 2021 7.2 (v3) High 24

RELAYTO Penetration Test Results - Page 24

RELAYTO Penetration Test Results Page 23 Page 25