Pass SSH Known Hard Coded Private Keys CVE-2015-6358 CVE-2015-7255 CVE-2015-7256 CVE-2015-7276 CVE-2015-8251 08 Jan 2019 7.5 (v3) High Pass Apache Tomcat 8.0.x < 8.0.52 / 8.5.x < 8.5.31 / 9.0.x < 9.0.8 Denial of Service CVE-2018-1336 11 Jan 2019 7.5 (v3) High Pass MariaDB 10.0.0 < 10.0.37 Multiple Vulnerabilities CVE-2016-9843 CVE-2018-3143 CVE-2018-3156 CVE-2018-3174 CVE-2018-3251 CVE-2018-3282 16 Jan 2019 9.8 (v3) Critical Pass MariaDB 5.5.0 < 5.5.42 Multiple Vulnerabilities CVE-2015-0433 CVE-2015-0441 CVE-2015-2568 CVE-2015-2573 16 Jan 2019 7.5 (v3) High Pass MySQL 8.0.x < 8.0.14 Multiple Vulnerabilities (Jan 2019 CPU) CVE-2018-0734 CVE-2018-3123 CVE-2019-2420 CVE-2019-2434 CVE-2019-2436 CVE-2019-2455 CVE-2019-2481 CVE-2019-2482 CVE-2019-2486 CVE-2019-2494 CVE-2019-2495 CVE-2019-2502 CVE-2019-2503 CVE-2019-2507 CVE-2019-2510 CVE-2019-2513 CVE-2019-2528 CVE-2019-2529 CVE-2019-2530 CVE-2019-2531 CVE-2019-2532 CVE-2019-2533 CVE-2019-2534 CVE-2019-2535 CVE-2019-2536 CVE-2019-2537 CVE-2019-253917 Jan 2019 7.1 (v3) High Pass MySQL 5.7.x < 5.7.25 Multiple Vulnerabilities (Jan 2019 CPU) CVE-2018-0734 CVE-2018-3123 CVE-2019-2420 CVE-2019-2434 CVE-2019-2455 CVE-2019-2481 CVE-2019-2482 CVE-2019-2503 CVE-2019-2507 CVE-2019-2510 CVE-2019-2528 CVE-2019-2529 CVE-2019-2531 CVE-2019-2532 CVE-2019-2534 CVE-2019-253717 Jan 2019 7.1 (v3) High Pass MySQL 5.6.x < 5.6.43 Multiple Vulnerabilities (Jan 2019 CPU) CVE-2018-0734 CVE-2018-3123 CVE-2019-2455 CVE-2019-2481 CVE-2019-2482 CVE-2019-2503 CVE-2019-2507 CVE-2019-2529 CVE-2019-2531 CVE-2019-2534 CVE-2019-253717 Jan 2019 7.1 (v3) High Pass File Alteration Monitor daemon (famd) Detection 02 May 2005 None Pass MariaDB 10.2.0 < 10.2.19 Multiple Vulnerabilities CVE-2016-9843 CVE-2018-3143 CVE-2018-3156 CVE-2018-3162 CVE-2018-3173 CVE-2018-3174 CVE-2018-3185 CVE-2018-3200 CVE-2018-3251 CVE-2018-3277 CVE-2018-3282 CVE-2018-328425 Jan 2019 9.8 (v3) Critical Pass VMware ESX / ESXi Web-Based Datastore Browser Default Credentials 24 Jan 2019 9.8 (v3) Critical Pass PHP 7.2.x < 7.2.14 Multiple vulnerabilities. CVE-2016-10166 CVE-2018-19935 CVE-2019-6977 CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 24 Jan 2019 9.8 (v3) Critical Pass PHP 7.3.x < 7.3.1 Multiple vulnerabilities. CVE-2016-10166 CVE-2019-6977 CVE-2019-9020 CVE-2019-9021 CVE-2019-9023 CVE-2019-9024 CVE-2019-9025 30 Jan 2019 9.8 (v3) Critical Pass JBoss Remoting RemoteMessageChannel DoS (intrusive check) CVE-2018-1041 31 Jan 2019 7.5 (v3) High Pass MariaDB 10.1 < 10.1.31 Multiple Vulnerabilities CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-3133 28 Jan 2019 7.1 (v3) High Pass iLO 3 < 1.88 Information Disclosure Vulnerability CVE-2016-4379 15 Feb 2019 3.7 (v3) Low Pass iLO 2 2.29 Remote Code Execution Vulnerability CVE-2017-8979 26 Feb 2019 9.8 (v3) Critical Pass MongoDB 3.4.x < 3.4.10 / 3.5.x < 3.6.0-rc0 mongod CVE-2017-15535 21 Feb 2019 9.1 (v3) Critical Pass