Acunetix Web Vulnerabilities Index

Vulnerability Name CVE CWE Severity
.htaccess file readable CWE-16
ASP code injection CWE-95 High
ASP.NET MVC version disclosure CWE-200 Low
ASP.NET application trace enabled CWE-16 Medium
ASP.NET debugging enabled CWE-16 Low
ASP.NET diagnostic page CWE-200 Medium
ASP.NET error message CWE-200 Medium
ASP.NET padding oracle vulnerability CVE-2010-3332 CWE-310 High
ASP.NET path disclosure CWE-200 Low
ASP.NET version disclosure CWE-200 Low
AWStats script CWE-538 Medium
Access database found CWE-538 Medium
Adobe ColdFusion 9 administrative login bypass CVE-2013-0625 CVE-2013-0629 CVE-2013-0631 CVE-2013-0632 CWE-287 High
Adobe ColdFusion directory traversal CVE-2013-3336 CWE-22 High
Adobe Coldfusion 8 multiple linked XSS vulnerabilies CVE-2009-1872 CWE-79 High
Adobe Flex 3 DOM-based XSS vulnerability CVE-2008-2640 CWE-79 High
AjaxControlToolkit directory traversal CVE-2015-4670 CWE-434 High
Akeeba backup access control bypass CWE-287 High
AmCharts SWF XSS vulnerability CVE-2012-1303 CWE-79 High
Amazon S3 public bucket CWE-264 Medium
AngularJS client-side template injection CWE-79 High
Apache 2.0.39 Win32 directory traversal CVE-2002-0661 CWE-22 High
Apache 2.0.43 Win32 file reading vulnerability CVE-2003-0017 CWE-20 High
Apache 2.2.14 mod_isapi Dangling Pointer CVE-2010-0425 CWE-20 High
Apache 2.x version equal to 2.0.51 CVE-2004-0811 CWE-264 Medium
Apache 2.x version older than 2.0.43 CVE-2002-0840 CVE-2002-1156 CWE-538 Medium
Apache 2.x version older than 2.0.45 CVE-2003-0132 CWE-400 Medium
Apache 2.x version older than 2.0.46 CVE-2003-0083 CVE-2003-0134 CVE-2003-0189 CVE-2003-0245 CWE-20 Medium
Apache 2.x version older than 2.0.47 CVE-2003-0192 CVE-2003-0253 CVE-2003-0254 CWE-20 Medium
Apache 2.x version older than 2.0.48 CVE-2003-0542 CVE-2003-0789 CWE-119 Medium
Apache 2.x version older than 2.0.49 CVE-2003-0020 CVE-2004-0113 CVE-2004-0174 CWE-20 Medium
Apache 2.x version older than 2.0.51 CVE-2004-0747 CVE-2004-0748 CVE-2004-0751 CVE-2004-0786 CVE-2004-0809 CWE-119 Medium
Apache 2.x version older than 2.0.55 CVE-2005-1268 CVE-2005-2088 CVE-2005-2491 CVE-2005-2700 CVE-2005-2728 CVE-2005-2970 CWE-119 Medium
Apache 2.x version older than 2.0.61 CVE-2006-5752 CVE-2007-1863 CVE-2007-3304 CVE-2007-3847 CWE-701 Medium
Apache 2.x version older than 2.0.63 CVE-2007-5000 CVE-2007-6388 CVE-2008-0005 CWE-79 Medium
Apache 2.x version older than 2.2.10 CVE-2008-2939 CVE-2010-2791 CWE-79 Low
Apache 2.x version older than 2.2.3 CVE-2006-3747 CWE-189 Medium
Apache 2.x version older than 2.2.6 CVE-2006-5752 CVE-2007-1862 CVE-2007-1863 CVE-2007-3304 CVE-2007-3847 CWE-20 Medium
Apache 2.x version older than 2.2.8 CVE-2007-5000 CVE-2007-6388 CVE-2007-6421 CVE-2007-6422 CVE-2008-0005 CWE-79 Medium
Apache 2.x version older than 2.2.9 CVE-2007-6420 CVE-2008-2364 CWE-399 Medium
Apache Axis2 administration console weak password CWE-200 High
Apache Axis2 information disclosure CWE-200 Medium
Apache Axis2 web services enumeration CWE-200 Low
Apache Axis2 xsd local file inclusion CWE-22 High
Apache Geronimo default administrative credentials CWE-16 High
Apache JServ protocol service CWE-16 Medium
Apache Proxy HTTP CONNECT method enabled CWE-16 Medium
Apache Roller OGNL injection CVE-2013-4212 CWE-20 High
Apache Solr endpoint CWE-16 Low
Apache Struts 2 ClassLoader manipulation and denial of service CVE-2014-0094 CWE-701 High
Apache Struts 2 ClassLoader manipulation and denial of service CVE-2014-0112 CWE-701 High
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution CVE-2013-2251 CWE-20 High
Apache Struts2 remote code execution vulnerability CVE-2016-0785 CWE-78 High
Apache Tomcat "allowLinking" on Case Insensitive Filesystems CWE-538 High
Apache Tomcat "allowLinking" on case insensitive filesystems CVE-2008-2938 CWE-22 High
Apache Tomcat JK connector security bypass CVE-2007-1860 CWE-16 High
Apache Tomcat WAR file directory traversal vulnerability CVE-2009-2693 CVE-2009-2901 CWE-22 Medium
Apache Tomcat directory host Appbase authentication bypass vulnerability CVE-2009-2901 CWE-264 Medium
Apache Tomcat directory traversal CVE-2007-0450 CWE-22 Medium
Apache Tomcat examples directory vulnerabilities CWE-264 Medium
Apache Tomcat hello.jsp XSS CVE-2007-1355 CWE-79 Low
Apache Tomcat insecure default administrative password CWE-284 High
Apache Tomcat sample files CWE-538 Medium
Apache Tomcat version older than 4.1.37 CVE-2005-3164 CVE-2007-1355 CVE-2007-2449 CVE-2007-2450 CVE-2007-3382 CVE-2007-3383 CVE-2007-3385 CVE-2007-5333 CVE-2007-5461 CWE-79 Medium
Apache Tomcat version older than 4.1.39 CVE-2008-0128 CVE-2008-1232 CVE-2008-2370 CWE-22 Medium
Apache Tomcat version older than 5.5.25 CVE-2007-2449 CVE-2007-2450 CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 CWE-79 Medium
Apache Tomcat version older than 5.5.26 CVE-2007-5333 CVE-2007-5342 CVE-2007-5461 CVE-2007-6286 CWE-264 Medium
Apache Tomcat version older than 5.5.27 CVE-2008-1232 CVE-2008-1947 CVE-2008-2370 CWE-22 Medium
Apache Tomcat version older than 6.0.10 CVE-2007-0450 CWE-22 Medium
Apache Tomcat version older than 6.0.11 CVE-2005-2090 CVE-2007-1355 CWE-79 Medium
Apache Tomcat version older than 6.0.14 CVE-2007-2449 CVE-2007-2450 CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 CWE-79 Medium
Apache Tomcat version older than 6.0.16 CVE-2007-5333 CVE-2007-5342 CVE-2007-5461 CVE-2007-6286 CVE-2008-0002 CWE-264 Medium
Apache Tomcat version older than 6.0.18 CVE-2008-1232 CVE-2008-1947 CVE-2008-2370 CWE-79 Medium
Apache Tomcat version older than 6.0.35 CVE-2011-3190 CVE-2011-3375 CVE-2012-0022 CWE-264 High
Apache Tomcat version older than 6.0.36 CVE-2012-2733 CVE-2012-3439 CVE-2012-3546 CVE-2012-4431 CVE-2012-4534 CWE-20 High
Apache Tomcat version older than 6.0.6 CVE-2007-1358 CWE-79 Low
Apache Tomcat version older than 6.0.9 CVE-2008-0128 CWE-16 Medium
Apache Tomcat version older than 7.0.21 CVE-2011-3190 CWE-264 High
Apache Tomcat version older than 7.0.23 CVE-2012-0022 CWE-189 High
Apache Tomcat version older than 7.0.28 CVE-2012-2733 CVE-2012-4534 CWE-20 High
Apache Tomcat version older than 7.0.30 CVE-2012-3439 CVE-2012-3544 CVE-2012-3546 CWE-20 High
Apache Tomcat version older than 7.0.32 CVE-2012-4431 CWE-264 High
Apache Win32 batch file remote command execution vulnerability CVE-2002-0061 CWE-20 High
Apache configured to run as proxy CWE-16 Medium
Apache error log escape sequence injection vulnerability CVE-2003-0020 CWE-20 Medium
Apache httpOnly cookie disclosure CVE-2012-0053 CWE-264 Medium
Apache httpd remote denial of service CVE-2011-3192 CWE-399 Medium
Apache mod_negotiation filename bruteforcing CWE-538 Low
Apache mod_rewrite off-by-one buffer overflow vulnerability CVE-2006-3747 CWE-189 High
Apache perl-status enabled CWE-200 Medium
Apache server-info enabled CWE-200 Medium
Apache server-status enabled CWE-200 Medium
Apache solr service exposed CWE-16 High
Apache stronghold-info enabled CWE-200 Low
Apache stronghold-status enabled CWE-200 Low
Apache version older than 1.3.27 CVE-2002-0839 CVE-2002-0840 CVE-2002-0843 CWE-119 Medium
Apache version older than 1.3.28 CVE-2003-0460 CWE-20 Medium
Apache version older than 1.3.29 CVE-2003-0542 CWE-119 Medium
Apache version older than 1.3.31 CVE-2003-0020 CVE-2003-0987 CVE-2003-0993 CVE-2004-0174 CWE-264 Medium
Apache version older than 1.3.34 CVE-2005-2088 CWE-20 Medium
Apache version older than 1.3.37 CVE-2006-3747 CWE-189 Medium
Apache version older than 1.3.39 CVE-2006-5752 CVE-2007-3304 CWE-79 Medium
Apache version older than 1.3.41 CVE-2007-6388 CWE-79 Medium
Apache version up to 1.3.33 htpasswd local overflow CVE-2006-1078 CWE-119 Low
Application error message CWE-200 Medium
Arbitrary file creation CWE-20 High
Arbitrary file deletion CWE-20 High
Arbitrary file existence disclosure in Action Pack CVE-2014-7829 CWE-200 Medium
Arbitrary local file read via file upload CWE-200 High
Aspect Low
Atlassian Jira DOM-based cross-site scripting vulnerability CWE-79 High
BREACH attack CVE-2013-3587 CWE-310 Medium
Backup files CWE-538 Medium
Barracuda networks products multiple directory traversal vulnerabilities CWE-22 High
Bash code injection vulnerability CVE-2014-6271 CWE-78 High
Basic authentication over HTTP CWE-16 Medium
Bazaar repository found CWE-538 High
Blind XSS CWE-80 High
Bonjour service running CWE-16 Low
Broken links CWE-16 Informational
CKEditor 4.0.1 cross-site scripting vulnerability CWE-79 High
CRIME SSL/TLS attack CVE-2012-4929 CWE-310 Medium
CRLF injection/HTTP response splitting CWE-113 Medium
CVS web repository CWE-16 High
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability CVE-2010-4335 CWE-20 High
Chargen service running CWE-16 Medium
Check for apache versions up to 1.3.25, 2.0.38 CVE-2002-0392 CWE-119 High
Chrome Logger information disclosure CWE-16 Medium
Clickjacking: X-Frame-Options header missing CWE-693 Low
Code execution CWE-94 High
CodeIgniter 2.1.3 xss_clean() filter bypass CVE-2013-4891 CWE-80 High
CodeIgniter session decoding vulnerability CWE-16 High
CodeIgniter weak encryption key CWE-200 High
ColdFusion 8 FCKEditor file upload vulnerability CVE-2009-2265 CWE-22 High
ColdFusion 9 solr service exposed CVE-2010-0185 CWE-264 High
ColdFusion User-Agent cross-site scripting CVE-2007-0817 CWE-79 High
ColdFusion administrator login page publicly available CWE-16 Low
ColdFusion directory traversal CVE-2010-2861 CWE-22 High
ColdFusion path disclosure CWE-200 Low
Configuration file disclosure CWE-538 High
Configuration file source code disclosure CWE-538 High
Content type is not specified CWE-16 Informational
Cookie without HttpOnly flag set CWE-16 Low
Cookie without Secure flag set CWE-16 Low
Core dump checker PHP script CWE-200 Medium
Core dump file CWE-200 High
Credit card number disclosed CWE-200 Medium
Cross domain data hijacking CWE-20 Medium
Cross frame scripting CWE-79 Medium
Cross site scripting CWE-79 High
Cross site scripting vulnerability in JW Player SWF CVE-2012-3351 CWE-79 High
Cross site scripting vulnerability in SimpleViewer CWE-79 High
Cross site scripting vulnerability in Uploadify SWF CWE-79 High
Cross site scripting vulnerability in ZeroClipboard.swf CWE-79 High
Cross site scripting vulnerability in clipboard.swf CWE-79 High
Cross site scripting vulnerability in flowplayer SWF CVE-2013-7342 CWE-79 High
Cross site scripting vulnerability in jPlayer SWF CVE-2013-2023 CWE-79 High
Cross-site scripting vulnerability in Google Web Toolkit CVE-2012-4563 CWE-80 High
Cross-site scripting vulnerability in Google Web Toolkit CVE-2012-5920 CWE-80 High
