Web Application Vulnerabilities Index

Vulnerability Name CVE CWE Severity
Access database found CWE-538 Medium
WordPress plugin All in One SEO Pack privilege escalation vulnerabilities CWE-269 High
Amazon S3 public bucket CWE-264 Medium
Apache 2.0.39 Win32 directory traversal CVE-2002-0661 CWE-22 High
Apache 2.0.43 Win32 file reading vulnerability CVE-2003-0017 CWE-20 High
Apache 2.2.14 mod_isapi Dangling Pointer CVE-2010-0425 CWE-20 High
Apache 2.x version older than 2.0.43 CVE-2002-0840, CVE-2002-1156 CWE-538 Medium
Apache 2.x version older than 2.0.45 CVE-2003-0132 CWE-400 Medium
Apache 2.x version older than 2.0.46 CVE-2003-0083, CVE-2003-0134, CVE-2003-0189, CVE-2003-0245 CWE-20 Medium
Apache 2.x version older than 2.0.47 CVE-2003-0192, CVE-2003-0253, CVE-2003-0254 CWE-20 Medium
Apache 2.x version older than 2.0.48 CVE-2003-0542, CVE-2003-0789 CWE-119 Medium
Apache 2.x version older than 2.0.49 CVE-2003-0020, CVE-2004-0113, CVE-2004-0174 CWE-20 Medium
Apache 2.x version older than 2.0.55 CVE-2005-1268, CVE-2005-2088, CVE-2005-2491, CVE-2005-2700, CVE-2005-2728, CVE-2005-2970 CWE-119 Medium
Apache 2.x version older than 2.0.61 CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847 CWE-701 Medium
Apache 2.x version older than 2.0.63 CVE-2007-5000, CVE-2007-6388, CVE-2008-0005 CWE-79 Medium
Apache 2.x version older than 2.2.10 CVE-2008-2939, CVE-2010-2791 CWE-79 Low
Apache 2.x version older than 2.2.3 CVE-2006-3747 CWE-189 Medium
Apache 2.x version older than 2.2.6 CVE-2006-5752, CVE-2007-1862, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847 CWE-20 Medium
Apache 2.x version older than 2.2.8 CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005 CWE-79 Medium
Apache 2.x version older than 2.2.9 CVE-2007-6420, CVE-2008-2364 CWE-399 Medium
Check for apache versions up to 1.3.25, 2.0.38 CVE-2002-0392 CWE-119 High
Apache configured to run as proxy CWE-16 Medium
Apache error log escape sequence injection vulnerability CVE-2003-0020 CWE-20 Medium
Apache Geronimo default administrative credentials CWE-16 High
Apache httpd remote denial of service CVE-2011-3192 CWE-399 Medium
Apache httpOnly cookie disclosure CVE-2012-0053 CWE-264 Medium
Apache Proxy HTTP CONNECT method enabled CWE-16 Medium
Apache mod_negotiation filename bruteforcing CWE-538 Low
Apache mod_rewrite off-by-one buffer overflow vulnerability CVE-2006-3747 CWE-189 High
Apache Roller OGNL injection CVE-2013-4212 CWE-20 High
Apache server-info enabled CWE-200 Medium
Apache server-status enabled CWE-200 Medium
Apache solr service exposed CWE-16 High
Apache stronghold-info enabled CWE-200 Low
Apache stronghold-status enabled CWE-200 Low
Apache Tomcat version older than 6.0.35 CVE-2011-3190, CVE-2011-3375, CVE-2012-0022 CWE-264 High
Apache Tomcat version older than 6.0.36 CVE-2012-2733, CVE-2012-3439, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534 CWE-20 High
Apache Tomcat version older than 7.0.21 CVE-2011-3190 CWE-264 High
Apache Tomcat version older than 7.0.23 CVE-2012-0022 CWE-189 High
Apache Tomcat version older than 7.0.28 CVE-2012-2733, CVE-2012-4534 CWE-20 High
Apache Tomcat version older than 7.0.30 CVE-2012-3439, CVE-2012-3544, CVE-2012-3546 CWE-20 High
Apache Tomcat version older than 7.0.32 CVE-2012-4431 CWE-264 High
Apache Tomcat "allowLinking" on Case Insensitive Filesystems CWE-538 High
Apache Tomcat directory host Appbase authentication bypass vulnerability CVE-2009-2901 CWE-264 Medium
Apache Tomcat directory traversal CVE-2007-0450 CWE-22 Medium
Apache Tomcat examples directory vulnerabilities CWE-264 High
Apache Tomcat hello.jsp XSS CVE-2007-1355 CWE-79 Low
Apache Tomcat insecure default administrative password CWE-284 High
Apache Tomcat sample files CWE-538 Medium
Apache Tomcat "allowLinking" on case insensitive filesystems CVE-2008-2938 CWE-22 High
Apache Tomcat version older than 4.1.37 CVE-2005-3164, CVE-2007-1355, CVE-2007-2449, CVE-2007-2450, CVE-2007-3382, CVE-2007-3383, CVE-2007-3385, CVE-2007-5333, CVE-2007-5461 CWE-79 Medium