EMC RSA Archer < 6.4.1.5 / 6.5.x < 6.5.0.2 Multiple Vulnerabilities CVE-2019-3715 CVE-2019-3716 07 Mar 2019 7.8 (v3) High Pass EMC RSA Authentication Manager < 8.4 P1 Insecure Credential Management (DSA-2019-038) CVE-2019-3711 08 Mar 2019 7.2 (v3) High Pass VMWare STARTTLS Support 01 Mar 2019 None Pass Logstash ESA-2019-05 CVE-2019-7612 20 Mar 2019 9.8 (v3) Critical Pass phpMyAdmin 4.x < 4.8.5 Multiple Vulnerabilities (PMASA-2019-1) (PMASA-2019-2) CVE-2019-6798 CVE-2019-6799 27 Mar 2019 9.8 (v3) Critical Pass Elasticsearch ESA-2019-04 CVE-2019-7611 20 Mar 2019 8.1 (v3) High Pass Aruba VAN SDN Controller Detection 12 Mar 2019 None Pass WePresent file_transfer.cgi Remote Command Execution CVE-2019-3929 30 Apr 2019 9.8 (v3) Critical Pass Oracle RDBMS Host Name and Patch Info 26 Apr 2010 None Pass Apache Storm WebUI Detection 28 Feb 2019 None Pass Trihedral VTScada 8.x < 11.2.02 Multiple Vulnerabilities CVE-2016-4510 CVE-2016-4523 CVE-2016-4532 28 Sep 2017 9.1 (v3) Critical Pass ESXi 6.0 / 6.5 / 6.7 Multiple Vulnerabilities (VMSA-2019-0005) (Remote Check) CVE-2019-5518 CVE-2019-5519 29 Mar 2019 6.8 (v3) Medium Pass Magento 2.2.x < 2.2.8 / 2.3.x < 2.3.1 Unauthenticated SQLi 29 Mar 2019 10 (v3) Critical Pass Oracle GlassFish Server Path Traversal CVE-2017-1000028 30 May 2018 7.5 (v3) High Pass Apache Tomcat HTTP PUT JSP File Upload RCE CVE-2017-12617 04 Dec 2017 8.1 (v3) High Pass CyberArk Password Vault Web Access .NET Object Deserialization (Direct Check) CVE-2018-9843 01 Jun 2018 9.8 (v3) Critical Pass Slimstat Analytics Plugin for WordPress < 4.7.1 PHP Object Injection 05 Dec 2017 7.4 (v3) High Pass Ultimate Form Builder Lite for WordPress < 1.3.7 SQL Injection CVE-2017-15919 05 Dec 2017 9.8 (v3) Critical Pass Zabbix Server 'active checks' Command Injection CVE-2017-2824 06 Dec 2017 8.1 (v3) High Pass MariaDB 10.2.x < 10.2.10 Multiple Vulnerabilities CVE-2017-3302 CVE-2017-3308 CVE-2017-3309 CVE-2017-3313 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-10268 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 CVE-2017-1536507 Dec 2017 8.8 (v3) High Pass Smush Image Plugin for WordPress < 2.7.6 Directory Traversal CVE-2017-15079 12 Dec 2017 7.5 (v3) High Pass RegistrationMagic Plugin for WordPress < 3.7.9.3 PHP Object Injection 12 Dec 2017 8.3 (v3) High Pass Gallery Bank Plugin for WordPress < 2.0.20 XSS 15 Dec 2017 2.4 (v3) Low Pass WP Symposium Plugin Arbitrary File Upload CVE-2014-10021 19 Dec 2017 10 (v3) Critical Pass Palo Alto Networks PAN-OS Management Interface RCE (PAN-SA-2017-0027) CVE-2017-15944 20 Dec 2017 9.8 (v3) Critical Pass GitHub Enterprise Detection 19 Dec 2017 None Pass ESXi 5.5 / 6.0 / 6.5 / Multiple Vulnerabilities (VMSA-2017-0021) (VMSA-2018-0002) (Spectre) (remote check)CVE-2017-4940 CVE-2017-4941 CVE-2017-5715 CVE-2017-5753 29 Dec 2017 7.5 (v3) High Pass ESXi 6.5 < Build 6765664 Heap Buffer Overflow (VMSA-2017-0021) (remote