Cross-site scripting vulnerability in Open Flash Chart CVE-2013-1636 CWE-79 High
DNS cache poisoning CVE-2008-1447 CWE-16 High
DNS cache snooping CWE-16 Medium
DNS open recursion CWE-16 Medium
DNS zone transfer CVE-1999-0532 CWE-16 High
DOM-based cross site scripting CWE-79 High
Database connection string disclosure CWE-200 Medium
Daytime service running CWE-16 Informational
Debian OpenSSL predictable random number generator CVE-2008-0166 CWE-310 High
Debian OpenSSL predictable random number generator CVE-2008-0166 CWE-310 High
Development configuration file CWE-538 Medium
Devise weak password CWE-200 High
Directory listing CWE-538 Medium
Directory traversal CWE-22 High
Directory traversal in Spring framework CVE-2014-3625 CWE-22 High
Django debug mode enabled CWE-200 Medium
Documentation file CWE-538 Low
DotNetNuke multiple vulnerabilities CVE-2012-1030 CWE-79 High
Drupal 7 arbitrary PHP code execution and information disclosure CVE-2012-4553 CVE-2012-4554 CWE-264 High
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.1) CVE-2005-0682 CWE-79 High
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.5) CVE-2005-3973 CWE-79 High
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.7) CVE-2006-1226 CWE-79 High
Drupal Core 4.5.x Mail Header Injection (4.5.0 - 4.5.7) CWE-20 High
Drupal Core 4.5.x Multiple Vulnerabilities (4.5.0 - 4.5.5) CWE-79 CWE-113 High
Drupal Core 4.5.x Security Bypass (4.5.0 - 4.5.7) CWE-264 High
Drupal Core 4.5.x Session Fixation (4.5.0 - 4.5.7) CWE-384 High
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.6) CVE-2006-2743 CWE-95 High
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.7) CVE-2006-2831 CWE-95 High
Drupal Core 4.6.x Cross-Site Request Forgery (4.6.0 - 4.6.9) CVE-2006-5476 CWE-352 High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.10) CVE-2007-0136 CWE-79 High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.3) CVE-2005-3973 CWE-79 High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.5) CVE-2006-1226 CWE-79 High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.7) CVE-2006-2833 CWE-79 High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.8) CVE-2006-4002 CWE-79 High
Drupal Core 4.6.x Denial of Service (4.6.0 - 4.6.10) CVE-2007-0124 CWE-400 High
Drupal Core 4.6.x Form Action Attribute Injection (4.6.0 - 4.6.9) CVE-2006-5477 CWE-20 High
Drupal Core 4.6.x Mail Header Injection (4.6.0 - 4.6.5) CWE-20 High
Drupal Core 4.6.x Multiple Cross-Site Scripting Vulnerabilities (4.6.0 - 4.6.9) CVE-2006-5475 CWE-79 High
Drupal Core 4.6.x Multiple Vulnerabilities (4.6.0 - 4.6.3) CWE-79 CWE-113 High
Drupal Core 4.6.x SQL Injection (4.6.0 - 4.6.6) CVE-2006-2742 CWE-89 High
Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.3) CVE-2005-3974 CWE-264 High
Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.5) CWE-264 High
Drupal Core 4.6.x Session Fixation (4.6.0 - 4.6.5) CWE-384 High
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.0) CVE-2006-2743 CWE-95 High
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5) CVE-2007-0626 CWE-95 High
Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.10) CVE-2008-0272 CWE-352 High
Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.3) CVE-2006-5476 CWE-352 High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.1) CVE-2006-2833 CWE-79 High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.10) CVE-2008-0273 CWE-79 High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.10) CVE-2008-0274 CWE-79 High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.2) CVE-2006-4002 CWE-79 High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.4) CVE-2007-0136 CWE-79 High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.7) CVE-2007-5596 CWE-79 High
Drupal Core 4.7.x Denial of Service (4.7.0 - 4.7.4) CVE-2007-0124 CWE-400 High
Drupal Core 4.7.x Form Action Attribute Injection (4.7.0 - 4.7.3) CVE-2006-5477 CWE-20 High
Drupal Core 4.7.x HTTP Response Splitting (4.7.0 - 4.7.7) CVE-2007-5595 CWE-113 High
Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.3) CVE-2006-5475 CWE-79 High
Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.6) CVE-2007-4064 CWE-79 High
Drupal Core 4.7.x Multiple Vulnerabilities (4.7.0 - 4.7.1) CVE-2006-2831 CVE-2006-2832 CWE-79 CWE-95 High
Drupal Core 4.7.x SQL Injection (4.7.0 - 4.7.0) CVE-2006-2742 CWE-89 High
Drupal Core 4.7.x SQL Injection (4.7.0 - 4.7.8) CVE-2007-6299 CWE-89 High
Drupal Core 4.7.x Security Bypass (4.7.0 - 4.7.7) CVE-2007-5597 CWE-702 High
Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.0) CVE-2007-0626 CWE-95 High
Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.2) CVE-2007-5593 CWE-95 High
Drupal Core 5.x Cross-Site Request Forgery (5.0 - 5.2) CVE-2007-5594 CWE-352 High
Drupal Core 5.x Cross-Site Request Forgery (5.0 - 5.5) CVE-2008-0272 CWE-352 High
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.16) CVE-2009-1575 CVE-2009-1576 CVE-2009-1844 CWE-79 High
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.17) CVE-2009-1844 CWE-79 High
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.2) CVE-2007-5596 CWE-79 High
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.20) CVE-2009-4369 CWE-79 High
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.5) CVE-2008-0274 CWE-79 High
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.5) CVE-2008-0273 CWE-79 High
Drupal Core 5.x HTTP Response Splitting (5.0 - 5.2) CVE-2007-5595 CWE-113 High
Drupal Core 5.x Information Disclosure (5.0 - 5.18) CVE-2009-2374 CWE-200 High
Drupal Core 5.x Local File Inclusion (5.0 - 5.11) CVE-2008-6171 CWE-22 High
Drupal Core 5.x Local File Inclusion (5.0 - 5.15) CWE-22 High
Drupal Core 5.x Multiple Cross-Site Request Forgery Vulnerabilities (5.0 - 5.1) CVE-2007-4063 CWE-352 High
Drupal Core 5.x Multiple Cross-Site Scripting Vulnerabilities (5.0 - 5.1) CVE-2007-4064 CWE-79 High
Drupal Core 5.x Multiple Security Bypass Vulnerabilities (5.0 - 5.10) CVE-2008-4790 CVE-2008-4791 CVE-2008-4792 CVE-2008-4793 CWE-264 High
Drupal Core 5.x Multiple Security Bypass Vulnerabilities (5.0 - 5.22) CVE-2010-3092 CVE-2010-3093 CWE-264 High
Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.12) CVE-2008-6532 CVE-2008-6533 CWE-79 CWE-352 High
Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.21) CWE-79 CWE-264 CWE-601 High
Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.7) CVE-2008-3219 CVE-2008-3220 CVE-2008-3222 CWE-352 CWE-384 High
Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.9) CVE-2008-3740 CVE-2008-3741 CVE-2008-3742 CVE-2008-3744 CWE-79 CWE-352 CWE-434 High
Drupal Core 5.x SQL Injection (5.0 - 5.14) CWE-89 High
Drupal Core 5.x SQL Injection (5.0 - 5.3) CVE-2007-6299 CWE-89 High
Drupal Core 5.x Security Bypass (5.0 - 5.2) CVE-2007-5597 CWE-702 High
Drupal Core 5.x Session Fixation (5.0 - 5.19) CWE-384 High
Drupal Core 5.x Session Fixation (5.0 - 5.8) CWE-384 High
Drupal Core 6.x Cross-Site Scripting (6.0 - 6.10) CVE-2009-1575 CVE-2009-1576 CVE-2009-1844 CWE-79 High
Drupal Core 6.x Cross-Site Scripting (6.0 - 6.11) CVE-2009-1844 CWE-79 High
Drupal Core 6.x Denial of Service (6.0 - 6.32) CVE-2014-5265 CVE-2014-5266 CVE-2014-5267 CWE-400 High
Drupal Core 6.x Information Disclosure (6.0 - 6.30) CVE-2014-2983 CWE-200 High
Drupal Core 6.x Local File Inclusion (6.0 - 6.9) CWE-22 High
Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0 - 6.0) CVE-2008-1131 CVE-2008-1133 CWE-79 High
Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0 - 6.14) CVE-2009-4369 CVE-2009-4370 CWE-79 High
Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0 - 6.20) CWE-79 High
Drupal Core 6.x Multiple Security Bypass Vulnerabilities (6.0 - 6.4) CVE-2008-4789 CVE-2008-4791 CVE-2008-4792 CWE-264 High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.12) CVE-2009-2372 CVE-2009-2373 CVE-2009-2374 CWE-79 CWE-200 CWE-264 High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.13) CWE-264 CWE-352 CWE-434 High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.15) CWE-79 CWE-264 CWE-601 High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.17) CVE-2010-3091 CVE-2010-3092 CVE-2010-3093 CVE-2010-3094 CVE-2010-3685 CVE-2010-3686 CWE-79 CWE-264 High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.2) CVE-2008-3218 CVE-2008-3219 CVE-2008-3220 CVE-2008-3221 CVE-2008-3222 CVE-2008-3223 CWE-79 CWE-89 CWE-352 CWE-384 High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.22) CVE-2012-0825 CVE-2012-0826 CWE-264 CWE-352 High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.26) CVE-2012-5651 CVE-2012-5652 CVE-2012-5653 CWE-95 CWE-264 High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.27) CVE-2013-0244 CVE-2013-0245 CWE-79 CWE-264 High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.28) CVE-2013-6385 CVE-2013-6386 CWE-95 CWE-264 CWE-330 High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.3) CVE-2008-3740 CVE-2008-3741 CVE-2008-3742 CVE-2008-3743 CVE-2008-3744 CVE-2008-3745 CWE-79 CWE-264 CWE-352 CWE-434 High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.31) CVE-2014-5019 CVE-2014-5021 CWE-79 CWE-400 High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.34) CVE-2015-2559 CVE-2015-2749 CVE-2015-2750 CWE-264 CWE-601 High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.36) CVE-2015-6658 CVE-2015-6660 CVE-2015-6661 CWE-79 CWE-200 CWE-352 High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.37) CVE-2016-3163 CVE-2016-3164 CVE-2016-3165 CVE-2016-3166 CVE-2016-3167 CVE-2016-3168 CVE-2016-3169 CVE-2016-3171 CWE-113 CWE-287 CWE-405 CWE-601 High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.5) CVE-2008-6170 CVE-2008-6171 CWE-22 CWE-79 High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.6) CVE-2008-6532 CVE-2008-6533 CWE-79 CWE-352 High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.8) CWE-89 CWE-264 High
Drupal Core 6.x Security Bypass (6.0 - 6.1) CWE-264 High
Drupal Core 6.x Security Bypass (6.0 - 6.29) CVE-2014-1475 CWE-287 High
Drupal Core 6.x Security Bypass (6.0 - 6.35) CVE-2015-3234 CWE-287 High
Drupal Core 6.x Session Hijacking (6.0 - 6.33) CVE-2014-9015 CWE-384 High
Drupal Core 7.x Cross-Site Request Forgery (7.0 - 7.12) CVE-2007-6752 CWE-352 High
Drupal Core 7.x Denial of Service (7.0 - 7.19) CVE-2013-0316 CWE-400 High
Drupal Core 7.x Denial of Service (7.0 - 7.30) CVE-2014-5265 CVE-2014-5266 CVE-2014-5267 CWE-400 High
Drupal Core 7.x Information Disclosure (7.0 - 7.14) CVE-2012-2922 CWE-200 High
Drupal Core 7.x Information Disclosure (7.0 - 7.26) CVE-2014-2983 CWE-200 High
Drupal Core 7.x Multiple Security Bypass Vulnerabilities (7.0 - 7.25) CVE-2014-1475 CVE-2014-1476 CWE-264 CWE-287 High
