WEB VULNERABILITY SCANNER DOWNLOAD TRIAL FREE EDITION PRODUCT TOUR WEB SITE SECURITY CENTRE

Web Application Vulnerabilities

Hackers today have an ever increasing list of weaknesses in the web application structure at their disposal, which they can exploit to accomplish a wide variety of malicious tasks.

New flaws in web application security measures are constantly being researched, both by hackers and by security professionals. Most of these flaws affect all dynamic web applications whilst others are dependent on specific application technologies. In both cases, one may observe how the evolution and refinement of web technologies also brings about new exploits which compromise sensitive databases, provide access to theoretically secure networks, and pose a threat to the daily operation of online businesses.

The following is a list of known web application vulnerabilities / threats, and the specific technologies which they target. These vulnerability "signatures" also spawn the need for the heuristic scanning capabilities of Acunetix WVS, for the detection of those exploits which have not yet been identified and tagged.

Subscribe to the Web Application Vulnerability RSS Feed

Web Application Vulnerabilities

Zomplog v.3.7.6 Local File Inclusion Security Vulnerability
Zomplog 3.4 SQL Injection and Cross-Site Scripting Security Vulnerability
Zeroboard v.4.1.pl5 Multiple Remoote File Inclusion Security Vulnerability
Zend Cart 1.2.6 admin_email SQL Injection Vulnerability Security Vulnerability
YACS v.6.6.1 File Inclusion Security Vulnerability
Cross Site Scripting Security Vulnerability
XOOPS v.2.0.11 SQL Injection and Authentification Bypass Security Vulnerability
XHP CMS v.0.5 File Upload Security Vulnerability
XHP CMS v.0.5.1 Cross-Site Scripting Security Vulnerability
WWWThreads Forum Cross-Site Scripting Security Vulnerability
XPath Injection vulnerability Security Vulnerability
WSN Forum 1.21 id SQL Injection Vulnerability Security Vulnerability
Directories with write permissions enabled Security Vulnerability
WoWRoster v.1.5.0 Remote File Inclusion Security Vulnerability
WordPress v.2.1.2 (year) Cross-Site Scripting Security Vulnerability
WordPress v.2.1.1 - Compromised Installation Security Vulnerability
WordPress v.2.0.6 Trackback (Zend Hash Del Key Or Index) Injection Security Vulnerability
WordPress v.2.0.5 Trackback UTF-7 SQL Injection Security Vulnerability
WordPress v.2.0.3 SQL Injection Security Vulnerability
WordPress_v.2.0.1_Path_Disclosure.xml Security Vulnerability
Wordcircle v.2.14 SQL Injection, Login Bypass and Cross-Site Scripting Security Vulnerability
WizForum 1.20 Multiple SQL Injection Security Vulnerability
Wili-CMS v.0.11 File Inclusion Security Vulnerability
WhiteAlbum v.2.5 SQL Injection Security Vulnerability
Web Wiz Forums v.8.05 (MySQL version) SQL Injection Security Vulnerability
Web server default welcome page Security Vulnerability
Web Quiz Pro v.1.0 Cross-Site Scripting Security Vulnerability
Web Content System v.2.7.1 File Inclusion Security Vulnerability
WebspotBlogging v.3.0 SQL Injection and Login Bypass Security Vulnerability
Webspell v.4.01.02 Local File Inclusion Security Vulnerability
Webspell v.4.01.01 Database Data Disclosure Security Vulnerability
WebDAV Enabled Security Vulnerability
WebCalendar v.1.00 (send_reminders.php) Remote File Inclusion Security Vulnerability
Web-News v.1.6.3 File Inclusion Security Vulnerability
W2B Online Banking Cross-Site Scripting Security Vulnerability
W-Agora v.4.2.1 Multiple Security Vulnerabilities
W-Agora 4.2.0 Cross-Site Scripting Security Vulnerability
VP-ASP Shopping Cart v.6.09 Multiple Security Vulnerabilities
