Web Application Vulnerabilities

Hackers today have an ever increasing list of weaknesses in the web application structure at their disposal, which they can exploit to accomplish a wide variety of malicious tasks.

New flaws in web application security measures are constantly being researched, both by hackers and by security professionals. Most of these flaws affect all dynamic web applications whilst others are dependent on specific application technologies. In both cases, one may observe how the evolution and refinement of web technologies also brings about new exploits which compromise sensitive databases, provide access to theoretically secure networks, and pose a threat to the daily operation of online businesses.

The following is a list of known web application vulnerabilities / threats.  Acunetix WVS also scans hundreds of well known applications such as WordPress, PHPNuke, PHPMyAdmin, Mambo, phpBB, OpenX etc heuristicly for the detection of those exploits which have not yet been identified and tagged.

Subscribe to Acunetix Web Application Security Blog to keep up to date with the latest web security news

Web Application Vulnerabilities

Backup files Security Vulnerability
Blind SQL/XPath injection Security Vulnerability
Code execution Security Vulnerability
Common files Security Vulnerability
Cookie manipulation Security Vulnerability
CRLF injection/HTTP response splitting Security Vulnerability
Cross Site Scripting Security Vulnerability
Cross Site Scripting in path Security Vulnerability
Cross Site Scripting in URI Security Vulnerability
DELETE Method Enabled Security Vulnerability
Directories with executables permission enabled Security Vulnerability
Directories with write permissions enabled Security Vulnerability
Directory Listing Security Vulnerability
Directory Traversal Security Vulnerability
Email address found Security Vulnerability
File inclusion Security Vulnerability
Full path disclosure Security Vulnerability
Possible sensitive files Security Vulnerability
PUT Method Enabled Security Vulnerability
Script source code disclosure Security Vulnerability
Sensitive data not encrypted Security Vulnerability
Source code disclosure Security Vulnerability
SQL injection Security Vulnerability
TRACE method is enabled Security Vulnerability
TRACK method is enabled Security Vulnerability
Trojan shell script Security Vulnerability
URL redirection Security Vulnerability
XFS vulnerability Security Vulnerability
XPath Injection vulnerability Security Vulnerability