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.0) CWE-79 CWE-264 High
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.10) CVE-2012-0825 CVE-2012-0826 CVE-2012-0827 CWE-264 CWE-352 High
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.12) CVE-2012-1588 CVE-2012-1589 CVE-2012-1590 CVE-2012-1591 CVE-2012-2153 CWE-264 CWE-400 CWE-601 High
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.15) CVE-2012-4553 CVE-2012-4554 CWE-95 CWE-538 High
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.17) CVE-2012-5651 CVE-2012-5653 CWE-95 CWE-264 High
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.18) CVE-2013-0244 CVE-2013-0245 CVE-2013-0246 CWE-79 CWE-264 High
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.23) CVE-2013-6385 CVE-2013-6386 CVE-2013-6387 CVE-2013-6388 CVE-2013-6389 CWE-79 CWE-95 CWE-264 CWE-330 CWE-601 High
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.28) CVE-2014-5019 CVE-2014-5020 CVE-2014-5021 CVE-2014-5022 CWE-79 CWE-264 CWE-400 High
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.33) CVE-2014-9015 CVE-2014-9016 CWE-384 CWE-400 High
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.34) CVE-2015-2559 CVE-2015-2749 CVE-2015-2750 CWE-264 CWE-601 High
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.37) CVE-2015-3231 CVE-2015-3232 CVE-2015-3233 CVE-2015-3234 CWE-200 CWE-287 CWE-601 High
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.38) CVE-2015-6658 CVE-2015-6659 CVE-2015-6660 CVE-2015-6661 CVE-2015-6665 CWE-79 CWE-89 CWE-200 CWE-352 High
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.42) CVE-2016-3162 CVE-2016-3163 CVE-2016-3164 CVE-2016-3168 CVE-2016-3169 CVE-2016-3170 CWE-200 CWE-287 CWE-400 CWE-405 CWE-601 High
Drupal Core 7.x Open Redirect (7.0 - 7.40) CVE-2015-7943 CWE-601 High
Drupal Core 7.x SQL Injection (7.0 - 7.31) CVE-2014-3704 CWE-89 High
Drupal Core 7.x Security Bypass (7.0 - 7.2) CVE-2011-2687 CWE-264 High
Drupal Core 7.x Security Bypass (7.0 - 7.4) CVE-2011-2726 CWE-264 High
Drupal Core 8.0.x Multiple Vulnerabilities (8.0.0 - 8.0.3) CVE-2016-3162 CVE-2016-3164 CVE-2016-3170 CWE-200 CWE-287 CWE-400 CWE-601 High
Drupal Views module information disclosure vulnerability CWE-200 Medium
Drupal core 7.x SQL injection vulnerability CVE-2014-3704 CWE-89 High
Echo service running CWE-16 Medium
Ektron CMS Account Hijack CWE-264 High
Ektron CMS multiple vulnerabilities CWE-434 High
Ektron CMS unauthenticated code execution and Local File Read CVE-2012-5357 CVE-2012-5358 CWE-20 High
Ektron CMS400.NET ContentRatingGraph.aspx SQL injection CVE-2008-5122 CWE-89 High
EktronCMS Saxon XSLT parser remote code execution CVE-2015-0931 CWE-78 High
Elasticsearch remote code execution CVE-2014-3120 CWE-78 High
Elasticsearch service accessible CWE-16 High
Email Header Injection CWE-20 High
Email address found CWE-200 Informational
Email injection CWE-20 High
Environment variable information disclosure CWE-200 Low
Error message CWE-200 Medium
Error message on page CWE-200 Medium
Error page path disclosure CWE-200 Low
Error page web server version disclosure CWE-200 Informational
Exim Illegal IPv6 Address and SPA Authentication Buffer Overflow CVE-2005-0021 CWE-119 High
Expression language injection CWE-917 High
Ext JS arbitrary file read CWE-22 High
ExtJS charts.swf cross site scripting CWE-80 High
FCKeditor arbitrary file upload CVE-2009-2265 CWE-22 Medium
FCKeditor spellchecker.php cross site scripting vulnerability CVE-2012-4000 CWE-79 High
FTP anonymous logins CWE-16 Low
FTP anonymous writable directories CWE-16 Medium
FTP weak password CWE-16 High
Fantastico fileslist CWE-538 Medium
File inclusion CWE-20 High
File tampering CWE-20 Medium
File upload CWE-16 Low
File upload XSS CWE-79 High
File upload XSS (Java applet) CWE-79 High
Files listed in robots.txt but not linked CWE-200 Informational
Finger service running CWE-16 Medium
Flask debug mode CWE-16 High
Frontpage authors.pwd available CWE-538 Medium
Frontpage extensions enabled CWE-16 Low
Full public read access Azure blob storage CWE-264 Medium
Gallery 3.0.4 remote code execution CWE-20 High
Genericons DOM-based XSS vulnerability CWE-80 High
Git repository found CWE-538 High
GlassFish admin console weak credentials CWE-16 High
Global.asa backup file found CWE-538 Medium
Grails database console CWE-16 Medium
HTML Form found in redirect page CWE-287 Low
HTML form susceptible to spam CWE-20 Medium
HTML form without CSRF protection CWE-352 Medium
HTML injection CWE-80 Medium
HTTP parameter pollution CWE-88 Medium
HTTP verb tampering CWE-285 High
HTTP verb tampering CWE-285 High
HTTP.sys remote code execution vulnerability CVE-2015-1635 CWE-119 High
HTTPS connection is using SSL version 2 CWE-310 Medium
HTTPS connection with weak key length CWE-310 Medium
Hadoop cluster web interface CWE-16 High
Hidden form input named price was found CWE-16 Low
HipChat for JIRA plugin - Velocity template injection CVE-2015-5603 CWE-94 High
Horde remote code execution CVE-2014-1691 CWE-94 High
Horde/IMP Plesk webmail exploit CWE-20 High
Host header attack CWE-20 Medium
Host header attack AcuMonitor CWE-20 High
Hostile subdomain takeover CWE-16 High
Http redirect security bypass CWE-20 High
IBM Lotus Domino web server Cross-Site Scripting vulnerabilities CVE-2012-3301 CVE-2012-3302 CWE-79 High
IBM Tivoli Access Manager directory traversal CVE-2010-4622 CVE-2011-0494 CWE-22 High
IBM Web Content Manager XPath injection CVE-2013-6735 CWE-264 High
IBM WebSphere administration console weak password CWE-200 High
IBM WebSphere application source file exposure CWE-200 High
IIS extended unicode directory traversal vulnerability CVE-2000-0884 CWE-22 High
IMAP weak password CWE-16 High
Insecure CORS configuration High
Insecure Flash embed parameter CWE-284 Low
Insecure clientaccesspolicy.xml file CWE-16 Medium
Insecure crossdomain.xml file CWE-284 Medium
Insecure response with wildcard '*' in Access-Control-Allow-Origin CWE-16 Low
Insecure transition from HTTP to HTTPS in form post CWE-200 Medium
Insecure transition from HTTPS to HTTP in form post CWE-200 Low
Internet Explorer XSS Protection disabled on this page CWE-16 Informational
Internet Information Server returns IP address in HTTP header (Content-Location) CWE-200 Low
Invision Power Board version 3.3.4 unserialize PHP code execution CVE-2012-5692 CWE-20 High
JAAS authentication bypass CWE-16 High
JBoss BSHDeployer MBean CWE-16 High
JBoss HttpAdaptor JMXInvokerServlet CWE-16 High
JBoss JMX Console Unrestricted Access CWE-16 High
JBoss JMX management console CWE-16 High
JBoss Seam framework remote code execution CVE-2010-1871 CWE-94 High
JBoss Seam remoting vulnerabilities CVE-2013-6447 CVE-2013-6448 CWE-611 High
JBoss Server MBean CWE-16 High
JBoss ServerInfo MBean CVE-2010-0738 CWE-16 High
JBoss Web Console JMX Invoker CWE-16 High
JBoss status servlet information leak CVE-2010-1429 CWE-200 Medium
JBoss web service console CWE-200 Low
JIRA Security Advisory 2012-08-28 CWE-79 High
JIRA Security Advisory 2013-02-21 CWE-16 High
JIRA Security Advisory 2014-02-26 CWE-22 High
JSF ViewState client side storage CWE-16 Medium
JSP authentication bypass CWE-287 High
JVM version leakage CWE-200 Low
Java Debug Wire Protocol remote code execution CWE-16 High
Java Management Extensions (JMX/RMI) service detected CWE-16 Medium
Java object deserialization of user-supplied data CWE-20 Medium
Javascript eval() usage CWE-200 Informational
Jenkins dashboard CWE-200 Medium
JetBrains .idea project directory CWE-538 Medium
JetLeak vulnerability CVE-2015-2080 CWE-200 High
Jetpack 2.9.3: Critical Security Update CVE-2014-0173 CWE-287 High
Joomla 1.5 end of life CWE-16 High
Joomla! 1.6.0 SQL injection vulnerability CVE-2011-1151 CWE-89 High
Joomla! 1.6/1.7/2.5 privilege escalation vulnerability CVE-2012-1563 CWE-264 High
Joomla! 1.7/2.5 SQL injection vulnerability CVE-2012-1116 CWE-89 High
Joomla! 3.2.1 sql injection CWE-89 High
Joomla! Core 1.0 Remote File Inclusion (1.0.0 - 1.0.0) CVE-2006-2960 CWE-94 High
Joomla! Core 1.0.5 Security Bypass (1.0.5 - 1.0.5) CVE-2006-0114 CWE-264 High
Joomla! Core 1.0.x Cross-Site Scripting (1.0.0 - 1.0.11) CVE-2006-6832 CWE-79 High
Joomla! Core 1.0.x Cross-Site Scripting (1.0.0 - 1.0.15) CWE-79 High
Joomla! Core 1.0.x Cross-Site Scripting (1.0.0 - 1.0.15) CVE-2011-0005 CWE-79 High
Joomla! Core 1.0.x Multiple Cross-Site Scripting Vulnerabilities (1.0.0 - 1.0.10) CVE-2006-4474 CWE-79 High
Joomla! Core 1.0.x Multiple Cross-Site Scripting Vulnerabilities (1.0.0 - 1.0.12) CVE-2007-4189 CVE-2007-4190 CVE-2007-5577 CWE-79 High
Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.10) CVE-2006-4466 CVE-2006-4468 CVE-2006-4469 CVE-2006-4470 CVE-2006-4472 CVE-2006-4473 CVE-2006-4475 CVE-2006-4476 High
Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.11) CVE-2006-6833 CVE-2006-6834 High
Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.5) CVE-2006-0303 High
Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.7) CVE-2006-1030 CVE-2006-1047 High
Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.9) CVE-2006-7008 CVE-2006-7009 High
Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - 1.0.12) CVE-2007-4184 CVE-2007-4185 CWE-89 CWE-200 High
Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - 1.0.13) CVE-2007-5427 CWE-79 CWE-352 High
Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - 1.0.3) CVE-2005-3771 CVE-2005-3772 CVE-2005-4650 CWE-79 CWE-89 CWE-400 High
Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - 1.0.7) CVE-2006-1027 CVE-2006-1028 CVE-2006-1029 CVE-2006-1048 CVE-2006-1049 CWE-89 CWE-200 CWE-264 CWE-400 High
Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - 1.0.9) CVE-2006-3480 CVE-2006-3481 CVE-2006-7010 CWE-79 CWE-89 High
Joomla! Core 1.0.x Remote File Inclusion (1.0.11 - 1.0.14) CVE-2008-5671 CWE-94 High
Joomla! Core 1.0.x SQL Injection (1.0.0 - 1.0.11) CVE-2007-0374 CWE-89 High
Joomla! Core 1.0.x Security Bypass (1.0.0 - 1.0.10) CVE-2006-4471 CWE-264 High
Joomla! Core 1.0.x Session Fixation (1.0.0 - 1.0.12) CVE-2007-4188 CWE-287 High
Joomla! Core 1.0.x Unspecified Vulnerability (1.0.0 - 1.0.3) CVE-2005-3773 High
Joomla! Core 1.5.12 Arbitrary File Upload (1.5.12 - 1.5.12) CVE-2011-4906 CVE-2011-4908 CWE-434 High
Joomla! Core 1.5.x Arbitrary File Upload (1.5.0 - 1.5.15) CVE-2010-1433 CWE-434 High
Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - 1.5.10) CVE-2009-1939 CWE-79 High
Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - 1.5.10) CVE-2009-1940 CWE-79 High
Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - 1.5.10) CVE-2009-1938 CWE-79 High
Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - 1.5.11) CVE-2011-4910 CWE-79 High
Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - 1.5.11) CVE-2011-4909 CWE-79 High
Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - 1.5.7) CVE-2008-6299 CWE-79 High
Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - 1.5.9) CVE-2009-1279 CWE-79 High
Joomla! Core 1.5.x Directory Traversal (1.5.0 - 1.5.8) CVE-2009-0113 CWE-22 High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.11) CVE-2011-4911 CWE-200 High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.12) CWE-200 High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.14) CWE-200 High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.15) CVE-2010-1432 CWE-200 High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.23) CVE-2011-3629 CWE-200 High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.25) CVE-2012-1599 CWE-264 High
Joomla! Core 1.5.x Multiple Cross-Site Scripting Vulnerabilities (1.5.0 - 1.5.20) CVE-2010-3712 CWE-79 High
Joomla! Core 1.5.x Multiple SQL Injection Vulnerabilities (1.5.0 - 1.5.21) CVE-2010-4166 CVE-2010-4696 CWE-89 High
Joomla! Core 1.5.x Multiple Vulnerabilities (1.5.0 - 1.5.3) CVE-2008-3225 CVE-2008-3226 CVE-2008-3227 CVE-2008-3228 CWE-16 CWE-59 CWE-264 High
Joomla! Core 1.5.x Multiple Vulnerabilities (1.5.0 - 1.5.9) CVE-2009-1279 CVE-2009-1280 CWE-79 CWE-352 High
Joomla! Core 1.5.x Open Redirect (1.5.0 - 1.5.6) CVE-2008-4104 CWE-601 High
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.13) CWE-264 High
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.14) CWE-264 High
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.15) CVE-2010-1435 CWE-264 High
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.24) CVE-2011-4321 CWE-310 High
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.25) CVE-2012-1598 CWE-264 High
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.5) CVE-2008-3681 CWE-264 High
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.6) CVE-2008-4102 CWE-330 High
Joomla! Core 1.5.x Session Fixation (1.5.0 - 1.5.15) CVE-2010-1434 CWE-384 High
Joomla! Core 1.5.x Session Hijacking (1.5.0 - 1.5.8) CVE-2008-4122 CWE-310 High
Joomla! Core 1.5.x Spam (1.5.0 - 1.5.22) CWE-20 High
Joomla! Core 1.5.x Spam (1.5.0 - 1.5.6) CVE-2008-4103 CWE-20 High
Joomla! Core 1.5.x Variable Injection (1.5.0 - 1.5.6) CVE-2008-4105 CWE-20 High
Joomla! Core 1.6.0 Multiple Vulnerabilities (1.6.0 - 1.6.0) CVE-2010-3712 CWE-79 CWE-89 CWE-200 High
Joomla! Core 1.6.0 Spam (1.6.0 - 1.6.0) CWE-20 High
Joomla! Core 1.6.x Cross-Site Scripting (1.6.0 - 1.6.3) CVE-2011-4332 CWE-79 High
Joomla! Core 1.6.x Cross-Site Scripting (1.6.0 - 1.6.5) CVE-2011-2710 CWE-79 High
Joomla! Core 1.6.x Cross-Site Scripting (1.6.0 - 1.6.6) CWE-79 High
Joomla! Core 1.6.x Cross-Site Scripting (1.6.0 - 1.6.6) CVE-2012-0820 CWE-79 High
Joomla! Core 1.6.x Cross-Site Scripting (1.6.0 - 1.6.6) CVE-2012-0822 CWE-79 High
Joomla! Core 1.6.x Cross-Site Scripting (1.6.0 - 1.6.6) CVE-2011-3595 CWE-79 High
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.3) CWE-200 High
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6) CVE-2012-0819 CWE-200 High
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6) CVE-2012-0821 CWE-200 High
Joomla! Core 1.6.x Multiple Cross-Site Scripting Vulnerabilities (1.6.0 - 1.6.3) CVE-2011-2509 CWE-79 High
Joomla! Core 1.6.x Security Bypass (1.6.0 - 1.6.3) CWE-264 High
Joomla! Core 1.6.x Security Bypass (1.6.0 - 1.6.6) CWE-330 High
Joomla! Core 1.6.x Security Bypass (1.6.0 - 1.6.6) CVE-2012-1562 CWE-264 High
Joomla! Core 1.6.x Security Bypass (1.6.0 - 1.6.6) CVE-2012-1563 CWE-264 High
Joomla! Core 1.7.0 Cross-Site Scripting (1.7.0 - 1.7.0) CWE-79 High
Joomla! Core 1.7.0 Cross-Site Scripting (1.7.0 - 1.7.0) CVE-2011-3595 CWE-79 High
Joomla! Core 1.7.0 Information Disclosure (1.7.0 - 1.7.0) CWE-200 High
Joomla! Core 1.7.x Cross-Site Scripting (1.7.0 - 1.7.2) CWE-79 High
Joomla! Core 1.7.x Cross-Site Scripting (1.7.0 - 1.7.3) CVE-2012-0822 CWE-79 High
Joomla! Core 1.7.x Cross-Site Scripting (1.7.0 - 1.7.3) CVE-2012-0820 CWE-79 High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1) CVE-2011-3629 CWE-200 High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1) CVE-2011-4937 CWE-200 High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3) CVE-2012-0819 CWE-200 High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3) CVE-2012-0821 CWE-200 High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4) CVE-2012-0835 CWE-200 High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4) CVE-2012-0837 CWE-200 High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4) CVE-2012-0836 CWE-200 High
Joomla! Core 1.7.x SQL Injection (1.7.0 - 1.7.4) CVE-2012-1116 CWE-89 High
Joomla! Core 1.7.x Security Bypass (1.7.0 - 1.7.2) CWE-330 High
Joomla! Core 1.7.x Security Bypass (1.7.0 - 1.7.5) CVE-2012-1563 CWE-264 High
Joomla! Core 1.7.x Security Bypass (1.7.0 - 1.7.5) CVE-2012-1562 CWE-264 High
Joomla! Core 2.5.0 Information Disclosure (2.5.0 - 2.5.0) CVE-2012-0835 CWE-200 High
Joomla! Core 2.5.0 Information Disclosure (2.5.0 - 2.5.0) CVE-2012-0837 CWE-200 High
Joomla! Core 2.5.x Arbitrary File Upload (2.5.0 - 2.5.13) CVE-2013-5576 CWE-434 High
Joomla! Core 2.5.x Clickjacking Vulnerability (2.5.0 - 2.5.7) CVE-2012-5827 CWE-693 High
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.1) CVE-2012-1117 CWE-79 High
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.14) CWE-79 High
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.18) CVE-2014-7982 CWE-79 High
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.3) CVE-2012-1612 CWE-79 High
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.6) CVE-2012-4532 CWE-79 High
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.6) CVE-2012-4531 CWE-79 High
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.9) CWE-79 High
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.9) CVE-2013-3267 CWE-79 High
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.9) CVE-2013-3058 CWE-79 High
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.9) CVE-2013-3059 CWE-79 High
Joomla! Core 2.5.x Denial of Service (2.5.0 - 2.5.9) CVE-2013-3242 CWE-400 High
Joomla! Core 2.5.x Denial of Service (2.5.4 - 2.5.25) CVE-2014-7229 CWE-400 High
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.3) CVE-2012-1611 CWE-200 High
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.4) CVE-2012-2748 CWE-200 High
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.8) CVE-2013-1453 CWE-200 High
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.9) CVE-2013-3057 CWE-200 High
Joomla! Core 2.5.x Remote File Inclusion (2.5.4 - 2.5.25) CVE-2014-7228 CWE-94 High
Joomla! Core 2.5.x SQL Injection (2.5.0 - 2.5.1) CVE-2012-1116 CWE-89 High
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.18) CVE-2014-7984 CWE-264 High
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.2) CVE-2012-1562 CWE-264 High
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.2) CVE-2012-1563 CWE-264 High
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.24) CVE-2014-6632 CWE-264 High
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.4) CVE-2012-2747 CWE-264 High
Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.9) CVE-2013-3056 CWE-264 High
Joomla! Core 3.0.0 Cross-Site Scripting (3.0.0 - 3.0.0) CWE-79 High
Joomla! Core 3.0.x Clickjacking Vulnerability (3.0.0 - 3.0.1) CVE-2012-5827 CWE-693 High
Joomla! Core 3.0.x Cross-Site Scripting (3.0.0 - 3.0.3) CVE-2013-3059 CWE-79 High
Joomla! Core 3.0.x Cross-Site Scripting (3.0.0 - 3.0.3) CWE-79 High
Joomla! Core 3.0.x Cross-Site Scripting (3.0.0 - 3.0.3) CVE-2013-3058 CWE-79 High
Joomla! Core 3.0.x Cross-Site Scripting (3.0.0 - 3.0.3) CVE-2013-3267 CWE-79 High
Joomla! Core 3.0.x Denial of Service (3.0.0 - 3.0.3) CVE-2013-3242 CWE-400 High
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2) CVE-2013-1455 CWE-200 High
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2) CVE-2013-1454 CWE-200 High
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2) CVE-2013-1453 CWE-200 High
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.3) CVE-2013-3057 CWE-200 High
Joomla! Core 3.0.x Security Bypass (3.0.0 - 3.0.3) CVE-2013-3056 CWE-264 High
Joomla! Core 3.2.x Cross-Site Scripting (3.2.0 - 3.2.4) CVE-2014-6631 CWE-79 High
Joomla! Core 3.3.x Cross-Site Scripting (3.3.0 - 3.3.3) CVE-2014-6631 CWE-79 High
Joomla! Core 3.3.x Denial of Service (3.3.0 - 3.3.4) CVE-2014-7229 CWE-400 High
Joomla! Core 3.3.x Remote File Inclusion (3.3.0 - 3.3.4) CVE-2014-7228 CWE-94 High
Joomla! Core 3.3.x Security Bypass (3.3.0 - 3.3.3) CVE-2014-6632 CWE-264 High
Joomla! Core 3.4.x Cross-Site Scripting (3.4.0 - 3.4.3) CVE-2015-6939 CWE-79 High
Joomla! Core 3.4.x Directory Traversal (3.4.0 - 3.4.5) CVE-2015-8564 CWE-22 High
Joomla! Core 3.x.x Arbitrary File Upload (3.0.0 - 3.1.4) CVE-2013-5576 CWE-434 High
Joomla! Core 3.x.x Cross-Site Request Forgery (3.2.0 - 3.4.1) CVE-2015-5397 CWE-352 High
Joomla! Core 3.x.x Cross-Site Request Forgery (3.2.0 - 3.4.5) CVE-2015-8563 CWE-352 High
Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.1.5) CWE-79 High
Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.2.2) CVE-2014-7982 CWE-79 High
Joomla! Core 3.x.x Cross-Site Scripting (3.1.2 - 3.2.2) CVE-2014-7983 CWE-79 High
Joomla! Core 3.x.x Denial of Service (3.0.0 - 3.2.5) CVE-2014-7229 CWE-400 High
Joomla! Core 3.x.x Directory Traversal (3.2.0 - 3.4.5) CVE-2015-8565 CWE-22 High
Joomla! Core 3.x.x Open Redirect (3.0.0 - 3.4.1) CVE-2015-5608 CWE-601 High
Joomla! Core 3.x.x Remote File Inclusion (3.0.0 - 3.2.5) CVE-2014-7228 CWE-94 High
Joomla! Core 3.x.x SQL Injection (3.0.0 - 3.4.6) CWE-89 High
Joomla! Core 3.x.x SQL Injection (3.1.0 - 3.2.2) CVE-2014-7981 CWE-89 High
Joomla! Core 3.x.x SQL Injection (3.2.0 - 3.4.4) CVE-2015-7297 CVE-2015-7857 CVE-2015-7858 CWE-89 High
Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.2.2) CVE-2014-7984 CWE-264 High
Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.2.4) CVE-2014-6632 CWE-264 High
Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.4.4) CVE-2015-7899 CWE-264 High
Joomla! Core 3.x.x Security Bypass (3.2.0 - 3.4.4) CVE-2015-7859 CWE-264 High
Joomla! Core Remote Code Execution (1.5.0 - 3.4.5) CVE-2015-8562 CWE-94 High
Joomla! JCE arbitrary file upload CWE-20 High
Joomla! JomSocial remote code execution CWE-94 High
Joomla! SQL injection vulnerability CVE-2015-7297 CVE-2015-7857 CVE-2015-7858 CWE-89 High