Vote Pro v.4.0 Remote Command Execution Security Vulnerability
Videodb (Mambo component) v.0.3 Remote File Inclusion Security Vulnerability
Vego Links Builder v.2.00 SQL Injection and Login Bypass Security Vulnerability
URL redirection Security Vulnerability
Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1 Security Vulnerability
Typo3 v.3.8.1 Path Disclosure Security Vulnerability
TWiki rev Parameter Remote Command Execution Security Vulnerability
Trojan shell script Security Vulnerability
TRACK method is enabled Security Vulnerability
TRACE method is enabled Security Vulnerability
TOPo v.2.2.178 Remote Code Execution Security Vulnerability
TOPo v.2.2.178 Cross-Site Scripting Security Vulnerability
ToendaCMS v.1.0.0 (FckEditor) File Upload Security Vulnerability
Toast Forums v.1.6 Cross-Site Scripting Security Vulnerability
Timesheet PHP 1.2.1 SQL Injection Security Vulnerability
Tim-online PHPBB v1.2.4RC3 (Mambo component) Remote File Inclusion Security Vulnerability
Tiki Wiki v.1.9.4 JHot.PHP Remote Command Execution Security Vulnerability
Tiki Wiki v.1.9.3.1 Cros-Site Scripting Security Vulnerability
Thyme v.1.3 Cross-Site Scripting Security Vulnerability
Techno Dreams Products login.asp SQL Injection Vulnerability Security Vulnerability
Teca Diary Personal Edition v.1.0 SQL Injection Security Vulnerability
TeamCal Pro v.2.8.001 File Inclusion Security Vulnerability
SZUserMgnt v.1.4. SQL Injection and login Bypass Security Vulnerability
Survey System 1.1 SURVEY_ID parameter SQL Injection Security Vulnerability
SunShop Shopping Cart v.3.5 Cross-Site Scripting Security Vulnerability
ssCMS v.2.1.0 Cross-Site Scripting Security Vulnerability
SQuery v.4.5 (phpNuke module) Remote File Inclusion Security Vulnerability
SQL injection Security Vulnerability
Source code disclosure Security Vulnerability
SmartSiteCMS v1.0 Remote File Inclusion Security Vulnerability
SKForum v.1.5 Cross-Site Scripting Security Vulnerability
SiteEnable v.3.3 Cross-Site Scripting Security Vulnerability
Simplog v.0.9.1 File Inclusion Security Vulnerability
Simplog v.0.9.1 Cross-Site Scripting Security Vulnerability
Simplog SQL Injection Security Vulnerabilities
Simple PHP Blog v.0.4.7.1 Local File Inclusion Security Vulnerability
Simpleboard v1.1.0 (Mambo component) Remote File Inclusion Security Vulnerability
SimpleBlog v.3.0 SQL Injection Security Vulnerability
SimpleBlog v.2.1 SQL Injection Security Vulnerability
SimpleBBS v.1.1 name PHP Code Injection Security Vulnerability
Signkorn Guestbook v.1.1 File Inclusion Security Vulnerability
Sensitive data not encrypted Security Vulnerability
SendCard v.3.4.0 Unautorized Administrative Access Security Vulnerability
sCssBoard 1.12 search_term Cross-Site Scripting Security Vulnerability
Script source code disclosure Security Vulnerability
ScriptMagix Recipes v.2.0 Multiple SQL Injection Security Vulnerability
ScriptMagix Lyrics v.2.0 (recid) SQL Injection Security Vulnerability
ScriptMagix Jokes v.2.0 Multiple SQL Injection Security Vulnerability
SazCart v.1.5 File Inclusion Security Vulnerability
SaveWebPortal v.3.4 Remote File Inclusion Security Vulnerability
SAPID CMS v.1.23rc3 Remote File Inclusion Security Vulnerability
Snitz Forums 2000 v.3.4.05 post.asp Cross-Site Scripting Security Vulnerability
RunCMS v.1.3a5 Cross-Site Scripting Security Vulnerability
Qwiki v.1.5.1 Cross-Site Scripting Security Vulnerability
QuizShock v.1.6.1 Cross-Site Scripting Security Vulnerability
QuickEStore v.7.9 SQL Injection and Path Diclosure Security Vulnerability
QontentOneCMS v1.0 Cross-Site Scripting Security Vulnerability
PUT Method Enabled Security Vulnerability