Apache Tomcat version older than 4.1.39 CVE-2008-0128, CVE-2008-1232, CVE-2008-2370 CWE-22 Medium
Apache Tomcat version older than 5.5.25 CVE-2007-2449, CVE-2007-2450, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386 CWE-79 Medium
Apache Tomcat version older than 5.5.26 CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286 CWE-264 Medium
Apache Tomcat version older than 5.5.27 CVE-2008-1232, CVE-2008-1947, CVE-2008-2370 CWE-22 Medium
Apache Tomcat version older than 6.0.10 CVE-2007-0450 CWE-22 Medium
Apache Tomcat version older than 6.0.11 CVE-2005-2090, CVE-2007-1355 CWE-79 Medium
Apache Tomcat version older than 6.0.14 CVE-2007-2449, CVE-2007-2450, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386 CWE-79 Medium
Apache Tomcat version older than 6.0.16 CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002 CWE-264 Medium
Apache Tomcat version older than 6.0.18 CVE-2008-1232, CVE-2008-1947, CVE-2008-2370 CWE-79 Medium
Apache Tomcat version older than 6.0.6 CVE-2007-1358 CWE-79 Low
Apache Tomcat version older than 6.0.9 CVE-2008-0128 CWE-16 Medium
Apache Tomcat WAR file directory traversal vulnerability CVE-2009-2693, CVE-2009-2901 CWE-22 Medium
Apache 2.x version equal to 2.0.51 CVE-2004-0811 CWE-264 Medium
Apache version older than 1.3.27 CVE-2002-0839, CVE-2002-0840, CVE-2002-0843 CWE-119 Medium
Apache version older than 1.3.28 CVE-2003-0460 CWE-20 Medium
Apache version older than 1.3.29 CVE-2003-0542 CWE-119 Medium
Apache version older than 1.3.31 CVE-2003-0020, CVE-2003-0987, CVE-2003-0993, CVE-2004-0174 CWE-264 Medium
Apache version older than 1.3.34 CVE-2005-2088 CWE-20 Medium
Apache version older than 1.3.37 CVE-2006-3747 CWE-189 Medium
Apache version older than 1.3.39 CVE-2006-5752, CVE-2007-3304 CWE-79 Medium
Apache version older than 1.3.41 CVE-2007-6388 CWE-79 Medium
Apache 2.x version older than 2.0.51 CVE-2004-0747, CVE-2004-0748, CVE-2004-0751, CVE-2004-0786, CVE-2004-0809 CWE-119 Medium
Apache version up to 1.3.33 htpasswd local overflow CVE-2006-1078 CWE-119 Low
Apache Win32 batch file remote command execution vulnerability CVE-2002-0061 CWE-20 High
XSS on Apache HTTP Server 413 error pages via malformed HTTP method CVE-2007-6203 CWE-79 Medium
apc.php page found CWE-538 Medium
File upload XSS (Java applet) CWE-79 High
Application error message CWE-200 Medium
Error message on page CWE-200 Medium
Arbitrary file creation CWE-20 High
Arbitrary file deletion CWE-20 High
ASP.NET application trace enabled CWE-16 Medium
ASP.NET debugging enabled CWE-16 Low
ASP.NET error message CWE-200 Medium
ASP.NET path disclosure CWE-200 Low
ASP code injection CWE-95 High
Microsoft ASP.NET Forms authentication bypass CVE-2011-3416 CWE-264 High
ASP.NET MVC version disclosure CWE-200 Low
ASP.NET padding oracle vulnerability CVE-2010-3332 CWE-310 High
ASP.NET version disclosure CWE-200 Low
AWStats script CWE-538 Medium
Backup files CWE-538 Medium
Bash code injection vulnerability CVE-2014-6271 CWE-78 High
Basic authentication over HTTP CWE-16 Medium
Bazaar repository found CWE-538 High
Blind XSS CWE-80 High
Bonjour service running CWE-16 Low
BREACH attack CVE-2013-3587 CWE-310 Medium
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability CVE-2010-4335 CWE-20 High
Chargen service running CWE-16 Medium
Chrome Logger information disclosure CWE-16 Medium
CKEditor 4.0.1 cross-site scripting vulnerability CWE-79 High
Clickjacking: X-Frame-Options header missing CWE-693 Low
Insecure clientaccesspolicy.xml file CWE-16 Medium
Cross site scripting vulnerability in clipboard.swf CWE-79 High
CodeIgniter 2.1.3 xss_clean() filter bypass CVE-2013-4891 CWE-80 High
Code execution CWE-94 High
ColdFusion 8 FCKEditor file upload vulnerability CVE-2009-2265 CWE-22 High
Adobe ColdFusion directory traversal CVE-2013-3336 CWE-22 High
ColdFusion 9 solr service exposed CVE-2010-0185 CWE-264 High
ColdFusion administrator login page publicly available CWE-16 Low