Joomla! component Kunena Forum multiple vulnerabilities CVE-2014-9102 CVE-2014-9103 CWE-89 High
Joomla! core remote file inclusion CVE-2014-7228.xml CWE-98 High
Joomla! remote code execution vulnerability CVE-2015-8562 CWE-94 High
Joomla! v3.2.2 SQL injection CWE-89 High
Kayako Fusion v4.51.1891 - multiple web vulnerabilities CWE-79 High
LDAP anonymous binds CWE-16 Medium
LDAP injection CWE-20 High
Liferay JSON service API authentication vulnerability CWE-287 High
Login page password-guessing attack CWE-307 Low
Long password denial of service CWE-400 High
Lotus Notes formula injection CWE-89 High
Macromedia Dreamweaver remote database scripts CVE-2004-1893 CWE-16 High
Magento Cacheleak CWE-200 High
Magento remote code execution CVE-2015-1397 CVE-2015-1398 CVE-2015-1399 CWE-94 High
Malware detected CWE-506 High
MantisBT multiple security issues CVE-2014-9571 CVE-2014-9572 CVE-2014-9573 CVE-2014-9624 CVE-2015-1042 CWE-200 High
MediaWiki SVG cross-site scripting vulnerability CWE-79 High
MediaWiki chunked uploads security issue CVE-2013-2114 CWE-434 High
MediaWiki multiple remote vulnerabilities CVE-2012-4377 CVE-2012-4378 CWE-79 High
MediaWiki remote code execution CVE-2014-1610 CWE-20 High
Mercurial repository found CWE-538 High
Microsoft ASP.NET Forms authentication bypass CVE-2011-3416 CWE-264 High
Microsoft Frontpage configuration information CWE-200 Informational
Microsoft IIS 5.1 directory authentication bypass CVE-2010-2731 CWE-287 High
Microsoft IIS Server service.cnf file found CWE-538 Low
Microsoft IIS WebDAV authentication bypass CVE-2009-1535 CWE-287 High
Microsoft IIS tilde directory enumeration CWE-20 High
Microsoft IIS version disclosure CWE-200 Informational
Microsoft IIS5 NTLM and Basic authentication bypass CVE-2007-2815 CWE-264 High
Microsoft Office possible sensitive information CWE-200 Informational
Microsoft SQL Server weak password CWE-16 High
Microsoft SQL Server weak password encryption vulnerability CVE-2000-0199 CWE-310 Medium
Microsoft SharePoint XSS spoofing vulnerability CVE-2015-2522 CWE-80 High
Minify arbitrary file disclosure CVE-2013-6619 CWE-538 High
Misfortune Cookie vulnerability CVE-2014-9222 CWE-119 High
MoinMoin CVE-2012-6081 multiple arbitrary code execution vulnerabilities CVE-2012-6081 CWE-434 High
MongoDB HTTP status interface CWE-16 Medium
MongoDB injection CWE-16 High
MovableType remote code execution CVE-2015-1592 CWE-94 High
Moveable Type 4.x unauthenticated remote command execution CVE-2013-0209 CWE-287 High
Multiple XSS vulnerabilities in Google Web Toolkit CVE-2013-4204 CWE-80 High
Multiple critical vulnerabilities in Apache Struts2 CVE-2012-0393 CWE-264 High
Multiple vulnerabilities fixed in PHP versions 5.5.12 and 5.4.28 CVE-2014-0185 CWE-16 Medium
Multiple vulnerabilities in Ioncube loader-wizard.php CWE-16 High
Multiple vulnerabilities reported in Parallels Plesk Sitebuilder CWE-94 High
MySQL 5.1 to 5.1.18 multiple vulnerabilities CVE-2007-2691 CVE-2007-2692 CVE-2007-2693 CWE-264 High
MySQL Community Server 5.0 to 5.0.45 multiple vulnerabilities CVE-2007-2691 CVE-2007-2692 CVE-2007-3780 CVE-2007-3781 CVE-2007-3782 CWE-264 Low
MySQL Community Server symlink attack vulnerability CVE-2004-0381 CVE-2004-0388 CWE-284 High
MySQL Community Server to 5.1.23 / 6.0.4 multiple vulnerabilities CVE-2007-5969 CVE-2007-5970 CVE-2007-6313 CVE-2008-0226 CVE-2008-0227 CWE-264 High
MySQL Enterprise Server v.5.0.52 multiple vulnerabilities CVE-2007-5969 CVE-2007-6303 CVE-2007-6304 CWE-264 High
MySQL Server weak password CWE-16 High
MySQL buffer overflow in user defined functions CVE-2005-2558 CWE-119 High
MySQL connection credentials CWE-538 High
MySQL database dump CWE-538 Medium
MySQL server older than 3.23.36 CVE-2001-0407 CWE-284 High
MySQL server older than 4.0.21 CVE-2004-0957 CWE-284 High
MySQL server older than 4.0.21 or 3.23.59 CVE-2004-0835 CVE-2004-0836 CVE-2004-0837 CWE-284 High
MySQL server older than 4.0.24 or 4.1.10a CVE-2005-0709 CVE-2005-0710 CVE-2005-0711 CWE-284 High
MySQL server older than 4.0.6 or 3.23.54 CVE-2002-1373 CVE-2002-1374 CVE-2002-1375 CVE-2002-1376 CWE-284 High
MySQL username disclosure CWE-538 Low
MySQL utf8 4-byte truncation CWE-16 Medium
NSS Library SSL v.2.0 remote command execution CVE-2007-0009 CWE-119 High
Nagios core config manager SQL injection vulnerability CVE-2013-6875 CWE-89 High
Nginx PHP code execution via FastCGI CWE-16 High
Nginx buffer underflow vulnerability CVE-2009-2629 CWE-119 High
Nginx memory disclosure with specially crafted HTTP backend responses CVE-2012-1180 CWE-399 High
Nginx stack-based buffer overflow CVE-2013-2028 CWE-189 High
OPTIONS method is enabled CWE-200 Low
Open SOCKS server CWE-16 Medium
Open X11 server CWE-16 High
Open proxy server CWE-16 Medium
OpenX 2.8.10 backdoor CVE-2013-4211 CWE-95 High
OpenX arbitrary file upload CVE-2009-4140 CWE-434 High
OpenX xajaxargs SQL injection vulnerability CWE-89 High
Oracle Database Listener has no password CWE-16 High
Oracle JavaServer Faces multiple vulnerabilities CVE-2013-3827 CWE-22 High
Oracle Reports rwservlet vulnerabilities CVE-2012-3152 CVE-2012-3153 CWE-20 High
Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability CVE-2011-0807 CWE-287 High
Oracle applications logs publicy available CWE-200 Medium
PHP 4.3.0 file disclosure and possible code execution CVE-2003-0097 CWE-20 Medium
PHP 5.3.9 remote code execution CVE-2012-0830 CWE-399 High
PHP HTML entity encoder heap overflow vulnerability CVE-2006-5465 CWE-119 High
PHP HTTP POST incorrect MIME header parsing vulnerability CVE-2002-0717 CWE-20 Medium
PHP Hash Collision denial of service vulnerability CVE-2011-4885 CWE-20 High
PHP POST file upload buffer overflow vulnerabilities CVE-2002-0081 CWE-119 High
PHP Safedir restriction bypass vulnerabilities CWE-20 High
PHP Zend_Hash_Del_Key_Or_Index vulnerability CVE-2006-3017 CWE-702 High
PHP allow_url_fopen enabled CWE-16 Medium
PHP allow_url_include enabled CWE-16 High
PHP code injection CWE-94 High
PHP curl_exec() url is controlled by user CVE-2009-0037 CWE-352 Medium
PHP error logging format string vulnerability CVE-2000-0967 CWE-20 Medium
PHP errors enabled CWE-16 Medium
PHP eval() used on user input CWE-95 Informational
PHP hangs on parsing particular strings as floating point number CVE-2010-4645 CWE-189 Medium
PHP mail function ASCII control character header spoofing vulnerability CVE-2002-0986 CWE-20 Medium
PHP multipart/form-data denial of service CVE-2009-4017 CWE-400 Medium
PHP multiple vulnerabilities CVE-2004-1018 CVE-2004-1019 CVE-2004-1020 CVE-2004-1063 CVE-2004-1064 CVE-2004-1065 CWE-119 High
PHP object deserialization of user-supplied data CWE-20 Medium
PHP open_basedir is not set CWE-16 Medium
PHP preg_replace used on user input CWE-20 Medium
PHP register_globals enabled CWE-16 High
PHP session.use_only_cookies disabled CWE-16 Medium
PHP session.use_trans_sid enabled CWE-16 Medium
PHP socket_iovec_alloc() integer overflow CVE-2003-0172 CWE-119 Medium
PHP super-globals-overwrite CWE-16 Medium
PHP undefined Safe_Mode_Include_Dir safemode bypass vulnerability CVE-2003-0863 CWE-16 Medium
PHP unserialize() used on user input CWE-20 Medium
PHP unspecified remote arbitrary file upload vulnerability CVE-2004-0959 CWE-20 High
PHP upload arbitrary file disclosure vulnerability CVE-2000-0860 CWE-538 Medium
PHP version older than 4.3.8 CVE-2004-0594 CVE-2004-0595 CWE-16 Medium
PHP version older than 4.4.1 CVE-2005-3388 CVE-2006-0097 CWE-16 High
PHP version older than 5.2.1 CVE-2007-1376 CVE-2007-1380 CVE-2007-1453 CVE-2007-1454 CWE-16 High
PHP version older than 5.2.3 CVE-2007-1900 CVE-2007-2756 CVE-2007-2872 CWE-16 High
PHP version older than 5.2.5 CVE-2007-4840 CVE-2007-4887 CVE-2007-5898 CVE-2007-5899 CVE-2007-5900 CWE-16 High
PHP version older than 5.2.6 CVE-2007-4850 CVE-2008-0599 CVE-2008-0674 CVE-2008-1384 CVE-2008-2050 CVE-2008-2051 CWE-16 High
PHP version older than 5.2.8 CVE-2008-2371 CVE-2008-2665 CVE-2008-2666 CVE-2008-2829 CVE-2008-3658 CVE-2008-3659 CVE-2008-3660 CWE-16 High
PHP-CGI remote code execution CVE-2012-1823 CWE-20 High
PHP-CGI remote code execution CVE-2012-1823 CVE-2012-2311 CWE-20 High
PHP-Fusion 6.00.109 SQL injection CVE-2005-4005 CWE-89 High
PHP.exe Windows CGI for Apache may let remote users view files on the server CVE-2002-2029 CWE-16 Low
PHP4 IMAP module buffer overflow vulnerability CWE-119 Medium
PHP4 multiple vulnerabilities CVE-2003-0860 CVE-2003-0861 CWE-119 Medium
PHPinfo page CWE-200 Medium
PHPinfo page found CWE-200 Medium
POP3 weak password CWE-16 High
Padding oracle attack CWE-209 High
Parallels Plesk SQL injection vulnerability CVE-2012-1557 CWE-89 High
Parallels Plesk SSO XML External Entity and Cross-site scripting CWE-611 High
Partial user controllable script source CWE-20 Medium
Password field submitted using GET method CWE-200 Medium
Password type input with auto-complete enabled CWE-200 Informational
Path Traversal in Oracle GlassFish server open source edition CWE-22 High
Plone arbitrary code execution CVE-2011-3587 CWE-78 High
Plupload cross-site scripting vulnerability CVE-2013-0237 CWE-79 High
Possible CSRF (Cross-site request forgery) Informational
Possible SQL Statement in comment CWE-200 Low
Possible cross site scripting via Host header CWE-79 High
Possible database backup CWE-538 High
Possible debug parameter found CWE-200 Medium
Possible internal IP address disclosure CWE-200 Informational
Possible relative path overwrite CWE-20 Low
Possible remote SWF inclusion CVE-2007-6244 CVE-2007-6637 CWE-79 Medium
Possible sensitive directories CWE-200 Low
Possible sensitive files CWE-200 Low
Possible server path disclosure (Unix) CWE-200 Informational
Possible server path disclosure (Windows) CWE-200 Informational
Possible social security number disclosed CWE-200 Medium
Possible username or password disclosure CWE-200 Informational
Possible virtual host found CWE-200 Low
PostgreSQL weak password CWE-16 High
PrimeFaces 5.x Expression Language injection High
Proxy accepts CONNECT requests CWE-16 High
Proxy accepts CONNECT requests to itself CWE-16 Medium
Proxy accepts POST requests CWE-16 High
Proxy can be used to connect to arbitrary ports CWE-16 High
Public key certificate CWE-200 Low
Pyramid debug mode CWE-16 Medium
Python object deserialization of user-supplied data CWE-20 Medium
RC4 cipher suites detected CVE-2013-2566 CWE-310 Medium
RSA private key CWE-200 High
Railo administration panel cross-site scripting CWE-80 High
Rails Devise authentication password reset CVE-2013-0233 CWE-287 High