check) CVE-2017-4933 05 Jan 2018 7.5 (v3) High Pass Apple iTunes < 12.7.2 WebKit Multiple Vulnerabilities (uncredentialed check) CVE-2017-7156 CVE-2017-7157 CVE-2017-7160 CVE-2017-13856 CVE-2017-13866 CVE-2017-13870 08 Jan 2018 8.8 (v3) High Pass Elasticsearch Transport Protocol Unspecified Remote Code Execution CVE-2015-5377 11 Jan 2018 9.8 (v3) Critical Pass Oracle WebLogic WSAT Remote Code Execution CVE-2017-10271 28 Dec 2017 7.5 (v3) High Pass Apple iTunes < 12.7.3 WebKit Multiple Vulnerabilities (uncredentialed check) CVE-2018-4088 CVE-2018-4096 26 Jan 2018 8.8 (v3) High Pass Symantec (Blue Coat) Reporter Multiple Vulnerabilities (SA158) CVE-2017-15531 26 Jan 2018 9.8 (v3) Critical Pass Weak DH Key Exchange Supported (PCI DSS) CVE-2015-4000 29 Jan 2018 3.7 (v3) Low Pass pfSense < 2.1.1 Multiple Vulnerabilities (SA-14_02 / SA-14_03) CVE-2013-4353 CVE-2013-5211 CVE-2013-6449 CVE-2013-6450 CVE-2014-1452 31 Jan 2018 8.8 (v3) High Pass pfSense < 2.2.1 Multiple Vulnerabilities (SA-15_02 - SA-15_04) CVE-2015-2294 CVE-2015-2295 31 Jan 2018 7.1 (v3) High Pass pfSense < 2.2.6 Multiple Vulnerabilities (SA-15_09 / SA-15_10 / SA-15_11) CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-8023 31 Jan 2018 9 (v3) Critical Pass pfSense < 2.3.3 Multiple Vulnerabilities (SA-17_01 - SA-17_03) CVE-2016-1889 CVE-2016-6559 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-8610 CVE-2016-8858 CVE-2016-9310 CVE-2016-9311 CVE-2016-9312 CVE-2016-10009 CVE-2016-1001031 Jan 2018 9.8 (v3) Critical Pass pfSense < 2.3.4 Multiple Vulnerabilities (SA-17_04) CVE-2016-9042 CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464 CVE-2017-7407 CVE-2017-746831 Jan 2018 9.8 (v3) Critical Pass pfSense 2.3.x < 2.3.5 / 2.4.x < 2.4.2 Multiple XSS Vulnerabilites (SA-17_08 / SA-17_09) CVE-2017-1000479 31 Jan 2018 8.8 (v3) High Pass Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check) 09 Feb 2018 None Pass IBM San Volume Controller / Storwize / FlashSystem 8.1.x < 8.1.0.1 privilege escalation vulnerability CVE-2017-1710 15 Feb 2018 9.8 (v3) Critical Pass Apple TV < 11.2.6 Telugu Character Handling Remote Memory Corruption Vulnerability CVE-2018-4124 23 Feb 2018 9.8 (v3) Critical Pass Lantronix Universal Device Server UDS1100 Version 12 Feb 2018 None Pass VMware AirWatch Console 9.1.x < 9.1.5 / 9.2.x < 9.2.2 XSRF CVE-2017-4951 02 Feb 2018 8.8 (v3) High Pass Hikvision IP Camera Remote Authentication Bypass CVE-2017-7921 CVE-2017-7923 28 Feb 2018 10 (v3) Critical Pass Cisco UCS Central Software < 2.0(1c) HTTP Request Handling RCE CVE-2018-0113 06 Mar 2018 8.8 (v3) High Pass Quest DR Series Appliance Web Detection 08 Mar 2018 None Pass Trend Micro Smart Protection Server Session Hijacking Via Log File Disclosure CVE-2017-11398 08 Mar 2018 8.8 (v3) High Pass Apache Traffic Server 6.x < 6.2.2 / 7.x < 7.1.2 Host Header and Line Folding Vulnerability CVE-2017-5660 08 Mar 2018 8.6 (v3) High Pass