Security update: Hotfix available for ColdFusion CVE-2013-0625, CVE-2013-0629, CVE-2013-0631, CVE-2013-0632 CWE-255 High
Adobe ColdFusion 9 administrative login bypass CVE-2013-0625, CVE-2013-0629, CVE-2013-0631, CVE-2013-0632 CWE-287 High
ColdFusion directory traversal CVE-2010-2861 CWE-22 High
ColdFusion path disclosure CWE-200 Low
ColdFusion User-Agent cross-site scripting CVE-2007-0817 CWE-79 High
Adobe Coldfusion 8 multiple linked XSS vulnerabilies CVE-2009-1872 CWE-79 High
Crawler Low
Broken links CWE-16 Informational
Content type is not specified CWE-16 Informational
Cookie without HttpOnly flag set CWE-16 Low
Cookie without Secure flag set CWE-16 Low
Files listed in robots.txt but not linked CWE-200 Informational
File upload CWE-16 Low
HTML form without CSRF protection CWE-352 Medium
Hidden form input named price was found CWE-16 Low
HTTPS connection with weak key length CWE-310 Medium
Internet Explorer XSS Protection disabled on this page CWE-16 Informational
Insecure transition from HTTPS to HTTP in form post CWE-200 Low
Insecure transition from HTTP to HTTPS in form post CWE-200 Medium
Javascript eval() usage CWE-200 Informational
Password type input with auto-complete enabled CWE-200 Informational
Password field submitted using GET method CWE-200 Medium
Sensitive page could be cached CWE-200 Low
Session Cookie scoped to parent domain CWE-16 Low
Session token in URL CWE-200 Low
Slow response time CWE-400 Low
Possible SQL Statement in comment CWE-200 Low
Suspicious comment CWE-200 Informational
Unencrypted __VIEWSTATE parameter CWE-200 Medium
User credentials are sent in clear text CWE-310 Medium
CRIME SSL/TLS attack CVE-2012-4929 CWE-310 Medium
CRLF injection/HTTP response splitting CWE-113 High
Insecure crossdomain.xml file CWE-284 Medium
Cross domain data hijacking CWE-20 Medium
Cross frame scripting CWE-79 Medium
Possible CSRF (Cross-site request forgery) Informational
WordPress plugin Custom Contact Forms critical vulnerability CWE-287 High
CVS web repository CWE-16 High
Database connection string disclosure CWE-200 Medium
Daytime service running CWE-16 Informational
Possible debug parameter found CWE-200 Medium
Directory listing CWE-538 Medium
Directory traversal CWE-22 High
VMware directory traversal and privilege escalation vulnerabilities CVE-2009-2267, CVE-2009-3733 CWE-22 High
DNS cache poisoning CVE-2008-1447 CWE-16 High
DNS cache snooping CWE-16 Medium
DNS open recursion CWE-16 Medium
DNS zone transfer CVE-1999-0532 CWE-16 High
DOM-based cross site scripting CWE-79 High
DotNetNuke multiple vulnerabilities CVE-2012-1030 CWE-79 High
Drupal core 7.x SQL injection vulnerability CVE-2014-3704 CWE-89 High
Drupal 7 arbitrary PHP code execution and information disclosure CVE-2012-4553, CVE-2012-4554 CWE-264 High
Drupal Views module information disclosure vulnerability CWE-200 Medium
Echo service running CWE-16 Medium
Ektron CMS Account Hijack CWE-264 High
Ektron CMS400.NET ContentRatingGraph.aspx SQL injection CVE-2008-5122 CWE-89 High
Ektron CMS multiple vulnerabilities CWE-434 High
Ektron CMS unauthenticated code execution and Local File Read CVE-2012-5357, CVE-2012-5358 CWE-20 High
Elasticsearch service accessible CWE-16 High
Elasticsearch remote code execution CVE-2014-3120 CWE-78 High
elmah.axd information disclosure CWE-16 Medium
Email address found CWE-200 Informational
Email Header Injection CWE-20 High
Email injection CWE-20 High
Environment variable information disclosure CWE-200 Low
Error page path disclosure CWE-200 Low
Error page web server version disclosure CWE-200 Informational
Expression language injection CWE-917 High
ExtJS charts.swf cross site scripting CWE-80 High
Fantastico fileslist CWE-538 Medium
FCKeditor arbitrary file upload CVE-2009-2265 CWE-22 Medium
FCKeditor spellchecker.php cross site scripting vulnerability CVE-2012-4000 CWE-79 High
File inclusion CWE-20 High
File tampering CWE-20 Medium
Unrestricted file upload CWE-434 High