Rails application running in development mode CWE-200 Medium
Rails controller possible sensitive information disclosure CWE-200 Medium
Rails mass assignment CWE-915 High
Rails remote code execution using render :inline CVE-2016-2098 CWE-94 High
Reachable SharePoint interface CWE-16 High
RealVNC remote authentication bypass CVE-2006-2369 CWE-287 High
Reflected file download CWE-20 Medium
Remote XSL inclusion CWE-20 High
Reverse proxy bypass CVE-2011-3368 CWE-20 Medium
Rlogin service running CWE-16 Low
Roundcube security updates 0.8.6 and 0.7.3 CVE-2013-1904 CWE-22 High
Rsh service running CWE-16 Low
Ruby on Rails CookieStore session cookie persistence CWE-284 Low
Ruby on Rails SQL injection CVE-2012-2695 CWE-89 High
Ruby on Rails XML processor YAML deserialization code execution CVE-2013-0156 CWE-20 High
Ruby on Rails database configuration file CWE-538 High
Ruby on Rails database connection file CWE-538 High
Ruby on Rails directory traversal vulnerability CVE-2014-0130 CWE-22 High
Ruby on Rails weak/known secret token CVE-2013-0156 CWE-200 High
SFTP/FTP credentials exposure CWE-200 High
SMB Administrator account without password CWE-16 High
SMB list shares CWE-16 Low
SMB null session CWE-16 Low
SMTP EXPN/VRFY verbs enabled CWE-16 Medium
SMTP open mail relay CWE-16 Medium
SNMP information disclosure CWE-16 Medium
SQL Injection in Symphony: CVE-2013-2559 CVE-2013-2559 CWE-89 High
SQL injection CWE-89 High
SQL injection in the authentication header CWE-89 High
SQLite database found CWE-538 Medium
SSH weak password CWE-16 High
SSL 2.0 deprecated protocol CWE-16 High
SSL certificate common name invalid CWE-295 Medium
SSL certificate invalid date CWE-298 High
SSL certificate public key less than 2048 bit CWE-310 Medium
SSL weak ciphers CWE-310 Medium
SVN repository found CWE-538 High
SWFUpload movieName cross site scripting vulnerability CVE-2012-3414 CWE-79 High
Same origin method execution (SOME) CWE-20 Medium
Same site scripting CWE-16 Medium
Script source code disclosure CWE-538 High
Security update: Hotfix available for ColdFusion CVE-2013-0625 CVE-2013-0629 CVE-2013-0631 CVE-2013-0632 CWE-255 High
Security vulnerability in MySQL/MariaDB sql/password.c CVE-2012-2122 CWE-287 High
Sensitive data not encrypted CWE-200 Low
Sensitive page could be cached CWE-200 Low
Server side request forgery CWE-918 High
Server-side JavaScript injection CWE-20 High
Server-side template injection CWE-20 High
Session Cookie scoped to parent domain CWE-16 Low
Session fixation CWE-384 High
Session token in URL CWE-200 Low
SharePoint exposed web services CWE-200 Medium
SharePoint user enumeration CWE-200 High
Slow HTTP Denial of Service Attack Medium
Slow response time CWE-400 Low
Snoop Servlet information disclosure CVE-2012-2170 CWE-200 Medium
Socks weak password CWE-16 High
Solaris in.fingerd information disclosure vulnerability CVE-2001-1503 CWE-16 High
Source code disclosure CWE-538 Medium
Spring Boot Actuator CWE-16 Medium
Struts 2 development mode CWE-16 High
Struts2/XWork remote command execution CVE-2013-1966 CVE-2013-2115 CWE-94 High
Struts2/Xwork remote command execution CVE-2010-1870 CWE-264 High
Suspicious comment CWE-200 Informational
Sybase server weak password CWE-307 High
Symfony web debug toolbar CWE-16 Medium
TCPDF arbitrary file read CWE-98 High
TLS1/SSLv3 Renegotiation Vulnerability Medium
TRACE method is enabled CWE-16 Low
TRACK method is enabled CWE-16 Low
Telnet service running CWE-16 Low
Telnet weak password CWE-307 High
The DROWN attack (SSLv2 supported) CVE-2016-0800 CWE-310 High
The FREAK attack (export cipher suites supported) CVE-2015-0204 CWE-310 Medium
The GHOST Vulnerability CVE-2015-0235 CWE-119 High
The Heartbleed Bug CVE-2014-0160 CWE-200 High
The POODLE attack (SSLv3 supported) CVE-2014-3566 CWE-16 Medium
TimThumb WebShot remote code execution CWE-94 High
TinyMCE ajax_create_folder remote code execution vulnerability CWE-94 High
Tomcat status page CWE-200 Low
ToolsPack malware plugin CWE-95 High
Tornado debug mode CWE-16 Medium
Trojan horse detected CWE-507 High
Trojan shell script CWE-507 High
Trojan shell script CWE-507 High
Typo3 core sanitizeLocalUrl() non-persistent cross-site scripting CVE-2015-5956 CWE-79 High
URL redirection CWE-601 Medium
Umbraco CMS TemplateService remote code execution CVE-2013-4793 CWE-94 High
Umbraco CMS local file inclusion CWE-98 High
Umbraco CMS remote code execution CWE-94 High
Uncontrolled format string CWE-134 High
Unencrypted __VIEWSTATE parameter CWE-200 Medium
Unfiltered header injection in Apache 1.3.34/2.0.57/2.2.1 CVE-2006-3918 CWE-79 High
Unicode transformation issues CWE-176 High
Universal Plug and Play service running CWE-287 Medium
Unprotected phpMyAdmin interface CWE-16 High
UnrealIRCd 3.2.8.1 backdoor CVE-2010-2075 CWE-20 High
Unrestricted file upload CWE-434 High
Unrestricted file upload vulnerability in ofc_upload_image.php CVE-2009-4140 CWE-434 High
Uploadify arbitrary file upload CWE-434 High
User controllable charset CWE-20 Medium
User controllable script source CWE-79 High
User controllable tag parameter CWE-79 Medium
User credentials are sent in clear text CWE-310 Medium
User-controlled form action CWE-20 Medium
VMware directory traversal and privilege escalation vulnerabilities CVE-2009-2267 CVE-2009-3733 CWE-22 High
VNC does not require authentication CWE-287 High
View state MAC disabled CWE-16 Medium
Virtual host directory listing CWE-538 Medium
VirtueMart access control bypass CWE-287 High
Vulnerabilities in SharePoint could allow elevation of privilege CVE-2012-1859 CWE-79 High
Vulnerable Javascript library CWE-16 Medium
Vulnerable project dependencies CWE-16 High
W3 total cache debug mode CWE-16 Medium
WEBrick v.1.3 directory traversal CVE-2008-1145 CWE-22 High
WS_FTP log file found CWE-538 Medium
Weak password CWE-200 High
Web Application Firewall detected CWE-16 Medium
Web server default welcome page CWE-16 Informational
WebDAV Directory with write permissions CWE-264 High
WebDAV directory listing CWE-538 Medium
WebDAV enabled CWE-16 Low
WebDAV remote code execution CWE-434 High
WebLogic Server Side Request Forgery CVE-2014-4241 CVE-2014-4210 CVE-2014-4242 CWE-918 High
WebLogic admin console weak credentials CWE-16 High
Webalizer script CWE-538 Medium
Webmail weak password CWE-200 High
Windows Terminal Services server running CWE-16 Informational
WooFramework shortcode exploit CWE-95 High
WordPress 'admin-ajax.php' SQL Injection Vulnerability (2.1.3 - 2.1.3) CVE-2007-2821 CWE-89 High
WordPress 'blog.header.php' Multiple SQL Injection Vulnerabilities (0.6.2 - 0.71) CWE-89 High
WordPress 'cat' Parameter SQL Injection Vulnerability (1.5 - 1.5.1.1) CVE-2005-1810 CWE-89 High
WordPress 'comment_post_ID' Parameter SQL Injection Vulnerability (3.0.4 - 3.0.4) CWE-89 High
WordPress 'edit.php' Cross-Site Scripting Vulnerability (1.5 - 1.5) CWE-79 High
WordPress 'get_edit_post_link()' and 'get_edit_comment_link()' Multiple Eavesdropping Vulnerabilities (0.6.2 - 2.6) CVE-2008-3747 CWE-264 High
WordPress 'index.php' Cross-Site Scripting Vulnerability (1.5 - 1.5) CWE-79 High
WordPress 'paged' Parameter SQL Injection Vulnerability (2.0.2 - 2.0.5) CVE-2006-3389 CWE-89 High
WordPress 'post.php' Cross-Site Scripting Vulnerability (1.5 - 1.5) CWE-79 High
WordPress 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities (2.0 - 2.5.1) CVE-2008-3233 CWE-79 High
WordPress 'press-this.php' Remote Security Bypass Vulnerability (0.7 - 3.1.1) CVE-2011-5270 CWE-264 High
WordPress 'swfupload.swf' Cross-Site Scripting Vulnerability (2.5 - 3.3.1) CVE-2012-3414 CWE-79 High
WordPress 'templates.php' Cross-Site Scripting Vulnerability (0.6.2 - 2.1) CVE-2007-1049 CWE-79 High
WordPress 'wp-admin/admin.php' Module Configuration Security Bypass Vulnerability (0.6.2 - 2.8) CVE-2009-2334 CWE-287 High
WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability (0.6.2 - 2.3.2) CVE-2008-5695 CWE-20 High
WordPress 'wp-db.php' Character Set SQL Injection Vulnerability (2.0 - 2.3.1) CVE-2007-6318 CWE-89 High
WordPress 'wp-login.php' HTTP Response Splitting Vulnerability (1.2 - 1.2) CVE-2004-1584 CWE-113 High
WordPress 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities (2.0 - 2.0.1) CVE-2007-5105 CVE-2007-5106 CWE-79 High
WordPress 'wp-trackback.php' SQL Injection Vulnerability (1.5 - 1.5) CVE-2005-1687 CWE-89 High
WordPress 'xmlrpc.php' Remote Security Bypass Vulnerability (3.0.1 - 3.0.2) CVE-2010-5106 CWE-264 High
WordPress 0.7 Posts SQL Injection Vulnerability (0.7 - 0.7) CVE-2003-1598 CWE-89 High
WordPress 1.5.1.2 Multiple Vulnerabilities (1.0 - 1.5.1.2) CVE-2005-2107 CVE-2005-2108 CVE-2005-2109 CVE-2005-2110 CWE-79 CWE-89 CWE-200 CWE-702 High
WordPress 2.0.1 Denial of Service Vulnerability (0.6.2 - 2.0.1 ) CWE-400 High
WordPress 2.0.2 Username Remote PHP Code Injection Vulnerability (0.6.2 - 2.0.2) CVE-2006-2667 CVE-2006-2702 CWE-94 High
WordPress 2.0.3 Multiple Unspecified Security Vulnerabilities (2.0 - 2.0.3) CVE-2006-4028 CWE-264 High
WordPress 2.0.4 Multiple Security Vulnerabilities (2.0.4 - 2.0.4) CVE-2006-5705 CVE-2006-6016 CVE-2006-6017 CWE-22 CWE-264 CWE-400 High
WordPress 2.0.5 Charset Decoding SQL Injection Vulnerability (0.6.2 - 2.0.5) CVE-2007-0107 CWE-89 High
WordPress 2.0.5 Cross-Site Scripting Vulnerability (0.6.2 - 2.0.5) CVE-2006-6808 CWE-79 High
WordPress 2.0.5 Invalid CSRF Token Cross-Site Scripting Vulnerability (0.6.2 - 2.0.5) CVE-2007-0106 CWE-79 High
WordPress 2.0.6 'Zend_Hash_Del_Key_Or_Index' SQL Injection Vulnerability (0.6.2 - 2.0.6) CVE-2007-0233 CWE-89 High
WordPress 2.0.9 Multiple Vulnerabilities (2.0 - 2.0.9) CVE-2007-1622 CVE-2007-1893 CVE-2007-1894 CVE-2007-1897 CWE-79 CWE-89 CWE-264 High
WordPress 2.1.1 Command Execution Backdoor Vulnerability (2.1.1 - 2.1.1) CVE-2007-1277 CWE-94 High
WordPress 2.1.1 Cross-Site Scripting Vulnerability (2.1.1 - 2.1.1) CVE-2007-1244 CWE-79 High
WordPress 2.1.2 Multiple Vulnerabilities (2.1 - 2.1.2) CVE-2007-1622 CVE-2007-1893 CVE-2007-1894 CVE-2007-1897 CWE-79 CWE-89 CWE-264 High
WordPress 2.2 Cross-Site Scripting Vulnerability (2.2 - 2.2) CVE-2007-3238 CWE-79 High
WordPress 2.2 Multiple Vulnerabilities (2.2 - 2.2) CVE-2007-3140 CVE-2007-3238 CVE-2007-3543 CWE-79 CWE-89 CWE-434 High
WordPress 2.2.1 Multiple Vulnerabilities (2.2.1 - 2.2.1) CVE-2007-3639 CVE-2007-4139 CVE-2007-4153 CVE-2007-4154 CWE-79 CWE-89 CWE-601 High
WordPress 2.2.2 Multiple Vulnerabilities (2.2 - 2.2.2) CVE-2007-4893 CVE-2007-4894 CVE-2008-2146 CWE-79 CWE-89 CWE-264 High
WordPress 2.3 Cross-Site Scripting Vulnerability (2.3 - 2.3) CVE-2007-5710 CWE-79 High