Apache Traffic Server 5.2.0 - 5.3.2 / 6.x < 6.2.2 / 7.x < 7.1.2 TLS Handshake DoS CVE-2017-7671 08 Mar 2018 7.5 (v3) High Pass Adobe Connect < 9.7.5 Multiple Vulnerabilities (APSB18-06) CVE-2018-4921 CVE-2018-4923 14 Mar 2018 9.1 (v3) Critical Pass Aspen HTTP Server Detection 16 Mar 2018 None Pass Apache 2.4.x < 2.4.33 Multiple Vulnerabilities (deprecated) CVE-2017-15710 CVE-2017-15715 CVE-2018-1283 CVE-2018-1301 CVE-2018-1302 CVE-2018-1303 CVE-2018-1312 30 Mar 2018 9.8 (v3) Critical Pass OS Identification : UPnP 29 Mar 2018 None Pass MS09-003: Microsoft Exchange Remote Code Execution (959239) (Uncredentialed) CVE-2009-0098 CVE-2009-0099 03 Apr 2018 9.8 (v3) Critical Pass Microsoft SQL Server TCP/IP Listener Product Database Detection 19 Mar 2018 None Pass Microsoft SQL Server Default Credentials (PCI wordlist) 26 Mar 2018 9.8 (v3) Critical Pass pfSense < 2.3.5 Multiple Vulnerabilities (KRACK) CVE-2017-12837 CVE-2017-12883 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13082 CVE-2017-13084 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088 CVE-2017-13704 CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-1449613 Apr 2018 9.8 (v3) Critical Pass pfSense < 2.4.3 Multiple Vulnerabilities (SA-18_01 / SA-18_02 / SA-18_03) (Meltdown) (Spectre) CVE-2017-5715 CVE-2017-5754 CVE-2018-6916 13 Apr 2018 9.8 (v3) Critical Pass Oracle Primavera Unifier Multiple Vulnerabilities (April 2018 CPU) CVE-2017-7525 CVE-2017-15095 19 Apr 2018 9.8 (v3) Critical Pass Do not scan operational technology devices 18 Apr 2018 None Pass Oracle WebLogic SNMP Detection (TCP) 01 May 2018 None Pass Oracle WebLogic SNMP Detection (UDP) 01 May 2018 None Pass Oracle WebLogic HTTP Detection 03 May 2018 None Pass WAS Target Scanning for PCI 04 Jan 2019 None Pass Adobe <= 9.7.5 Connect Authentication Bypass Vulnerability (APSB18-18, APSB18-22) CVE-2018-4994 CVE-2018-12804 CVE-2018-12805 11 May 2018 9.8 (v3) Critical Pass HP Network Automation 10.0x < 10.00.023 / 10.1x < 10.11.06 / 10.2x < 10.21.05 / 10.3x < 10.30.03 / 10.4x < 10.40.01 / 10.5x < 10.50.01 Multiple VCVE-2018-6492 CVE-2018-6493 ulnerabilities 18 May 2018 8.8 (v3) High Pass PHP 7.2.x < 7.2.5 Stack Buffer Overflow CVE-2018-10545 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 CVE-2018-10549 04 May 2018 8.8 (v3) High Pass ISC BIND 9.12.x < 9.12.1-P1 Multiple Vulnerabilities CVE-2018-5736 CVE-2018-5737 22 May 2018 7.5 (v3) High Pass Apple iTunes < 12.6 Multiple Vulnerabilities (uncredentialed check) CVE-2009-3270 CVE-2009-3560 CVE-2009-3720 CVE-2012-1147 CVE-2012-1148 CVE-2012-6702 CVE-2013-7443 CVE-2015-1283 CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 CVE-2015-3717 CVE-2015-6607 CVE-2016-0718 CVE-2016-4472 CVE-2016-5300 CVE-2016-6153 CVE-2017-2383 CVE-2017-2463 CVE-2017-2479 CVE-2017-2480 CVE-2017-502908 May 2017 9.8 (v3) Critical Pass Elasticsearch Detection 21 May 2018 None Pass HP Service Manager Detection 