File upload XSS CWE-79 High
Finger service running CWE-16 Medium
Solaris in.fingerd information disclosure vulnerability CVE-2001-1503 CWE-16 High
Insecure Flash embed parameter CWE-284 Low
Flask debug mode CWE-16 High
HTML form susceptible to spam CWE-20 Medium
Frontpage authors.pwd available CWE-538 Medium
Frontpage extensions enabled CWE-16 Low
FTP anonymous logins CWE-16 Low
FTP anonymous writable directories CWE-16 Medium
FTP weak password CWE-16 High
Gallery 3.0.4 remote code execution CWE-20 High
Padding oracle attack CWE-209 High
The GHOST Vulnerability CVE-2015-0235 CWE-119 High
Git repository found CWE-538 High
Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability CVE-2011-0807 CWE-287 High
GlassFish admin console weak credentials CWE-16 High
Cross-site scripting vulnerability in Google Web Toolkit CVE-2012-4563 CWE-80 High
Multiple XSS vulnerabilities in Google Web Toolkit CVE-2013-4204 CWE-80 High
The Heartbleed Bug CVE-2014-0160 CWE-200 High
Horde/IMP Plesk webmail exploit CWE-20 High
Horde remote code execution CVE-2014-1691 CWE-94 High
Host header attack CWE-20 Medium
HTTP parameter pollution CWE-88 High
.htaccess file readable CWE-16 Medium
HTML Form found in redirect page CWE-287 Low
HTML injection CWE-80 Medium
HTTP verb tampering CWE-285 High
IBM Tivoli Access Manager directory traversal CVE-2010-4622, CVE-2011-0494 CWE-22 High
IBM Web Content Manager XPath injection CVE-2013-6735 CWE-264 High
Microsoft IIS 5.1 directory authentication bypass CVE-2010-2731 CWE-287 High
IIS extended unicode directory traversal vulnerability CVE-2000-0884 CWE-22 High
Global.asa backup file found CWE-538 Medium
Internet Information Server returns IP address in HTTP header (Content-Location) CWE-200 Low
Microsoft IIS Server service.cnf file found CWE-538 Low
Microsoft IIS tilde directory enumeration CWE-20 High
Microsoft IIS WebDAV authentication bypass CVE-2009-1535 CWE-287 High
IMAP weak password CWE-16 High
Multiple vulnerabilities in Ioncube loader-wizard.php CWE-16 High
Invision Power Board version 3.3.4 unserialize PHP code execution CVE-2012-5692 CWE-20 High
JAAS authentication bypass CWE-16 High
Java Debug Wire Protocol remote code execution CWE-16 High
JBoss BSHDeployer MBean CWE-16 High
JBoss HttpAdaptor JMXInvokerServlet CWE-16 High
JBoss JMX management console CWE-16 High
JBoss Seam remoting vulnerabilities CVE-2013-6447, CVE-2013-6448 CWE-611 High
JBoss ServerInfo MBean CWE-16 High
JBoss Server MBean CWE-16 High
JBoss JMX Console Unrestricted Access CWE-16 High
JBoss Web Console JMX Invoker CWE-16 High
Jenkins dashboard CWE-200 Medium
JetBrains .idea project directory CWE-538 Medium
Jetpack 2.9.3: Critical Security Update CVE-2014-0173 CWE-287 High
Joomla! 1.6/1.7/2.5 privilege escalation vulnerability CVE-2012-1563 CWE-264 High
Joomla! 1.6.0 SQL injection vulnerability CVE-2011-1151 CWE-89 High
Joomla! 1.7/2.5 SQL injection vulnerability CVE-2012-1116 CWE-89 High
Joomla! JCE arbitrary file upload CWE-20 High
Joomla! JomSocial remote code execution CWE-94 High
Joomla! component Kunena Forum multiple vulnerabilities CVE-2014-9102, CVE-2014-9103 CWE-89 High
Joomla! 3.2.1 sql injection CWE-89 High
Joomla! v3.2.2 SQL injection CWE-89 High
jQuery cross site scripting CVE-2011-4969 CWE-79 High
JSP authentication bypass CWE-287 High
Kayako Fusion v4.51.1891 - multiple web vulnerabilities CWE-79 High
LDAP anonymous binds CWE-16 Medium
LDAP injection CWE-20 High
Liferay JSON service API authentication vulnerability CWE-287 High
lighttpd v1.4.34 SQL injection and path traversal CVE-2014-2323, CVE-2014-2324 CWE-89 High
Login page password-guessing attack CWE-307 Low
IBM Lotus Domino web server Cross-Site Scripting vulnerabilities CVE-2012-3301, CVE-2012-3302 CWE-79 High
Lotus Notes formula injection CWE-89 High
Macromedia Dreamweaver remote database scripts CVE-2004-1893 CWE-16 High
MediaWiki multiple remote vulnerabilities CVE-2012-4377, CVE-2012-4378 CWE-79 High