WordPress 2.3.1 Unauthorized Post Access Vulnerability (2.3.1 - 2.3.1) CWE-264 High
WordPress 2.3.2 Post Edit Unauthorized Access Vulnerability (0.7 - 2.3.2) CVE-2008-0664 CWE-264 High
WordPress 2.3.3 Directory Traversal Vulnerability (0.6.2 - 2.3.3) CVE-2008-4769 CWE-22 High
WordPress 2.5 Cookie Integrity Protection Unauthorized Access Vulnerability (0.6.2 - 2.5) CVE-2008-1930 CWE-287 High
WordPress 2.5 Cross-Site Scripting Vulnerability (2.5 - 2.5) CVE-2008-2068 CWE-79 High
WordPress 2.6.1 Lost Password SQL Column Truncation Unauthorized Access Vulnerability (0.71 - 2.6.1) CVE-2008-4106 CVE-2008-4107 CWE-20 High
WordPress 2.6.2 Remote Code Execution Vulnerability (0.70 - 2.6.2) CVE-2008-4796 CWE-94 High
WordPress 2.6.3 Cross-Site Scripting Vulnerability (0.6.2 - 2.6.3) CVE-2008-5278 CWE-79 High
WordPress 2.8 Multiple Existing/Non-Existing Username Enumeration Weaknesses (0.6.2 - 2.8) CVE-2009-2335 CVE-2009-2336 CWE-16 High
WordPress 2.8.1 Comment Author URI Cross-Site Scripting Vulnerability (0.6.2 - 2.8.1) CVE-2009-2851 CWE-79 High
WordPress 2.8.2 Multiple Security Bypass Vulnerabilities (2.0 - 2.8.2) CVE-2009-2853 CVE-2009-2854 CWE-264 High
WordPress 2.8.3 Admin Password Reset Security Bypass Vulnerability (0.6.2 - 2.8.3) CVE-2009-2762 CWE-255 High
WordPress 2.8.4 Denial of Service Vulnerability (0.6.2 - 2.8.4) CVE-2009-3622 CWE-310 High
WordPress 2.8.5 Multiple Vulnerabilities (2.8 - 2.8.5) CVE-2009-3890 CVE-2009-3891 CWE-79 CWE-94 High
WordPress 2.9.1 Trashed Posts Security Bypass Vulnerability (2.9 - 2.9.1) CVE-2010-0682 CWE-264 High
WordPress 3.0.1 Multiple Vulnerabilities (0.6.2 - 3.0.1) CVE-2010-4257 CVE-2010-5293 CVE-2010-5294 CVE-2010-5295 CVE-2010-5296 CWE-79 CWE-89 CWE-264 High
WordPress 3.0.3 KSES Library Cross-Site Scripting Vulnerability (0.6.2 - 3.0.3) CVE-2010-4536 CWE-79 High
WordPress 3.0.4 Multiple Vulnerabilities (0.6.2 - 3.0.4) CVE-2011-0700 CVE-2011-0701 CWE-79 CWE-200 High
WordPress 3.1 Multiple Vulnerabilities (0.7 - 3.1) CVE-2011-4956 CVE-2011-4957 CWE-79 CWE-352 CWE-400 High
WordPress 3.1.2 Multiple Vulnerabilities (3.0.1 - 3.1.2) CVE-2011-3122 CVE-2011-3125 CVE-2011-3126 CVE-2011-3127 CVE-2011-3128 CVE-2011-3129 CVE-2011-3130 CWE-89 CWE-200 CWE-264 CWE-693 High
WordPress 3.1.3 Multiple SQL Injection Vulnerabilities (3.1 - 3.1.3) CWE-89 High
WordPress 3.3 Cross-Site Scripting Vulnerability (3.3 - 3.3) CVE-2012-0287 CWE-79 High
WordPress 3.3.1 Multiple Vulnerabilities (2.0 - 3.3.1) CVE-2012-2399 CVE-2012-2400 CVE-2012-2401 CVE-2012-2402 CVE-2012-2403 CVE-2012-2404 CVE-2012-3414 CWE-79 CWE-264 CWE-352 High
WordPress 3.3.2 Multiple Vulnerabilities (3.3 - 3.3.2) CVE-2012-6633 CVE-2012-6634 CVE-2012-6635 CWE-79 CWE-200 CWE-264 CWE-352 High
WordPress 3.4 Multiple Vulnerabilities (3.4 - 3.4) CVE-2012-3384 CVE-2012-3385 CWE-79 CWE-200 CWE-264 CWE-352 High
WordPress 3.4.1 Multiple Vulnerabilities (2.0 - 3.4.1) CVE-2012-3383 CVE-2012-4421 CVE-2012-4422 CWE-79 CWE-264 High
WordPress 3.4.2 cross site request forgery CVE-2012-4448 CWE-352 Medium
WordPress 3.5 Multiple Vulnerabilities (1.5 - 3.5) CVE-2013-0235 CVE-2013-0236 CVE-2013-0237 CWE-79 CWE-918 High
WordPress 3.5.1 Multiple Vulnerabilities (2.0 - 3.5.1) CVE-2013-2173 CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 CVE-2013-2203 CVE-2013-2204 CVE-2013-2205 CWE-79 CWE-200 CWE-264 CWE-400 CWE-611 CWE-918 High
WordPress 3.6 Multiple Vulnerabilities (2.0 - 3.6) CVE-2013-4338 CVE-2013-4339 CVE-2013-4340 CVE-2013-5738 CVE-2013-5739 CWE-20 CWE-94 CWE-264 High
WordPress 3.7.1 Multiple Vulnerabilities (3.7 - 3.7.1) CVE-2014-0165 CVE-2014-0166 CWE-89 CWE-264 CWE-287 High
WordPress 3.7.3 Multiple Vulnerabilities (3.7 - 3.7.3) CVE-2014-5204 CVE-2014-5205 CVE-2014-5240 CVE-2014-5265 CVE-2014-5266 CWE-79 CWE-352 CWE-399 CWE-611 High
WordPress 3.7.4 Multiple Vulnerabilities (3.7 - 3.7.4) CVE-2014-9031 CVE-2014-9032 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039 CWE-19 CWE-79 CWE-310 CWE-352 CWE-918 High
WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.12) CVE-2016-2221 CVE-2016-2222 CWE-601 CWE-918 High
WordPress 3.8.1 Multiple Vulnerabilities (3.8 - 3.8.1) CVE-2014-0165 CVE-2014-0166 CWE-89 CWE-264 CWE-287 High
WordPress 3.8.2 security release CWE-16 High
WordPress 3.8.3 Multiple Vulnerabilities (3.8 - 3.8.3) CVE-2014-5204 CVE-2014-5205 CVE-2014-5240 CVE-2014-5265 CVE-2014-5266 CWE-79 CWE-352 CWE-399 CWE-611 High
WordPress 3.8.4 Multiple Vulnerabilities (3.8 - 3.8.4) CVE-2014-9031 CVE-2014-9032 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039 CWE-19 CWE-79 CWE-310 CWE-352 CWE-918 High
WordPress 3.8.x Cross-Site Scripting Vulnerability (3.8 - 3.8.11) CVE-2016-1564 CWE-79 High
WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.12) CVE-2016-2221 CVE-2016-2222 CWE-601 CWE-918 High
WordPress 3.9.1 Multiple Vulnerabilities (3.9 - 3.9.1) CVE-2014-5203 CVE-2014-5204 CVE-2014-5205 CVE-2014-5240 CVE-2014-5265 CVE-2014-5266 CWE-79 CWE-94 CWE-352 CWE-399 CWE-611 High
WordPress 3.9.2 Multiple Vulnerabilities (3.9 - 3.9.2) CVE-2014-9031 CVE-2014-9032 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039 CWE-19 CWE-79 CWE-310 CWE-352 CWE-918 High
WordPress 3.9.x Cross-Site Scripting Vulnerability (3.9 - 3.9.9) CVE-2016-1564 CWE-79 High
WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.10) CVE-2016-2221 CVE-2016-2222 CWE-601 CWE-918 High
WordPress 3.x persistent script injection CWE-79 High
WordPress 4.0 Multiple Vulnerabilities (4.0 - 4.0) CVE-2014-9032 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039 CWE-19 CWE-79 CWE-310 CWE-352 CWE-918 High
WordPress 4.0.x Cross-Site Scripting Vulnerability (4.0 - 4.0.8) CVE-2016-1564 CWE-79 High
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.9) CVE-2016-2221 CVE-2016-2222 CWE-601 CWE-918 High
WordPress 4.1.x Cross-Site Scripting Vulnerability (4.1 - 4.1.8) CVE-2016-1564 CWE-79 High
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.9) CVE-2016-2221 CVE-2016-2222 CWE-601 CWE-918 High
WordPress 4.2.2 Multiple Vulnerabilities (0.7 - 4.2.2) CVE-2015-5622 CVE-2015-5623 CWE-79 CWE-264 High
WordPress 4.2.3 Multiple Vulnerabilities (0.7 - 4.2.3) CVE-2015-2213 CVE-2015-5714 CVE-2015-5715 CVE-2015-5716 CVE-2015-5730 CVE-2015-5731 CVE-2015-5732 CVE-2015-5733 CVE-2015-5734 CWE-79 CWE-89 CWE-264 High
WordPress 4.2.x Cross-Site Scripting Vulnerability (4.2 - 4.2.5) CVE-2016-1564 CWE-79 High
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.6) CVE-2016-2221 CVE-2016-2222 CWE-601 CWE-918 High
WordPress 4.3 Multiple Vulnerabilities (0.7 - 4.3) CVE-2015-5714 CVE-2015-5715 CVE-2015-7989 CWE-79 CWE-264 High
WordPress 4.3.x Cross-Site Scripting Vulnerability (4.3 - 4.3.1) CVE-2016-1564 CWE-79 High
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.2) CVE-2016-2221 CVE-2016-2222 CWE-601 CWE-918 High
WordPress 4.4 Cross-Site Scripting Vulnerability (4.4 - 4.4) CVE-2016-1564 CWE-79 High
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.1) CVE-2016-2221 CVE-2016-2222 CWE-601 CWE-918 High
WordPress Anti-CSRF Token Security Bypass Weakness (3.3.1 - 3.3.1) CVE-2012-1936 CWE-352 High
WordPress Clickjacking Vulnerability (0.7 - 3.1.2) CVE-2011-3127 CWE-693 High
WordPress Comment Post Cross-Site Scripting Vulnerability (2.0 - 2.0) CVE-2006-0733 CWE-79 High
WordPress Cookie Data PHP Code Injection Vulnerability (1.5 - 1.5.1.3) CVE-2005-2612 CWE-94 High
WordPress Cookies Security Bypass Weakness (1.5 - 2.3.1) CVE-2007-6013 CWE-287 High
WordPress Cross-Site Scripting Vulnerability (0.70 - 3.7.11) CVE-2016-1564 CWE-79 High
WordPress Cross-Site Scripting Vulnerability (0.70 - 4.1.1) CVE-2015-3438 CWE-79 High
WordPress Cross-Site Scripting Vulnerability (3.0 - 3.6.1) CVE-2014-9031 CWE-79 High
WordPress Cross-Site Scripting Vulnerability (3.9 - 4.1.1) CVE-2015-3439 CWE-79 High
WordPress Cross-Site Scripting Vulnerability (3.9.3 - 4.2) CVE-2015-3440 CWE-79 High
WordPress Denial of Service Vulnerability (3.5 - 3.6.1) CVE-2014-5265 CWE-399 High
WordPress MU 'wp-admin/wpmu-blogs.php' Multiple Cross-Site Scripting Vulnerabilities (1.0 - 2.5.1) CVE-2008-4671 CWE-79 High
WordPress MU 'wp-includes/wpmu-functions.php' Cross-Site Scripting Vulnerability (1.0 - 2.6) CVE-2009-1030 CWE-79 High
WordPress MailPoet Newsletters (wysija-newsletters) unauthenticated file upload CWE-434 High
WordPress Multiple Cross-Site Scripting Vulnerabilities (1.2 - 1.2.1) CWE-79 High
WordPress Multiple Cross-Site Scripting Vulnerabilities (2.0 - 2.0.1) CVE-2006-0985 CVE-2006-1796 CWE-79 High
WordPress Multiple Cross-Site Scripting Vulnerabilities (2.0.11 - 2.3) CVE-2008-0193 CWE-79 High
WordPress Multiple Cross-Site Scripting Vulnerabilities (4.1 - 4.2.1) CVE-2015-3429 CWE-79 High
WordPress Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.2.1 - 1.2.2) CWE-79 CWE-89 High
WordPress Multiple Vulnerabilities (0.70 - 3.6.1) CVE-2016-2221 CVE-2016-2222 CWE-601 CWE-918 High
WordPress OptimizePress unrestricted file upload CVE-2013-7102 CWE-20 High
WordPress PHP Object Injection CVE-2013-4338 CWE-94 High
WordPress Pingback Source URI Denial of Service and Information Disclosure Vulnerabilities (0.6.2 - 2.1.3) CVE-2007-0540 CWE-200 CWE-400 High
WordPress Plugin 1 Flash Gallery 'upload.php' Arbitrary File Upload (1.5.7) CWE-434 High
WordPress Plugin 1 Flash Gallery Cross-Site Scripting and SQL Injection Vulnerabilities (0.2.5 ) CWE-79 CWE-89 High
WordPress Plugin 1-click Retweet/Share/Like Cross-Site Scripting (5.2) CWE-79 High
WordPress Plugin 1player Cross-Site Scripting (1.3) CWE-79 High
WordPress Plugin 2 Click Social Media Buttons 'xing-url' Parameter Cross-Site Scripting (0.32.2) CVE-2012-4273 CWE-79 High
WordPress Plugin 360 Product Viewer Cross-Site Scripting (2.5.1) CWE-79 High
WordPress Plugin 3D Banner Rotator 'upload.php' Arbitrary File Upload (2.1) CWE-434 High
WordPress Plugin 3D Flick Slideshow 'upload.php' Arbitrary File Upload (2.1) CWE-434 High
WordPress Plugin 404 to 301 SQL Injection (2.0.2) CWE-89 High
WordPress Plugin A Page Flip Book 'pageflipbook_language' Parameter Local File Include (2.3) CVE-2012-6652 CWE-22 High
WordPress Plugin A to Z Category Listing 'R' Parameter SQL Injection (1.3) CWE-89 High
WordPress Plugin A. Gallery TimThumb Arbitrary File Upload (0.9rev378511) CVE-2011-4106 CWE-20 High
WordPress Plugin A/B Test 'action' Parameter Directory Traversal (1.0.6) CWE-22 High
WordPress Plugin AB Google Map Travel (AB-MAP) Multiple Vulnerabilities (3.4) CVE-2015-2755 CWE-79 CWE-352 High
WordPress Plugin ABC Test 'id' Parameter Cross-Site Scripting (0.1) CWE-79 High
WordPress Plugin ACF Frontend display Arbitrary File Upload (2.0.5) CWE-434 High