Publicist v.0.95 SQL Injection, Path Disclosure and Cross-Site Scripting Security Vulnerability
ProjectApp_v.3.3_Cross-Site_Scripting.xml Security Vulnerability
PRINTER ISAPI filter mapped Security Vulnerability
pppBlog v.0.3.8 Local File Disclosure Security Vulnerability
Possible sensitive files Security Vulnerability
PortalApp v.3.3 Cross-Site Scripting Security Vulnerability
Popper v.1.41.r2 File Inclusion Security Vulnerability
PmWiki v.2.1.19 File Inclusion Security Vulnerability
PmWiki 2.0.12 q-Parameter Cross-Site Scripting Security Vulnerability
PluggedOut Blog v.1.9.9c SQL Injection Security Vulnerability
Pivot v1.30 RC2 Multiple Input Validation Security Vulnerabilities
PHP Zend_Hash_Del_Key_Or_Index Security Vulnerability
PHP version older than 5.2.1 Security Vulnerability
PHP version older than 4.4.1 Security Vulnerability
PHP version older than 4.3.8 Security Vulnerability
PHP upload arbitrary file disclosure vulnerability Security Vulnerability
PHP unspecified remote arbitrary file upload vulnerability Security Vulnerability
PHP undefined Safe_Mode_Include_Dir safemode bypass Security Vulnerability
PHP socket_iovec_alloc() integer overflow Security Vulnerability
PHP Simple Shop v.2.0 Remote File Inclusion Security Vulnerability
PHP Safedir Restriction Bypass Vulnerabilities Security Vulnerability
PHP POST file upload buffer overflow vulnerabilities Security Vulnerability
PHP multiple vulnerabilities Security Vulnerability
PHP mail function ASCII control character header spoofing Security Vulnerability
PHP HTTP POST incorrect MIME header parsing Security Vulnerability
PHP HTML Entity Encoder Heap Overflow Security Vulnerability
PHP error logging format string Security Vulnerability
PHP code injection Security Vulnerability
PHP Classifieds v.6.20 SQL Injection and Login Bypass Security Vulnerability
PHP Classifieds v.6.20 Cross-Site Scripting Security Vulnerability
PHP Advanced Transfer Manager v.1.21 File Inclusion Security Vulnerability
PHP Advanced Transfer Manager System Disclosure and Remote Code Execution (Windows) Security Vulnerability
PHP Advanced Transfer Manager System Disclosure and Remote Code Execution (Unix) Security Vulnerability
PHP 4.3.0 file disclosure and possible code execution Security Vulnerability
PHPX v.3.5.15 Multiple SQL Injection and Cross-Site Scripting Security Vulnerability
PhpWebThings 1.4.4 forum.php SQL Injection Security Vulnerability
phpWebFTP v.3.2 Local File Inclusion (windows) Security Vulnerability
phpWebFTP v.3.2 Local File Inclusion (unix) Security Vulnerability
PHPTB 2.0 Code Injection Security Vulnerabilities
phpSysInfo 2.3 Cross-File Scripting Security Vulnerability
PHPStatus v.1.0 SQL Injection and Login Bypass Security Vulnerability
PHPSESSID session fixation Security Vulnerability
PHPNuke v.7.9 Cross-Site Scripting Security Vulnerability
PHPNuke v.7.9 SQL Injection Security Vulnerability
PHPNuke Remote Directory Traversal Security Vulnerability
PHPNuke Remote Directory Traversal (Unix) Security Vulnerability
PHPNuke 7.6 Multiple SQL Injection Security Vulnerability
PHPNuke 7.5 (admin_styles.php) Remote File Inclusion Security Vulnerability
phpMyFAQ 1.5.1 SQL Injection Security Vulnerability
phpMyAdmin Path Disclosure and Response Splitting Security Vulnerability
phpMyAdmin "grab_globals.lib.php" Directory Traversal Vulnerability Security Vulnerability
phpMyAdmin Cross-Site Scripting Security Vulnerability
phpListPro v.2.0.0 File Inclusion Security Vulnerability
PhpLinkExchange v.1.0 Remote File Inclusion Security Vulnerability
phpLDAPadmin Command Execution Security Vulnerability