MediaWiki chunked uploads security issue CVE-2013-2114 CWE-434 High
MediaWiki remote code execution CVE-2014-1610 CWE-20 High
Mercurial repository found CWE-538 High
Microsoft Frontpage configuration information CWE-200 Informational
Microsoft IIS5 NTLM and Basic authentication bypass CVE-2007-2815 CWE-264 High
Microsoft IIS version disclosure CWE-200 Informational
Microsoft Office possible sensitive information CWE-200 Informational
Minify arbitrary file disclosure CVE-2013-6619 CWE-538 High
MoinMoin CVE-2012-6081 multiple arbitrary code execution vulnerabilities CVE-2012-6081 CWE-434 High
MongoDB HTTP status interface CWE-16 Medium
MongoDB injection CWE-16 High
Moveable Type 4.x unauthenticated remote command execution CVE-2013-0209 CWE-287 High
Vulnerabilities in SharePoint could allow elevation of privilege CVE-2012-1859 CWE-79 High
Microsoft SQL Server weak password CWE-16 High
Microsoft SQL Server weak password encryption vulnerability CVE-2000-0199 CWE-310 Medium
MySQL Community Server 5.0 to 5.0.45 multiple vulnerabilities CVE-2007-2691, CVE-2007-2692, CVE-2007-3780, CVE-2007-3781, CVE-2007-3782 CWE-264 Low
MySQL 5.1 to 5.1.18 multiple vulnerabilities CVE-2007-2691, CVE-2007-2692, CVE-2007-2693 CWE-264 High
MySQL Community Server to 5.1.23 / 6.0.4 multiple vulnerabilities CVE-2007-5969, CVE-2007-5970, CVE-2007-6313, CVE-2008-0226, CVE-2008-0227 CWE-264 High
Security vulnerability in MySQL/MariaDB sql/password.c CVE-2012-2122 CWE-287 High
MySQL Server weak password CWE-16 High
MySQL buffer overflow in user defined functions CVE-2005-2558 CWE-119 High
MySQL connection credentials CWE-538 High
MySQL database dump CWE-538 Medium
MySQL Enterprise Server v.5.0.52 multiple vulnerabilities CVE-2007-5969, CVE-2007-6303, CVE-2007-6304 CWE-264 High
MySQL server older than 3.23.36 CVE-2001-0407 CWE-284 High
MySQL server older than 4.0.6 or 3.23.54 CVE-2002-1373, CVE-2002-1374, CVE-2002-1375, CVE-2002-1376 CWE-284 High
MySQL server older than 4.0.21 CVE-2004-0957 CWE-284 High
MySQL server older than 4.0.21 or 3.23.59 CVE-2004-0835, CVE-2004-0836, CVE-2004-0837 CWE-284 High
MySQL server older than 4.0.24 or 4.1.10a CVE-2005-0709, CVE-2005-0710, CVE-2005-0711 CWE-284 High
MySQL Community Server symlink attack vulnerability CVE-2004-0381, CVE-2004-0388 CWE-284 High
MySQL username disclosure CWE-538 Low
Nagios core config manager SQL injection vulnerability CVE-2013-6875 CWE-89 High
Nginx buffer underflow vulnerability CVE-2009-2629 CWE-119 High
Nginx stack-based buffer overflow CVE-2013-2028 CWE-189 High
nginx SPDY heap buffer overflow CVE-2014-0133 CWE-122 High
Nginx memory disclosure with specially crafted HTTP backend responses CVE-2012-1180 CWE-399 High
Nginx PHP code execution via FastCGI CWE-16 High
Node.js javascript injection CWE-20 High
Unrestricted file upload vulnerability in ofc_upload_image.php CVE-2009-4140 CWE-434 High
OpenX 2.8.10 backdoor CVE-2013-4211 CWE-95 High
OpenX arbitrary file upload CVE-2009-4140 CWE-434 High
OpenX xajaxargs SQL injection vulnerability CWE-89 High
Open proxy server CWE-16 Medium
Proxy can be used to connect to arbitrary ports CWE-16 High
Proxy accepts CONNECT requests CWE-16 High
Proxy accepts CONNECT requests to itself CWE-16 Medium
Proxy accepts POST requests CWE-16 High
OPTIONS method is enabled CWE-200 Low
Oracle JavaServer Faces multiple vulnerabilities CVE-2013-3827 CWE-22 High
Oracle Reports rwservlet vulnerabilities CVE-2012-3152, CVE-2012-3153 CWE-20 High
Oracle Database Listener has no password CWE-16 High
Multiple vulnerabilities reported in Parallels Plesk Sitebuilder CWE-94 High
PHP-Fusion 6.00.109 SQL injection CVE-2005-4005 CWE-89 High
PHP.exe Windows CGI for Apache may let remote users view files on the server CVE-2002-2029 CWE-16 Low
PHP4 IMAP module buffer overflow vulnerability CWE-119 Medium
PHP4 multiple vulnerabilities CVE-2003-0860, CVE-2003-0861 CWE-119 Medium
PHPinfo page found CWE-200 Medium
PHP allow_url_fopen enabled CWE-16 Medium
