RELAYTO Penetration Test Results (9/101)

Pass WebWeaver FTP Aborted RETR Command Remote DoS 06 May 2003 5.3 (v3) Medium Pass thttpd Host Header Traversal Arbitrary File Access CVE-2002-1562 CVE-2003-0899 06 May 2003 5 (v2) Medium Pass FTGatePro Mail Server Multiple Command Remote Overﬂow CVE-2003-0263 06 May 2003 5 (v2) Medium Pass Sambar Server Cleartext Password Transmission 07 May 2003 4.3 (v2) Medium Pass FileMaker Pro Client Request User Passwords Remote Disclosure 07 May 2003 7.5 (v2) High Pass StockMan Shopping Cart shop.plx Path Disclosure 05 May 2003 5 (v2) Medium Pass Mike Bobbitt's album.pl Alternative Conﬁguration File Remote Command Execution CVE-2003-1456 06 May 2003 5 (v2) Medium Pass SLMail < 5.1.0.4433 Multiple Command Remote Overﬂows CVE-2003-0264 07 May 2003 7.5 (v2) High Pass ArGoSoft Mail Server HTTP Daemon GET Request Saturation DoS 11 Jun 2003 5 (v2) Medium Pass PT News Unauthorized Administrative Access 07 May 2003 6.4 (v2) Medium Pass SLMail WebMail Multiple Remote Overﬂows CVE-2003-0266 CVE-2003-0267 CVE-2003-0268 07 May 2003 7.5 (v2) High Pass mod_survey For Apache ENV Tags SQL Injection 09 May 2003 7.5 (v2) High Pass MailMaxWeb Cookie Application Path Disclosure 07 May 2003 5 (v2) Medium Pass BEA WebLogic SSIServlet Invocation Source Code Disclosure CVE-2000-0683 08 May 2003 5 (v2) Medium Pass Ikonboard FUNC.pm lang Cookie Arbitrary Command Execution CVE-2003-0770 08 May 2003 7.5 (v2) High Pass Cacti index.php/sql.php Login Action login_username Parameter SQL Injection CVE-2008-0785 13 Feb 2008 7.5 (v2) High Pass Eserv Non-Terminated Connection Saturation DoS 12 May 2003 7.8 (v2) High Pass VMware vCenter Server 6.0.x < 6.0u2 Unspeciﬁed HTTP Header Injection (VMSA-2016-0010) CVE-2016-5331 11 Aug 2016 6.1 (v3) Medium Pass Proxy Web Server XSS CVE-2003-0292 19 May 2003 4.3 (v2) Medium Pass Lovgate Virus Detection 19 May 2003 10 (v2) Critical Pass Juniper Junos OS Vulnerability (JSA11115) CVE-2019-8936 15 Apr 2021 7.5 (v3) High Pass MailMax IMAP Server SELECT Command Remote Overﬂow CVE-2003-0319 19 May 2003 6.5 (v2) Medium Pass BadBlue ISAPI Extension ext.dll LoadPage Parameter Arbitrary File Access 20 May 2003 7.6 (v2) High Pass WsMp3 Daemon (WsMp3d) HTTP Traversal Arbitrary File Execution/Access CVE-2003-0338 21 May 2003 7.5 (v2) High Pass BLNews objects.inc.php4 Server[path] Parameter Remote File Inclusion CVE-2003-0394 27 May 2003 8.3 (v3) High Pass Juniper Junos OS Vulnerability (JSA11152) CVE-2021-0261 15 Apr 2021 7.5 (v3) High Pass ShareMailPro POP3 Interface Error Message Account Enumeration 27 May 2003 5 (v2) Medium Pass SolarWinds Storage Resource Monitor Proﬁler addNewRule SQL Injection RCE 26 Jul 2016 10 (v2) Critical Pass Synchrologic Email Accelerator aggregate.asp User Account Disclosure 28 May 2003 5 (v2) Medium Pass TextPortal Default Passwords 28 May 2003 7.5 (v2) High Pass CafeLog B2 Multiple Script Remote File Inclusion 29 May 2003 8.3 (v3) High Pass Webfroot shoutbox.php conf Parameter Traversal Local File Inclusion 29 May 2003 7.5 (v2) High Pass iisPROTECT Unpassworded Administrative Interface 28 May 2003 7.5 (v2) High Pass Microsoft Media Services ISAPI nsiislog.dll Multiple Overﬂows CVE-2003-0227 CVE-2003-0349 28 May 2003 10 (v2) Critical Pass BaSoMail SMTP Multiple Command Remote Overﬂow DoS 02 Jun 2003 10 (v2) Critical Pass Bandmin 1.4 index.cgi Multiple Parameter XSS CVE-2003-0416 29 May 2003 4.3 (v2) Medium Pass Super-M Son hServer URI Traversal Arbitrary File Access CVE-2003-0417 