PHPKB v.1.5 Cross Site Scripting Security Vulnerability Security Vulnerability
PHPjournaler v.1.0 SQL Injection Security Vulnerability
PHPinfo page found Security Vulnerability
PhpHostBot v.1.0 Remote File Inclusion Security Vulnerability
PHPGreetz 0.99 Remote File Include Vulnerability Security Vulnerability
PhpGedView v.3.3.7 File Inclusion and PHP Code Injection Security Vulnerability
phpFullAnnu v.5.1 File Inclusion Security Vulnerability
PHPEasyData Pro v.2.2.2 SQL Injection Security Vulnerability
phpCommunityCalendar login bypass, SQL injection and cross site scripting Security Vulnerability
PHPCollab v.2.4 SQL Injection Security Vulnerability
phpCOIN v.1.2.2 Cross-Site Scripting Security Vulnerability
phpBB XS Build 058 File Inclusion and Cross-Site Scripting Security Vulnerability
phpBB Addon: Hacks List v.1.20 Local File Inclusion Security Vulnerability
phpBB 2.0.15 Viewtopic.php Remote Code Execution Vulnerability Security Vulnerability
phpArcadeScript v.2.0 Cross-Site Scripting Security Vulnerability
PHP4 multiple vulnerabilities Security Vulnerability
PHP4 IMAP module buffer overflow Security Vulnerability
PHP.exe Windows CGI for Apache may let remote users view files on the server Security Vulnerability
PHP-Fusion 6.00.109 SQL Injection Security Vulnerability
PhotoPost v.4.6 File Inclusion Security Vulnerability
photokorn v.1.542 SQL Injection Security Vulnerability
Phorum v.5.1.18 (admin.php) Cross-Site Scripting Security Vulnerability
Pentacle In-Out Board v.6.03.0.0080 SQL Injection and Login Bypass Security Vulnerability
PEAR XML_RPC 1.3.0 Remote Command Execution Security Vulnerability
Pearl For Mambo v.1.6 Remote File Inclusion Security Vulnerability
Pearl Forums 2.4 SQL Injection Security Vulnerability
PBLang 4.65 System Disclosure and Remote Code Execution Security Vulnerability
Particle Blogger v.1.2.0 (posid) SQL Injection Security Vulnerability
Pagesetter v.6.2.0 (PostNuke module) Local File Inclusion Security Vulnerability
paBugs v.2.0b3 File Inclusion Security Vulnerability
oaboard 1.0 SQL Injection Security Vulnerability
Owl v.0.82 File Inclusion Security Vulnerability
Ottoman v.1.1.2 File Inclusion Security Vulnerability
osCommerce v.2.2 Cross-Site Scripting Security Vulnerability
Orca Forum 4.3.b msg SQL Injection Security Vulnerability
OrbitHYIP v.2.0 Cross-Site Scripting Security Vulnerability
OpenPHPNuke v.2.3.3 File Inclusion Security Vulnerability
OpenERM v.2.8.1 File Inclusion Security Vulnerability
OpenEdit v.4.0 Cross-Site Scripting Security Vulnerability
oaboard v.1.0 SQL Injection Security Vulnerability
N/X CMS v.4.1 File Inclusion Security Vulnerability
NZ Ecommerce Cross Site Scripting and SQL Injection Security Vulnerability
Nodez v.4.6.1.1 Cross-Site Scripting and Local File Inclusion Security Vulnerability
NKads v.1.0.a3 Login SQL Injection Vulnerability Security Vulnerability
Netquery "host" Parameter Arbitrary Command Execution Security Vulnerability
NetOffice v.2.5.3-pl1 SQL Injection Security Vulnerability
My Gaming Ladder v.7.0 File Inclusion Security Vulnerability
MyTopix v.1.2.3 SQL Injection And Path Disclosure Security Vulnerability
MySource 2.14.0 Cross-Site Scripting and File Inclusion Security Vulnerabilities
MyPHP CMS v.0.3 Remote File Inclusion Security Vulnerability
myEvent v.1.4 Multiple Security Vulnerabilities
MyBulletinBoard v.1.1.5 SQL injection Security Vulnerability
MyBuletinBoard v.1.1.7 Cross-Site Scripting Security Vulnerability
MyBuletinBoard v.1.0.2 Table Prefix Weakness Security Vulnerability
myBloggie SQL Injection and login bypas Security Vulnerability
myBloggie v.2.1.4 SQL Injection Security Vulnerability