18 May 2018 None Pass Logstash JSON API Detection 21 May 2018 None Pass Apple iTunes < 12.6.1 WebKit Memory Corruption RCE (uncredentialed check) CVE-2017-6984 19 May 2017 8.8 (v3) High Pass PHP 7.0.x < 7.0.19 Multiple Vulnerabilities CVE-2017-8923 CVE-2017-9119 25 May 2017 9.8 (v3) Critical Pass Trend Micro SafeSync for Enterprise Authentication Bypass 05 Jun 2017 7.5 (v3) High Pass GE Multilin UR / URPlus / B95Plus Relay Web Interface Detection 26 May 2017 None Pass IBM BigFix Compliance 1.9.70 Multiple Vulnerabilities CVE-2017-1178 CVE-2017-1179 CVE-2017-1196 CVE-2017-1197 09 Jun 2017 9.8 (v3) Critical Pass Redis Server Unprotected by Password Authentication 06 Jun 2017 9.8 (v3) Critical Pass Adobe Captivate Quiz Reporting Feature 'internalServerReporting.php' File Upload RCE CVE-2017-3087 16 Jun 2017 7.5 (v3) High Pass Adobe Captivate Quiz Reporting Feature 'internalserverread.php' Remote File Disclosure (APSB17-19) CVE-2017-3087 16 Jun 2017 7.5 (v3) High Pass Apache 2.2.x < 2.2.33-dev / 2.4.x < 2.4.26 Multiple Vulnerabilities CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 22 Jun 2017 9.8 (v3) Critical Pass Check_MK Agent for Linux 1.2.3i < 1.2.5i3 Arbitrary File Disclosure CVE-2014-0243 28 Jun 2017 5.5 (v3) Medium Pass WP Statistics Plugin for WordPress < 12.0.8 'functions.php' wp_statistics_searchengine_query() SQLi 07 Jul 2017 8.8 (v3) High Pass WP Statistics Plugin for WordPress 'functions.php' wp_statistics_searchengine_query() SQLi 07 Jul 2017 8.8 (v3) High Pass EMC RSA Archer < 6.2.0.2 Multiple Vulnerabilities CVE-2017-4998 CVE-2017-4999 CVE-2017-5000 CVE-2017-5001 CVE-2017-5002 07 Jul 2017 8.8 (v3) High Pass Adobe Connect < 9.6.2 Multiple Vulnerabilities (APSB17-22) CVE-2017-3101 CVE-2017-3102 CVE-2017-3103 12 Jul 2017 7.5 (v3) High Pass Foscam C1 IP Camera FTP Hard Coded Password CVE-2016-8731 14 Jul 2017 9.8 (v3) Critical Pass Apache 2.2.x < 2.2.34 Multiple Vulnerabilities CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679 CVE-2017-9788 18 Jul 2017 9.8 (v3) Critical Pass PHP 5.6.x < 5.6.31 Multiple Vulnerabilities CVE-2017-6004 CVE-2017-7890 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 CVE-2017-11142 CVE-2017-11143 CVE-2017-11144 CVE-2017-11145 CVE-2017-11628 CVE-2017-1293313 Jul 2017 9.8 (v3) Critical Pass PHP 7.0.x < 7.0.21 Multiple Vulnerabilities CVE-2017-6004 CVE-2017-7890 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 CVE-2017-11144 CVE-2017-11145 CVE-2017-11362 CVE-2017-11628 CVE-2017-12933 CVE-2017-1293413 Jul 2017 9.8 (v3) Critical Pass AXIS gSOAP Message Handling RCE (ACV-116267) (Devil's Ivy) CVE-2017-9765 19 Jul 2017 8.1 (v3) High Pass Linksys Smart Wi-Fi Router Default Credentials 19 Jul 2017 9.8 (v3) Critical Pass EMC RSA Authentication Manager < 8.2 SP1 Patch 1 Token Profile Name Stored XSS (ESA-2017-068) CVE-2017-8000 20 Jul 2017 4.8 (v3) Medium 72
RELAYTO Penetration Test Results Page 71 Page 73