PHP allow_url_include enabled CWE-16 High
PHP errors enabled CWE-16 Medium
PHP open_basedir is not set CWE-16 Medium
PHP register_globals enabled CWE-16 High
PHP session.use_trans_sid enabled CWE-16 Medium
phpLiteAdmin default password CWE-16 High
phpMyAdmin v3.5.2.2 backdoor CVE-2012-5159 CWE-95 High
phpMyAdmin SQL dump CWE-538 Medium
phpThumb() fltr[] parameter command injection vulnerability CVE-2010-1598 CWE-20 High
PHP 4.3.0 file disclosure and possible code execution CVE-2003-0097 CWE-20 Medium
PHP 5.3.9 remote code execution CVE-2012-0830 CWE-399 High
Multiple vulnerabilities fixed in PHP versions 5.5.12 and 5.4.28 CVE-2014-0185 CWE-16 Medium
PHP-CGI remote code execution CVE-2012-1823, CVE-2012-2311 CWE-20 High
PHP code injection CWE-94 High
PHP curl_exec() url is controlled by user CVE-2009-0037 CWE-352 Medium
PHP error logging format string vulnerability CVE-2000-0967 CWE-20 Medium
PHP eval() used on user input CWE-95 Informational
PHP hangs on parsing particular strings as floating point number CVE-2010-4645 CWE-189 Medium
PHP Hash Collision denial of service vulnerability CVE-2011-4885 CWE-20 High
PHP HTML entity encoder heap overflow vulnerability CVE-2006-5465 CWE-119 High
PHP HTTP POST incorrect MIME header parsing vulnerability CVE-2002-0717 CWE-20 Medium
PHP mail function ASCII control character header spoofing vulnerability CVE-2002-0986 CWE-20 Medium
PHP multipart/form-data denial of service CVE-2009-4017 CWE-400 Medium
PHP multiple vulnerabilities CVE-2004-1018, CVE-2004-1019, CVE-2004-1020, CVE-2004-1063, CVE-2004-1064, CVE-2004-1065 CWE-119 High
PHP POST file upload buffer overflow vulnerabilities CVE-2002-0081 CWE-119 High
PHP preg_replace used on user input CWE-20 Medium
PHP Safedir restriction bypass vulnerabilities CWE-20 High
PHP socket_iovec_alloc() integer overflow CVE-2003-0172 CWE-119 Medium
PHP super-globals-overwrite CWE-16 Medium
PHP undefined Safe_Mode_Include_Dir safemode bypass vulnerability CVE-2003-0863 CWE-16 Medium
PHP unserialize() used on user input CWE-20 Medium
PHP unspecified remote arbitrary file upload vulnerability CVE-2004-0959 CWE-20 High
PHP upload arbitrary file disclosure vulnerability CVE-2000-0860 CWE-538 Medium
PHP version older than 4.3.8 CVE-2004-0594, CVE-2004-0595 CWE-16 Medium
PHP version older than 4.4.1 CVE-2005-3388, CVE-2006-0097 CWE-16 High
PHP version older than 5.2.1 CVE-2007-1376, CVE-2007-1380, CVE-2007-1453, CVE-2007-1454 CWE-16 High
PHP version older than 5.2.3 CVE-2007-1900, CVE-2007-2756, CVE-2007-2872 CWE-16 High
PHP version older than 5.2.5 CVE-2007-4840, CVE-2007-4887, CVE-2007-5898, CVE-2007-5899, CVE-2007-5900 CWE-16 High
PHP version older than 5.2.6 CVE-2007-4850, CVE-2008-0599, CVE-2008-0674, CVE-2008-1384, CVE-2008-2050, CVE-2008-2051 CWE-16 High
PHP version older than 5.2.8 CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660 CWE-16 High
PHP Zend_Hash_Del_Key_Or_Index vulnerability CVE-2006-3017 CWE-702 High
Parallels Plesk SQL injection vulnerability CVE-2012-1557 CWE-89 High
Parallels Plesk SSO XML External Entity and Cross-site scripting CWE-611 High
Plone arbitrary code execution CVE-2011-3587 CWE-78 High
Plupload cross-site scripting vulnerability CVE-2013-0237 CWE-79 High
POP3 weak password CWE-16 High
Possible internal IP address disclosure CWE-200 Informational
Possible remote SWF inclusion CVE-2007-6244, CVE-2007-6637 CWE-79 Medium
Possible sensitive files CWE-200 Low
Possible server path disclosure (Unix) CWE-200 Informational
Possible server path disclosure (Windows) CWE-200 Informational
Possible username or password disclosure CWE-200 Informational
Possible virtual host found CWE-200 Low
PostgreSQL weak password CWE-16 High
Public key certificate CWE-200 Low
Ruby on Rails CookieStore session cookie persistence CWE-284 Low
Ruby on Rails database configuration file CWE-538 High
Rails mass assignment CWE-915 High
Ruby on Rails SQL injection CVE-2012-2695 CWE-89 High