Musicbox v.2.3 SQL Injection Security Vulnerability
Musicbox v.2.3 Cross-Site Scripting Security Vulnerability
MultiCalendars-v.3.0-SQL-Injection Security Vulnerability
MODx v.0.9.2.1 File Inclusion Security Vulnerability
miniBloggie v.1.0 SQL Injection and Login Bypass Security Vulnerability
MiniBILL v.1.2.4 File Inclusion Security Vulnerability
Minerva v.238a File Inclusion Security Vulnerability
Microsoft IIS Cookie Variable Information Disclosure Security Vulnerability
MercuryBoard v.1.1.4 SQL Injection Security Vulnerability
MaxxSchedule v.1.0 Cross-Site Scripting Security Vulnerability
MAXdev MD-Pro v.1.0.76 Path Disclosure Security Vulnerability
MAXdev MD-Pro v.1.0.76 Cross-Site Scripting Security Vulnerability
Mantis 1.00 File Inclusion and SQL Injection Vulnerabilities (Windows) Security Vulnerability
Mantis 1.00 File Inclusion and SQL Injection Vulnerabilities (Unix) Security Vulnerability
Mambo v.4.5.3h SQL Injection and Login Bypass Security Vulnerability
Mambo v.4.5.2 (tar.php) Remote File Inclusion Security Vulnerability
Mambo up to v.4.6.1 SQL Injection and Login Bypass Security Vulnerability
MailGust 1.9 SQL Injection Security Vulnerability
Maian Weblog v.2.0 SQL Injection Security Vulnerability
Maian Events v.1.00 SQL Injection Security Vulnerability
Magic News Lite v.1.2.3 Code Injection Security Vulnerability
Macromedia Dreamweaver Remote Database Scripts Security Vulnerability
lucidCMS 1.0.11 SQL Injection and Login Bypass Security Vulnerability
Loudmouth (Mambo component) v.4.0 Remote File Inclusion Security Vulnerability
Loudblog v.0.4 File Inclusion and PHP Code Injection Security Vulnerability
LocazoList Classifieds v.1.03c SQL Injection Security Vulnerability
Lizard Cart CMS v.1.0.4 id parameter SQL Injection Security Vulnerability
LinPHA v.1.0 Local File Inclusion Security Vulnerability
Leadhound 2006-04-28 Cross Site Scripting Security Vulnerability
LDAP Injection vulnerability Security Vulnerability
JiRo's FAQ Manager v.1.x SQL Injection Security Vulnerability
JetPhoto Server v.1.x Cross-Site Scripting Security Vulnerability
Jamroom v.3.0.16 Cross-Site Scripting Security Vulnerability
iWare Professional v.5.0.4 Remote Code Execution Security Vulnerability
Invision Power Board v2.1.6 SQL injection Security Vulnerability
Invision Power Board v.2.0.3 Cross-Site Scripting Security Vulnerability
IntranetApp v.3.3 Cross-Site Scripting Security Vulnerability
Interspire FastFind v.2006-10-09 Cross-Site Scripting Security Vulnerability
Integramod Portal v.2.0 File Inclusion Security Vulnerability
Instant Photo Gallery v.1.0 SQL Injection Security Vulnerability
IIS server variables backup file Security Vulnerability
Internet Information Server returns IP address in HTTP header (Content-Location) Security Vulnerability
IIS extended unicode directory traversal vulnerability Security Vulnerability
IISWorks ASP KnowledgeBase v2.x Cross-Site Scripting Security Vulnerability
IDQ ISAPI filter mapped Security Vulnerability
IDC ISAPI filter mapped Security Vulnerability
IDA ISAPI filter mapped Security Vulnerability
HTW ISAPI filter mapped Security Vulnerability
HTR ISAPI filter mapped Security Vulnerability
GreenBeast CMS v.1.3 File Upload Security Vulnerability
Google Search Appliance UTF-7 Cross-Site Scripting Security Vulnerability
Google API Search Engine v.1.3.1 Script Cross-Site Scripting Security Vulnerability
Gemini v.2.0 Cross Site Scripting Security Vulnerability
GeekLog v1.4.0 Remote File Inclusion Security Vulnerability
GeekLog v1.4.0 FckEditor File Upload Security Vulnerability
Gcards v.1.45 SQL Injection and Login Bypass Security Vulnerability
Gcards 1.44 limit parameter SQL Injection Security Vulnerability
