| Vulnerability Name | Classifications | Severity |
|---|---|---|
| Cross-site Referrer Leakage through Referrer-Policy | CWE-200, ISO27001-A.14.2.5, OWASP 2013-A6, OWASP 2017-A6 | Information |
| Cross-site Referrer Leakage through usage of no-referrer-when-downgrade in Referrer-Policy | CWE-200, ISO27001-A.14.2.5, OWASP 2013-A6, OWASP 2017-A6 | Information |
| Cross-site Referrer Leakage through usage of origin-when-cross-origin in Referrer-Policy | CWE-200, ISO27001-A.14.1.2, OWASP 2013-A6, OWASP 2017-A6 | Information |
| Cross-site Referrer Leakage through usage of strict-origin in Referrer-Policy | CWE-200, ISO27001-A.14.1.2, OWASP 2013-A6, OWASP 2017-A6 | Information |
| Cross-site Referrer Leakage through usage of strict-origin-when-cross-origin in Referrer-Policy | CWE-200, ISO27001-A.14.1.2, OWASP 2013-A6, OWASP 2017-A6 | Information |
| Cross-site Referrer Leakage through usage of the origin keyword in Referrer-Policy | CWE-200, ISO27001-A.14.1.2, OWASP 2013-A6, OWASP 2017-A6 | Information |
| Cross-site Referrer Leakage through usage of unsafe-url in Referrer-Policy | CWE-200, ISO27001-A.14.2.5, OWASP 2013-A6, OWASP 2017-A6 | Information |
| Crossdomain.xml Detected | ISO27001-A.12.5.1 | Information |
| CrushFTP Server Detected | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| CubeCart Detected | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| D3Js Identified | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| Daiquiri Detected | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| data: Used in a Content Security Policy (CSP) Directive | ISO27001-A.14.2.5 | Information |
| Database Connection String Detected | CWE-16, HIPAA-164.306(a), ISO27001-A.18.1.3, WASC-15, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N | Information |
| Database Detected (HSQLDB) | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N | Information |
| Database Detected (Microsoft Access) | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | Information |
| Database Detected (Microsoft SQL Server) | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N | Information |
| Database Detected (MongoDB) | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N | Information |
| Database Detected (MySQL) | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N | Information |
| Database Detected (Oracle) | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N | Information |
| Database Detected (PostgreSQL) | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N | Information |
| Database Detected (SQLite) | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N | Information |
| DataDome Identified | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C | Information |
| DataTables Identified | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| DbNinja Detected | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| Default Page Detected (Apache) | CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C | Information |
| Default Page Detected (CakePHP Framework) | CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C | Information |
| Default Page Detected (IIS 10.0) | CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C | Information |
| Default Page Detected (IIS 6) | CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C | Information |
| Default Page Detected (IIS 7.5) | CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C | Information |
| Default Page Detected (IIS 7.X) | CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C | Information |
| Default Page Detected (IIS 7) | CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C | Information |
| Default Page Detected (IIS 8.5) | CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C | Information |
| Default Page Detected (IIS 8) | CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C | Information |
| Default Page Detected (Tomcat) | CWE-200, ISO27001-A.18.1.3, WASC-13, CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C | Information |
| default-src Used in Content Security Policy (CSP) | ISO27001-A.14.2.5 | Information |
| Denial of Service (MySQL) | CWE-400, ISO27001-A.14.1.2, WASC-10, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H | Information |
| Deprecated Header Instruction Used to Implement Content Security Policy (CSP) | CWE-16, ISO27001-A.14.2.5, WASC-15 | Information |
| Digest Authorization Required | ISO27001-A.9.4.1 | Information |
| Directory Listing (Apache) | CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C | Information |
| Directory Listing (ASP.NET Server) | CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C | Information |
| Directory Listing (IIS) | CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C | Information |
| Directory Listing (Lighttpd) | CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C | Information |
| Directory Listing (LiteSpeed) | CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C | Information |
| Directory Listing (Nginx) | CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C | Information |
| Directory Listing (Tomcat) | CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C | Information |
| Directory Listing (WebDAV) | CAPEC-127, CWE-548, ISO27001-A.9.4.1, WASC-16, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | Information |
| Disabled X-XSS-Protection Header | CWE-693, ISO27001-A.14.1.2, WASC-15 | Information |
| Django Identified | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C | Information |
| Dojo Identified | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C | Information |
| DokuWiki Detected | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| Dolibarr Detected | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| Dolphin Detected | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| DomPurify Identified | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| DotClear Detected | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| dotCMS Identified | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| Drupal Detected | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| Dwr Identified | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| e107 Detected | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| EasyXdm Identified | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| EfJs Identified | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| Elgg Detected | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| Email Address Disclosure | CAPEC-118, CWE-200, ISO27001-A.9.4.1, WASC-13, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N | Information |
| Ember Identified | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| EspoCRM Detected | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| Expect-CT Header via HTTP | CWE-16, ISO27001-A.14.1.2, WASC-15 | Information |
| Expect-CT in Report Only Mode | ISO27001-A.14.1.2 | Information |
| Expect-CT Security Header Errors and Warnings | CWE-16, ISO27001-A.14.1.2, WASC-15 | Information |
| ExpressJS Identified | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C | Information |
| ExtJs Identified | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| EZProxy Identified | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| FabricJs Identified | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| Family Connections Detected | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| FancyBox Identified | CWE-205, ISO27001-A.14.2.5, WASC-13, OWASP 2017-A6 | Information |
| File Upload Functionality Detected | ISO27001-A.8.1.1 | Information |