Ruby on Rails XML processor YAML deserialization code execution CVE-2013-0156 CWE-20 High
Documentation file CWE-538 Low
Http redirect security bypass CWE-20 High
Remote XSL inclusion CWE-20 High
Reverse proxy bypass CVE-2011-3368 CWE-20 Medium
Rlogin service running CWE-16 Low
Roundcube security updates 0.8.6 and 0.7.3 CVE-2013-1904 CWE-22 High
RSA private key CWE-200 High
Rsh service running CWE-16 Low
Ruby on Rails directory traversal vulnerability CVE-2014-0130 CWE-22 High
Ruby on Rails database connection file CWE-538 High
Same site scripting CWE-16 Medium
Script source code disclosure CWE-538 High
Sensitive data not encrypted CWE-200 Low
Session fixation CWE-384 High
SFTP/FTP credentials exposure CWE-200 High
SharePoint exposed web services CWE-200 Medium
Reachable SharePoint interface CWE-16 High
SharePoint user enumeration CWE-200 High
Slow HTTP Denial of Service Attack Medium
SMB Administrator account without password CWE-16 High
SMB list shares CWE-16 Low
SMB null session CWE-16 Low
Exim Illegal IPv6 Address and SPA Authentication Buffer Overflow CVE-2005-0021 CWE-119 High
SMTP open mail relay CWE-16 Medium
SMTP EXPN/VRFY verbs enabled CWE-16 Medium
SNMP information disclosure CWE-16 Medium
Socks weak password CWE-16 High
Open SOCKS server CWE-16 Medium
Source code disclosure CWE-538 Medium
SQLite database found CWE-538 Medium
SQL injection CWE-89 High
SQL injection in the authentication header CWE-89 High
SSH weak password CWE-16 High
Debian OpenSSL predictable random number generator CVE-2008-0166 CWE-310 High
SSL 2.0 deprecated protocol CWE-16 High
The POODLE attack (SSLv3 supported) CVE-2014-3566 CWE-16 Medium
Your SSL certificate is about to expire CWE-298 Low
SSL certificate public key less than 2048 bit CWE-310 Medium
SSL certificate invalid date CWE-298 High
The FREAK attack (export cipher suites supported) CVE-2015-0204 CWE-310 Medium
NSS Library SSL v.2.0 remote command execution CVE-2007-0009 CWE-119 High
SSL weak ciphers CWE-310 Medium
Server side request forgery CWE-918 High
Apache Struts 2 ClassLoader manipulation and denial of service CVE-2014-0094, CVE-2014-0050 CWE-701 High
Multiple critical vulnerabilities in Apache Struts2 CVE-2012-0393 CWE-264 High
Struts2/XWork remote command execution CVE-2013-1966, CVE-2013-2115 CWE-94 High
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution CVE-2013-2251 CWE-20 High
Struts2/Xwork remote command execution CVE-2010-1870 CWE-264 High
Struts 2 development mode CWE-16 High
SVN repository found CWE-538 High
SWFUpload movieName cross site scripting vulnerability CVE-2012-3414 CWE-79 High
Sybase server weak password CWE-307 High
Symfony web debug toolbar CWE-16 Medium
SQL Injection in Symphony: CVE-2013-2559 CVE-2013-2559 CWE-89 High
Telnet service running CWE-16 Low
Telnet weak password CWE-307 High
Windows Terminal Services server running CWE-16 Informational
timthumb.php remote code execution CVE-2011-4106 CWE-20 High
TinyMCE ajax_create_folder remote code execution vulnerability CWE-94 High
TLS1/SSLv3 Renegotiation Vulnerability Medium
Apache Tomcat JK connector security bypass CVE-2007-1860 CWE-16 High
Tomcat status page CWE-200 Low
ToolsPack malware plugin CWE-95 High
TRACE method is enabled CWE-16 Low
TRACK method is enabled CWE-16 Low
Trojan horse detected CWE-507 High
Trojan shell script CWE-507 High
You are using an old version of Typo3 CWE-16 Medium
Umbraco CMS remote code execution CWE-94 High
Umbraco CMS TemplateService remote code execution CVE-2013-4793 CWE-94 High
Uncontrolled format string CWE-134 High
Unfiltered header injection in Apache 1.3.34/2.0.57/2.2.1 CVE-2006-3918 CWE-79 High
Unicode transformation issues CWE-176 High
Unprotected phpMyAdmin interface CWE-16 High
UnrealIRCd backdoor CVE-2010-2075 CWE-20 High
Uploadify arbitrary file upload CWE-434 High
Universal Plug and Play service running CWE-287 Medium
URL redirection CWE-601 Medium
User controllable charset CWE-20 Medium