Gallery "g2_itemId" Disclosure of Sensitive Information (Windows) Security Vulnerability
Gallery "g2_itemId" Disclosure of Sensitive Information (Unix) Security Vulnerability
Gallery v.2.03 Local File Inclusion Security Vulnerability
Galleria v1.0 (Mambo component) Remote File Inclusion Security Vulnerability
Full path disclosure Security Vulnerability
Frontpage Extensions Enabled Security Vulnerability
Frontpage authors.pwd available Security Vulnerability
FreeWebshop v.2.2.1 SQL Injection and Local File Inclusion Security Vulnerability
Freekot v.1.01 SQL Injection and Login Bypass Security Vulnerability
freeForum 1.1 thread SQL Injection Security Vulnerability
Flyspray 0.9.8 Cross-Site Scripting Security Vulnerability
Flushcms v1.0.0.pre2 Remote File Inclusion Security Vulnerability
File inclusion Security Vulnerability
FAQ System 1.1 Multiple SQL Security Vulnerabilities
ezContents v.2.0.3 Multiple Security Vulnerabilities
eyeOS Project v.0.8.9 PHP Code Execution Security Vulnerability
eWebquiz v.8.0 (QuizID) SQL Injection Security Vulnerability
Etomite CMS v.0.6.1 SQL Injection Security Vulnerability
Etomite CMS v.0.6.1 File Upload Security Vulnerability
Enterprise Connector v.1.02 Multiple SQL Vulnerabilities Security Vulnerability
Envolution v.1.1.0 Cross-Site Scripting and SQL Injection Security Vulnerability
Enhanced Simple PHP Gallery v.1.7 Cross-Site Scripting and Path Disclosure Security Vulnerability
Email address found Security Vulnerability
EkinBoard 1.0.3 config.php SQL Injection, Board Take Over, Cross-Site Scripting Security Vulnerability
Eggblog v.3.6 SQL Injection Security Vulnerability
eFiction v.3.1 (path_to_smf) Remote File Inclusion Security Vulnerability
eFiction 1.1 Cross Site Scripting and SQL Injection Security Vulnerability
EDirectoryPro 2006-05-09 SQL Injection Security Vulnerability
EasyMoblog v.0.5.1 Cross-Site Scripting Security Vulnerability
e107 v0617 SQL Injection and Code Execution Security Vulnerability
E-School Management System v.1.0 Cross-Site Scripting Security Vulnerability
e-moBLOG v.1.3 SQL Injection and Login Bypass Security Vulnerability
Drupal v.4.7.2 Cross-Site Scripting Security Vulnerability
Dragonfly CMS v.9.0.6.1 Cross-Site Scripting Security Vulnerability
dotproject v.2.0.1 File Inclusion and Information Disclosure Security Vulnerability
dotNetBB v2.42EC.SP3 Cross-Site Scripting Security Vulnerability
DokuWiki v.2006-03-09b dwpage.php Remote Code Execution Security Vulnerability
DokuWiki v.2006-03-09b Cross-Site Scripting Security Vulnerability
DoceboLMS 2.04 System Disclosure (Unix) Security Vulnerability
Directory Traversal Security Vulnerability
Directory Listing Security Vulnerability
Directories with executables permission enabled Security Vulnerability
Digital Scribe 1.4 Login Bypass, SQL Injection and Remote Code Execution Security Vulnerability
Diesel Joke Sike v.2006.05.25 SQL Injection Security Vulnerability
DEV web management system v1.5 SQL Injection and Cross-Site Scripting Security Vulnerability
DeluxeBB v1.08 SQL injection Security Vulnerability
DELETE Method Enabled Security Vulnerability
Cyphor 0.19 SQL Injection, Board Takeover, Cross-Site Scripting Security Vulnerability
CyberBuild 06.05.03 SQL Injection and Cross-Site Scripting Security Vulnerability
CVS Web Repository Security Vulnerability
Common files Security Vulnerability
Cute News v.1.4.5 Cross-Site Scripting Security Vulnerability
Cute News 1.4.1 Local File Inclusion Security Vulnerability
CuteNews 1.4.1 Shell Injection Security Vulnerability
CubeCart v.2.0.7 Cross-Site Scripting Security Vulnerability