02 Jun 2003 5 (v2) Medium Pass mod_gzip Detection 02 Jun 2003 5 (v2) Medium Pass ST FTP Service Arbitrary File/Directory Access CVE-2003-0392 02 Jun 2003 5.3 (v3) Medium Pass Linux NFS utils package (nfs-utils) mountd xlog Function Oﬀ-by-one Remote Overﬂow CVE-2003-0252 23 Jul 2003 10 (v2) Critical Pass IBM WebSphere Application Server < 6.1.0.17 Multiple Vulnerabilities CVE-2008-2550 CVE-2009-0435 10 Jun 2008 7.5 (v2) High Pass PostNuke Rating System DoS 02 Jun 2003 5 (v2) Medium Pass Xpressions Interactive Multiple Products login.asp SQL Injection 04 Jun 2003 7.5 (v2) High Pass Cisco IDS Device Manager Detection 03 Jun 2003 None Pass Juniper Junos OS Vulnerability (JSA11155) CVE-2021-0264 15 Apr 2021 7.5 (v3) High Pass zenTrack index.php conﬁgFile Parameter Traversal Arbitrary Files Access 09 Jun 2003 5 (v2) Medium Pass Gnutella Root Directory Misconﬁguration 11 Jun 2003 7.8 (v2) High Pass Avirt Multiple Product HTTP Proxy Overﬂow (deprecated) CVE-2002-0133 11 Jun 2003 7.5 (v2) High Pass Bugbear.B Web Backdoor Detection 09 Jun 2003 10 (v2) Critical Pass Oracle WebLogic Server Plug-in Remote Overﬂow (1166189) CVE-2008-5457 15 Jan 2009 10 (v2) Critical Pass Bugbear.B Worm Detection 11 Jun 2003 10 (v2) Critical Pass Inﬁnity CGI Exploit Scanner Multiple Vulnerabilities 16 Jun 2003 7.5 (v2) High Pass Secure HyperText Transfer Protocol (S-HTTP) Detection 11 Jun 2003 5 (v2) Medium Pass Proxomitron GET Request Overﬂow Remote DoS 18 Jun 2003 5 (v2) Medium Pass NGC Active FTPServer 2002 Multiple Command Remote DoS 18 Jun 2003 10 (v2) Critical Pass CUPS Printer List Disclosure 18 Jun 2003 5 (v2) Medium Pass pMachine lib.inc.php pm_path Parameter Remote File Inclusion CVE-2003-1086 16 Jun 2003 7.3 (v3) High Pass Psunami.CGI Command Execution 17 Jun 2003 7.5 (v2) High Pass Juniper Junos OS Vulnerability (JSA11143) CVE-2021-0250 15 Apr 2021 7.5 (v3) High Pass Vignette StoryServer < 6.0.4 Arbitrary TCL Code Execution CVE-2003-0398 CVE-2003-0399 CVE-2003-0402 CVE-2003-0405 17 Jun 2003 7.5 (v2) High Pass PostgreSQL Authentication Module (mod_sql) for ProFTPD USER Name Parameter SQL Injection CVE-2003-0500 19 Jun 2003 7.5 (v2) High Pass Zope Invalid Query Path Disclosure 23 Jun 2003 5 (v2) Medium Pass TMaxSoft JEUS url.jsp URI XSS 19 Jun 2003 4.3 (v2) Medium Pass Cajun Switch Negative Integer Handling Remote DoS 18 Jun 2003 7.8 (v2) High Pass UPnP TCP Helper Detection 19 Jun 2003 None Pass Abyss Web Server GET Request Multiple Vulnerabilities CVE-2003-1337 30 Jun 2003 7.5 (v2) High Pass iXmail index.php password Parameter SQL Injection 27 Jun 2003 7.5 (v2) High Pass ProductCart Multiple Vulnerabilities CVE-2003-0522 CVE-2003-0523 CVE-2003-1304 08 Jul 2003 5 (v2) Medium Pass VP-ASP shopexd.asp catalogid Parameter SQL Injection CVE-2002-1919 08 Jul 2003 7.5 (v2) High Pass IBM BigFix Server 9.2.x < 9.2.8.74 .beswrpt File Handling XSS CVE-2016-0293 30 Aug 2016 6.1 (v3) Medium Pass UnrealIRCd OperServ Raw Channel Join DoS 21 Jul 2003 5 (v2) Medium Pass FTP Server Copyrighted Material Present 26 Jun 2003 None Pass Forum51/Board51/News51 Users Disclosure 21 Jul 2003 5 (v2) Medium Pass Juniper Junos OS Vulnerability (JSA11166) CVE-2021-0275 15 Apr 2021 8.8 (v3) High Pass WebCalendar long.php user_inc Parameter Traversal Arbitrary File Access 21 Jul 2003 6.8 (v2) Medium Pass TrueType Font Server for X11 (xfstt) Malformed Packet Remote Overﬂow CVE-2003-0581 01 Aug 2003 10 (v2) Critical Pass RIP Poisoning Routing Table Modiﬁcation 03 Sep 2003 7.5 (v2) High Pass TFTP Daemon Detection 13 Aug 2003 None Pass RIP Detection 28 Aug 2003 None Pass Dropbear SSH Server Username Remote Format String 20 Aug 2003 10 (v2) Critical Pass myPHPNuke phptonuke.php ﬁlnavn Parameter Traversal Arbitrary File Access CVE-2002-1913 31 Aug 2003 5 (v2) Medium Pass Stellar Docs Malformed Query Path Disclosure 11 Aug 2003 5 (v2) Medium Pass Sendmail < 8.12.10 prescan() Function Remote Overﬂow CVE-2003-0681 CVE-2003-0694 17 Sep 2003 10 (v3) Critical Pass WinMX Detection (uncredentialed check) 22 Sep 2003 5.3 (v3) Medium Pass FastTrack (FT) Crafted Packet Handling Remote Overﬂow CVE-2003-0397 22 Sep 2003 7.5 (v2) High Pass Exclude top-level domain wildcard hosts 18 Sep 2003 None Pass Overnet Detection 22 Sep 2003 None Pass Solaris sadmind AUTH_SYS Credential Remote Command Execution CVE-2003-0722 19 Sep 2003 10 (v2) Critical Pass myPHPNuke My_eGallery gallery/displayCategory.php basepath Parameter Remote File Inclusion CVE-2006-6795 12 Sep 2003 8.3 (v3) High Pass ISC BIND < 4.9.11 stub resolver (libresolv.a) DNS Response Overﬂow CVE-2002-0029 29 Sep 2003 10 (v2) Critical Pass MyServer 0.4.3 / 0.7 Crafted Traversal Arbitrary File Access CVE-2004-2516 26 Sep 2003 5 (v2) Medium Pass WordPress 'blog.header.php' Multiple Parameter SQL Injection 03 Oct 2003 7.5 (v2) High Pass EMC Documentum D2 4.5.x < 4.5 P15 / 4.6.x < 4.6 P03 r_object_id Handling Unauthenticated Document DisclosurCVE-2016-6644e (ESA-2016-108) 26 Sep 2016 5.3 (v3) Medium Pass Fluxay Sensor Detection 13 Oct 2003 10 (v2) Critical Pass Wollf Backdoor Detection 13 Oct 2003 10 (v2) Critical Pass OpenSSL ASN.1 Parser Multiple Remote DoS CVE-2003-0543 CVE-2003-0544 CVE-2003-0545 CVE-2005-1247 CVE-2005-1730 10 Oct 2003 9.3 (v2) High Pass XtraMail SMTP HELO Command Remote Overﬂow CVE-1999-1511 10 Nov 1999 10 (v2) Critical Pass Symantec Backup Exec System Recovery Manager FileUpload Class Unauthorized File Upload CVE-2008-0457 09 Feb 2008 10 (v2) Critical Pass myPHPcalendar Multiple Scripts cal_dir Parameter Remote File Inclusion CVE-2006-6812 12 Oct 2003 8.3 (v3) High Pass NIPrint LPD-LPR Print Server String Handling Remote Overﬂow CVE-2003-1141 17 Nov 2003 7.5 (v2) High Pass Monkey HTTP Daemon (monkeyd) Post_Method Function Crafted Content-Length Header DoS CVE-2002-1663 13 Nov 2003 5.3 (v3) Medium Pass TinyWeb cgi-bin Crafted HTTP GET Request DoS CVE-2003-1510 16 Oct 2003 7.8 (v2) High Pass Quagga / Zebra Malformed Telnet Command Denial of Service CVE-2003-0795 17 Nov 2003 5 (v2) Medium Pass SAP DB / MaxDB Detection 22 Nov 2003 None Pass VMware ESX Multiple Vulnerabilities (VMSA-2010-0007) (remote check) CVE-2009-3732 CVE-2010-1141 CVE-2010-1142 08 Mar 2016 10 (v2) Critical Pass Ebola AV Daemon < 0.1.5 Authentication Sequence Remote Overﬂow 10 Dec 2003 7.5 (v2) High Pass OpenSSL 0.9.8 < 0.9.8zb Multiple Vulnerabilities CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3510 08 Aug 2014 4.3 (v2) Medium Pass VP-ASP shopsearch SQL Injection 04 Dec 2003 4.4 (v2) Medium Pass SGDynamo sgdynamo.exe HTNAME Parameter Path Disclosure 18 Dec 2003 4.3 (v2) Medium Pass CVS PServer CVSROOT Passwd File Arbitrary Code Execution 01 Jan 2004 9 (v2) High Pass Jordan's Windows Telnet Server Password Handling Remote Overﬂow 01 Jan 2004 7.5 (v2) High Pass eScan Server Management Console (eserv.exe) FTP Server Arbitrary File Download CVE-2008-1221 07 Mar 2008 5 (v2) Medium 9

RELAYTO Penetration Test Results - Page 9

RELAYTO Penetration Test Results Page 8 Page 10