User controllable script source CWE-79 High
User controllable tag parameter CWE-79 Medium
User-controlled form action CWE-20 Medium
Partial user controllable script source CWE-20 Medium
vBSEO 3.6.0 PHP code injection CVE-2012-5223 CWE-94 High
vBSEO remote code execution CVE-2014-9463 CWE-95 High
vBulletin 4 (up to 4.1.2) search.php SQL injection CWE-89 High
vBulletin 5.1.2 SQL injection CVE-2014-5102 CWE-89 High
vBulletin customer number disclosure CVE-2013-6129 CWE-264 High
vBulletin PHP object injection vulnerability CWE-915 High
View state MAC disabled CWE-16 Medium
Virtual host directory listing CWE-538 Medium
VNC does not require authentication CWE-287 High
RealVNC remote authentication bypass CVE-2006-2369 CWE-287 High
Vulnerable Javascript library CWE-16 High
Web Application Firewall detected CWE-16 Medium
CodeIgniter weak encryption key CWE-200 High
Weak password CWE-200 High
Ruby on Rails weak/known secret token CVE-2013-0156 CWE-200 High
webadmin.php script CWE-16 High
Webalizer script CWE-538 Medium
Configuration file source code disclosure CWE-538 High
WebDAV Directory with write permissions CWE-264 High
WebDAV directory listing CWE-538 Medium
WebDAV enabled CWE-16 Low
WebDAV remote code execution CWE-434 High
Configuration file disclosure CWE-538 High
WebLogic admin console weak credentials CWE-16 High
Webmail weak password CWE-200 High
WEBrick v.1.3 directory traversal CVE-2008-1145 CWE-22 High
Web server default welcome page CWE-16 Informational
WooFramework shortcode exploit CWE-95 High
WordPress PHP Object Injection CVE-2013-4338 CWE-94 High
WordPress 3.8.2 security release CWE-16 High
WordPress 3.x persistent script injection CWE-79 High
WordPress database credentials disclosure CWE-538 Medium
WordPress OptimizePress unrestricted file upload CVE-2013-7102 CWE-20 High
WordPress pingback scanner CVE-2013-0235 CWE-918 Medium
WordPress plugin Slider Revolution arbitrary file disclosure CWE-200 High
WordPress username enumeration CWE-200 Medium
WordPress W3 Total Cache plugin predictable cache filenames CVE-2012-6077, CVE-2012-6078, CVE-2012-6079 CWE-200 High
WordPress MailPoet Newsletters (wysija-newsletters) unauthenticated file upload CWE-434 High
WordPress XML-RPC authentication brute force CWE-521 Medium
WordPress plugin WPtouch insecure nonce generation CWE-287 High
WordPress 3.4.2 cross site request forgery CVE-2012-4448 CWE-352 Medium
WordPress caching plugins PHP code execution CVE-2013-2010 CWE-95 High
WS_FTP log file found CWE-538 Medium
X-Forwarded-For HTTP header security bypass CWE-287 High
Open X11 server CWE-16 High
XDMCP service running CWE-16 Low
XML external entity injection and XML injection CWE-611 High
XML external entity injection CWE-611 High
XML quadratic blowup denial of service attack CWE-400 High
XPath injection vulnerability CWE-643 High
Cross site scripting CWE-79 High
YUI uploader.swf cross site scripting CVE-2013-6780 CWE-79 High
Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack CWE-611 High
Zabbix SQL injection CVE-2013-5743 CWE-89 High
Zend framework configuration file information disclosure CWE-538 High
Zend Framework local file disclosure via XXE injection CVE-2012-3363 CWE-611 High
PHP magic_quotes_gpc is disabled High
PHP enable_dl enabled Medium
Custom errors disabled Medium
Application-level tracing enabled Medium
ASPX debugging enabled Medium
Cookies accessible from client-side scripts Medium
Cookieless session state enabled Medium
Cookieless authentication enabled Medium
Failure to require SSL for authentication cookies Medium
Login credentials stored in plain text Medium
ValidateRequest globally disabled Medium
EnableViewStateMac turned off Low
ViewStateUserKey not set Low
HTTPS connection is using SSL version 2 Medium
User credentials are sent in clear text Low
Password type input with autocomplete enabled Informational
Session Cookie without HttpOnly flag set Low
Session Cookie without Secure flag set Low
SQL Statement in comment Low