Cross Site Scripting in URI Security Vulnerability
Cross Site Scripting in path Security Vulnerability
XFS vulnerability Security Vulnerability
CRLF injection/HTTP response splitting Security Vulnerability
CRE Loaded v.6.15 files.php File Upload Security Issue Security Vulnerability
Creative Community Portal v.1.1 SQL Injection Security Vulnerability
Absolute FAQ Manager v.4.0 Cross-Site Scripting Security Vulnerability
Aardvark Topsites PHP v.4.2.2 File Inclusion Security Vulnerability
Acidcat v.2.1.13 SQL Injection Security Vulnerability
Active Auction Pro v.7.0 (catid) SQL Injection Security Vulnerability
Active Newsletter v.4.3 (NewsPaperID) SQL Injection Security Vulnerability
Active Photo Gallery 20070326 (catid) SQL Injection Security Vulnerability
Active Trade v.2.x (catid) SQL Injection Security Vulnerability
Ades Guestbook v.2.0 Cross-Site Scripting Security Vulnerability
ADN Forum v.1.0b SQL Injection and Cross-Site Scripting Security Vulnerability
ADOdb Insecure Test Scripts Security Issues Security Vulnerability
ADP Forum v.2.0.2 users Exposure of User Credentials Security Vulnerability
Advanced Guestbook v.2.3.1 File Inclusion Security Vulnerability
A-FAQ 1.0 SQL Injection Security Vulnerability
Ajax Portal v.3.0 SQL Injection Security Vulnerability
Alex Guestbook v.4.0.1 Cross Site Scripting Security Vulnerability
AlstraSoft Affiliate Network Pro v.7.2 Multiple Security Vulnerabilities
Alstrasoft Article Manager Pro v.1.6 SQL Injection, Path Disclosure and Cross-Site Scripting Security Vulnerability
AlstraSoft Template Seller Pro 3.25 File Inclusion, Code Injection, SQL Injection and Login Bypass Security Vulnerability
Amazon Store Manager v1.0 Cross-Site Scripting Security Vulnerability
AndoNET Blog SQL Injection Security Vulnerability
Andromeda v.1.9.3.4 Cross-Site Scripting Security Vulnerability
Apache 2.x Version Older Than 2.0.46 Security Vulnerability
Apache 2.0.39 Win32 Directory Traversal Security Vulnerability
Apache 2.0.44 Win32 File Reading Vulnerability Security Vulnerability
Apache 2.x Version Equal to 2.0.51 Security Vulnerability
Apache 2.x Version Older Than 2.0.43 Security Vulnerability
Apache 2.x Version Older Than 2.0.45 Security Vulnerability
Apache 2.x Version Older Than 2.0.47 Security Vulnerability
Apache 2.x Version Older Than 2.0.48 Security Vulnerability
Apache 2.x version older than 2.0.49 Security Vulnerability
Apache 2.x Version Older than 2.0.51 Security Vulnerability
Apache 2.x version older than 2.0.55 Security Vulnerability
Apache Configured to Run as Proxy Security Vulnerability
Apache Error Log Escape Sequence Injection Security Vulnerability
Apache HTTP CONNECT method is enabled Security Vulnerability
Apache Mod_Rewrite Off-By-One Buffer Overflow Security Vulnerability
Apache Mod_SSL Log Function Format String Security Vulnerability
Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Security Vulnerability
Apache Server-Info Enabled Security Vulnerability
Apache Server-Status Enabled Security Vulnerability
Apache Version Older than 1.3.27 Security Vulnerability
Apache Version Older than 1.3.28 Security Vulnerability
Apache Version Older than 1.3.29 Security Vulnerability
Apache Version Older than 1.3.31 Security Vulnerability
Apache Version Older than 1.3.34 Security Vulnerability
Apache Version up to 1.3.33 htpasswd Local Overflow Security Vulnerability
Apache Win32 Batch File Remote Command Execution Security Vulnerability
Application Error Message Security Vulnerability
Articlebeach v.2.0 File Inclusion Security Vulnerability
Artmedic Newsletter v.4.1.2 Remote Code Execution Security Vulnerability
ASP Survey v1.10 SQL Injection and Login Bypass Security Vulnerability
ASP.NET Application Trace Enabled Security Vulnerability
ASP.NET Debugging Enabled Security Vulnerability
ASP.NET Path Disclosure Security Vulnerability
Atlantis Knowledge Base Software v.3.0 SQL Injection Security Vulnerability
ATUTOR 1.5.1 SQL Injection, Local File Inclusion and Command Execution Security Vulnerability
ATUTOR v.1.5.3 Cross Site Scripting Security Vulnerability
Ay-System CMS-v.2.6-File-Inclusion Security Vulnerability
b2Evolution-v.1.8.6 Cross-Site Scripting Security Vulnerability
Backup files Security Vulnerability
Battleaxe Software Forums v.2.0 Cross-Site Scripting Security Vulnerability
Big Webmaster Guestbook v.1.02 Cross-Site Scripting Security Vulnerability
Bit5blog v.8.1 SQL Injection and Login Bypass Security Vulnerability
Blind SQL/XPath injection Security Vulnerability
BLOG:CMS v4.0.0 SQL Injection Security Vulnerability
bMachine v.2.9b Cross-Site Scripting Security Vulnerability
BP Blog v.7.0 (layout) SQL Injection Security Vulnerability
BTI-Tracker v.1.3.2 File Deletion Vulnerability Security Vulnerability
Calendarix v.1.6 SQL Injection and Login Bypass Security Vulnerability
Calendarix v.1.x Cross-Site Scripting Security Vulnerability
CALimba v.0.99.2 Sql Injection and Login Bypass Security Vulnerability
Cattadoc v.3.0 File Disclosure
CcCounter v.2b (dir) Cross-Site Scripting Security Vulnerability
Check for Apache Versions up to 1.3.25, 2.0.38 Security Vulnerability
Chi Kien Uong Advanced Poll 2.03 Cross-Site Scripting Security Vulnerability
Chipmunk Forum Cross-Site Scripting Security Vulnerability
Chipmunk Topsites Cross-Site Scripting Security Vulnerability
Claroline v.1.7.4 Local File Inclusion and Cross Site Scripting Security Vulnerability
Claroline v.1.7.7 File Inclusion Security Vulnerability
classifiedZONE v.1.2 Cross-Site Scripting Security Vulnerability
Clever Copy v.3.0 SQL Injection Security Vulnerability
Code execution Security Vulnerability
Codegrrl Arbitrary Code Execution and Local File Inclusion Security Vulnerability
ColdFusion path disclosure Security Vulnerability
ColdFusion User-Agent Cross-Site Scripting Security Vulnerability
Community Builder Component v.1.0 File Inclusion Security Vulnerability
Confixx 3 Professional v.3.1.2 SQL Injection Security Vulnerability
Connect Daily v.3.2.9 Cross-Site Scripting Security Vulnerability
CONTROLzx HMS v.3.3.4 Cross-Site Scripting Security Vulnerability
Cookie manipulation Security Vulnerability
Coppermine Photo Gallery v.1.4.2 relocate_server.php Exposure of Configuration Security Vulnerability
Coppermine Photo Gallery v.1.x (phpNuke module) Remote File Inclusion Security Vulnerability
cPanel v.10.8.2.118 Cross-Site Scripting Security Vulnerability
WebCalendar v.4.0 SQL Injection Security Vulnerability
99articles File Inclusion Security Vulnerability

View entire list of over 400 known Web Application Vulnerabilities and the specific technologies which they target. See Web Vulnerabilities in popular applications such as: WordPress, Tiki Wiki, PHPNuke, PHPMyAdmin, phpBB, Mambo, PHP-Fusion, Mantis, Invision Power Board

Get latest new web vulnerabilities via RSS

Download a FREE trial of Acunetix WVS
Take a product tour of Acunetix WVS (includes screenshots & system overview) or view the datasheet (PDF)
Learn more about SQL injection, Cross site scripting (XSS), other web attacks and PCI-DSS at the Web Site Security Centre
See what the IT Press has to say about Acunetix WVS in the reviews page, or read our customer testimonials
List of vulnerabilities Acunetix WVS checks for.
Application Vulnerabilities in popular web applications that Acunetix WVS checks for