WordPress Plugin ADIF Log Search Widget Cross-Site Scripting (1.0e) CWE-79 High
WordPress Plugin AJAX Comment Page Cross-Site Scripting (3.25) CWE-79 High
WordPress Plugin AJAX Post Search 'srch_txt' Parameter SQL Injection (1.2) CVE-2012-5853 CWE-89 High
WordPress Plugin AJAX Random Post Cross-Site Scripting (2.00) CWE-79 High
WordPress Plugin ALO EasyMail Newsletter Cross-Site Request Forgery (2.6.01) CWE-352 High
WordPress Plugin ALO EasyMail Newsletter Multiple Cross-Site Scripting Vulnerabilities (2.4.7) CWE-79 High
WordPress Plugin ALO EasyMail Newsletter Multiple Vulnerabilities (2.6.00) CWE-79 CWE-352 High
WordPress Plugin AVH Extended Categories Widgets SQL Injection (4.0.0) CWE-89 High
WordPress Plugin Absolute Privacy 'abpr_authenticateUser()' Security Bypass (2.0.5) CWE-264 High
WordPress Plugin Accept Signups 'email' Parameter Cross-Site Scripting (0.1) CWE-79 High
WordPress Plugin Acobot Live Chat & Contact Form Multiple Vulnerabilities (2.0) CVE-2015-2039 CWE-79 CWE-352 High
WordPress Plugin ActiveHelper LiveHelp Live Chat Multiple Cross-Site Scripting Vulnerabilities (3.1.0) CVE-2014-4513 CWE-79 High
WordPress Plugin Acumbamail Information Disclosure (1.0.4) CWE-200 High
WordPress Plugin Acunetix Secure WordPress Cross-Site Request Forgery (3.0.2) CWE-352 High
WordPress Plugin Acunetix WP Security Cross-Site Request Forgery (4.0.4) CWE-352 High
WordPress Plugin Ad Buttons Multiple Vulnerabilities (2.3.1) CWE-79 CWE-352 High
WordPress Plugin Ad Inserter Cross-Site Scripting (1.5.5) CWE-79 High
WordPress Plugin Ad Inserter Multiple Vulnerabilities (1.5.2) CWE-79 CWE-352 High
WordPress Plugin Ad-Manager Open Redirect (1.1.2) CVE-2014-8754 CWE-601 High
WordPress Plugin Ad-minister Cross-Site Scripting (0.6) CVE-2013-6993 CWE-79 High
WordPress Plugin AdPlugg WordPress Ad Cross-Site Scripting (1.1.33) CWE-79 High
WordPress Plugin AdRotate 'adrotate-out.php' SQL Injection (3.6.6) CVE-2011-4671 CWE-89 High
WordPress Plugin AdRotate 'title' Parameter Multiple Cross-Site Scripting Vulnerabilities (3.7.3.5) CWE-79 High
WordPress Plugin AdRotate 'track' Parameter SQL Injection (3.6.5) CVE-2011-4671 CWE-89 High
WordPress Plugin AdRotate SQL Injection (3.9.4) CVE-2014-1854 CWE-89 High
WordPress Plugin AdServe 'id' Parameter SQL Injection (0.2) CVE-2008-0507 CWE-89 High
WordPress Plugin AdWizz 'link' Parameter Cross-Site Scripting (1.0) CWE-79 High
WordPress Plugin Adavnced Video embed Local File Inclusion (1.0) CWE-22 High
WordPress Plugin Add Link to Facebook Cross-Site Scripting (2.2.7) CWE-79 High
WordPress Plugin Add Link to Facebook Multiple Cross-Site Scripting Vulnerabilities (1.215) CWE-79 High
WordPress Plugin AddThis Sharing Buttons Cross-Site Scripting (4.0.7) CWE-79 High
WordPress Plugin AddThis Sharing Buttons Cross-Site Scripting (5.0.12) CWE-79 High
WordPress Plugin AddToAny Share Buttons Cross-Site Scripting (1.6.6) CWE-79 High
WordPress Plugin Admin Font Editor Cross-Site Scripting (1.8) CWE-79 High
WordPress Plugin Admin Management Xtended Privilege Escalation (2.4.0) CWE-264 High
WordPress Plugin Admin Pack by SITE CASEIRO Cross-Site Scripting (1.1) CWE-79 High
WordPress Plugin Adminer Cross-Site Scripting (1.4.2) CWE-79 High
WordPress Plugin Adminimize 'page' Parameter Cross-Site Scripting (1.7.21) CVE-2011-4926 CWE-79 High
WordPress Plugin Ads in bottom right Multiple Vulnerabilities (1.0) CWE-79 CWE-352 High
WordPress Plugin Adsense Extreme 'adsensextreme[lang]' Parameter Remote File Include (1.0.3) CWE-94 High
WordPress Plugin Advance Categorizer Cross-Site Scripting (0.3) CWE-79 High
WordPress Plugin Advanced Access Manager Arbitrary Code Execution (2.8.2) CVE-2014-6059 CWE-95 High
WordPress Plugin Advanced Custom Fields 'acf_abspath' Parameter Remote File Include (3.5.1) CWE-94 High
WordPress Plugin Advanced Custom Fields Cross-Site Scripting (4.4.3) CWE-79 High
WordPress Plugin Advanced Dewplayer Directory Traversal (1.2) CVE-2013-7240 CWE-22 High
WordPress Plugin Advanced Text Widget 'page' Parameter Cross-Site Scripting (2.0.0) CVE-2011-4618 CWE-79 High
WordPress Plugin Advanced XML Reader XML External Entity Information Disclosure (0.3.4) CWE-611 High
WordPress Plugin Advanced post slider Unspecified Vulnerability (2.4.0) High
WordPress Plugin Advertisement Management Multiple Vulnerabilities (1.0) CWE-79 CWE-352 High
WordPress Plugin Advertizer 'id' Parameter SQL Injection (1.0) CWE-89 High
WordPress Plugin Aesop Story Engine Cross-Site Scripting (1.6) CWE-79 High
WordPress Plugin AffiliateWP SQL Injection (1.5.6) CWE-89 High
WordPress Plugin Age Verification 'redirect_to' Parameter URI Redirection (0.4) CVE-2012-6499 CWE-20 High
WordPress Plugin Ajax Calendar 'example.php' Cross-Site Scripting (1.0) CWE-79 High
WordPress Plugin Ajax Category Dropdown Cross-Site Scripting and SQL Injection Vulnerabilities (0.1.5) CWE-79 CWE-89 High
WordPress Plugin Ajax Gallery 'list.php' SQL Injection (3.0) CWE-89 High
WordPress Plugin Ajax Load More Arbitrary File Upload (2.8.1.1) CWE-434 High
WordPress Plugin Ajax Multi Upload 'upload.php' Arbitrary File Upload (1.1) CWE-434 High
WordPress Plugin Ajax Pagination (twitter Style) Local File Inclusion (1.1) CVE-2014-2674 CWE-22 High
WordPress Plugin Ajax Search Lite Remote Command Execution (3.1) CWE-95 High
WordPress Plugin Ajax Search Lite Security Bypass (3.1) CWE-264 High
WordPress Plugin Ajax Search Pro Security Bypass (3.5) CWE-264 High
WordPress Plugin Ajax Store Locator Directory Traversal (1.2.0) CWE-22 High
WordPress Plugin Ajax Store Locator SQL Injection (1.2.0) CWE-89 High
WordPress Plugin Akeeba Backup CORE for WordPress Arbitrary File Upload (1.1.3) CVE-2014-7228 CWE-310 High
WordPress Plugin Akismet Cross-Site Scripting (3.1.4) CWE-79 High
WordPress Plugin Albo Pretorio On line Multiple Vulnerabilities (3.2) CWE-79 CWE-89 CWE-352 High
WordPress Plugin Alert Before Your Post Cross-Site Scripting (0.1.1) CVE-2011-5107 CWE-79 High
WordPress Plugin AlertWire Information Disclosure (1.1.1) CWE-200 High
WordPress Plugin All In One WP Security & Firewall Cross-Site Request Forgery (3.8.9) CVE-2015-0895 CWE-352 High
WordPress Plugin All In One WP Security & Firewall Cross-Site Scripting (3.8.3) CWE-79 High
WordPress Plugin All In One WP Security & Firewall Cross-Site Scripting (3.9.4) CWE-79 High
WordPress Plugin All In One WP Security & Firewall Cross-Site Scripting (3.9.7) CWE-79 High
WordPress Plugin All In One WP Security & Firewall Multiple SQL Injection Vulnerabilities (3.8.2) CVE-2014-6242 CWE-89 High
WordPress Plugin All In One WP Security & Firewall SQL Injection (3.8.7) CVE-2015-0894 CWE-89 High
WordPress Plugin All In One WP Security & Firewall SQL Injection (3.9.0) CWE-89 High
WordPress Plugin All Video Gallery 'vid' Parameter Multiple SQL Injection Vulnerabilities (1.1) CVE-2012-6653 CWE-89 High
WordPress Plugin All Video Gallery SQL Injection (1.2) CVE-2014-5186 CWE-89 High
WordPress Plugin All in One SEO Pack Cross-Site Scripting (2.0.3) CWE-79 High
WordPress Plugin All in One SEO Pack Cross-Site Scripting (2.2.2) CWE-79 High
WordPress Plugin All in One SEO Pack Cross-Site Scripting (2.2.6.1) CWE-79 High
WordPress Plugin All in One SEO Pack Information Disclosure (2.2.5.1) CVE-2015-0902 CWE-200 High
WordPress Plugin All in One SEO Pack Multiple Vulnerabilities (2.1.5) CWE-79 CWE-287 High
WordPress Plugin All in One Social Lite Server-Side Request Forgery (1.0) CWE-918 High
WordPress Plugin All in One Webmaster Cross-Site Request Forgery (8.2.3) CVE-2013-2696 CWE-352 High
WordPress Plugin All-in-One Event Calendar Multiple Cross-Site Scripting Vulnerabilities (1.5) CVE-2012-1835 CWE-79 High
WordPress Plugin All-in-One Event Calendar Multiple Vulnerabilities (1.10-standard) CWE-79 CWE-89 High
WordPress Plugin All-in-One Event Calendar Multiple Vulnerabilities (1.9) CWE-79 CWE-89 High
WordPress Plugin All-in-One WP Migration Remote Code Execution (2.0.2) CVE-2014-8794 CWE-94 High
WordPress Plugin All-in-One WP Migration Security Bypass (2.0.4) CWE-264 High
WordPress Plugin AllWebMenus WordPress Menu 'abspath' Parameter Remote File Include (1.1.3) CVE-2011-3981 CWE-94 High
WordPress Plugin AllWebMenus WordPress Menu 'actions.php' Arbitrary File Upload (1.1.8) CVE-2012-1010 CVE-2012-1011 CWE-264 High
WordPress Plugin Allow PHP in Posts and Pages 'id' Parameter SQL Injection (2.0.0.RC1) CWE-89 High
WordPress Plugin Alpine PhotoTile for Instagram Cross-Site Scripting (1.2.6.5) CWE-79 High
WordPress Plugin Alpine PhotoTile for Instagram Cross-Site Scripting (1.2.7.4) CWE-79 High
WordPress Plugin Alpine PhotoTile for Instagram Cross-Site Scripting (1.2.7.5) CWE-79 High
WordPress Plugin Altos Connect Widget Cross-Site Scripting (1.3.0) CWE-79 High
WordPress Plugin Amazon Product in a Post SQL Injection (3.5.2) CWE-89 High
WordPress Plugin Animal Captcha Cross-Site Scripting (1.6.2) CWE-79 High
WordPress Plugin Annonces 'abspath' Parameter Remote File Include (1.2.0.0) CWE-94 High
WordPress Plugin Annonces 'theme.php' Arbitrary File Upload (1.2.0.1) CWE-434 High
WordPress Plugin Another WordPress Classifieds Arbitrary File Upload (3.3.2) CWE-434 High
WordPress Plugin Another WordPress Classifieds Cross-Site Scripting (3.3.1) CVE-2014-9313 CWE-79 High
WordPress Plugin Another WordPress Classifieds Multiple Vulnerabilities (2.2.1) CVE-2014-10012 CVE-2014-10013 CWE-79 CWE-89 High
WordPress Plugin Another WordPress Classifieds Unspecified Vulnerability (1.8.9.4) CVE-2012-4874 High
WordPress Plugin Answer My Question Multiple Cross-Site Scripting Vulnerabilities (1.1) CWE-79 High
WordPress Plugin Anti Plagiarism Cross-Site Scripting (3.60) CWE-79 High
WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (4.15.42) CWE-79 High
WordPress Plugin Anti-Malware and Brute-Force Security by ELI Cross-Site Scripting (1.2.05.20) CWE-79 High
WordPress Plugin Anti-Malware and Brute-Force Security by ELI Cross-Site Scripting (4.15.22) CWE-79 High
WordPress Plugin Anti-Malware and Brute-Force Security by ELI Multiple Cross-Site Scripting Vulnerabilities (4.15.17) CWE-79 High
WordPress Plugin Anti-Spam by CleanTalk-No Captcha, no comments & registrations spam Cross-Site Scripting (5.21) CWE-79 High
WordPress Plugin Anti-spam Cross-Site Scripting (4.1) CWE-79 High
WordPress Plugin AnyFont Cross-Site Scripting (2.2.3) CVE-2014-4515 CWE-79 High
WordPress Plugin AppPresser-Mobile App Framework Cross-Site Scripting (1.1.4) CWE-79 High
WordPress Plugin Appointment Booking Calendar Multiple Vulnerabilities (1.1.24) CWE-79 CWE-89 CWE-264 High
WordPress Plugin Appointment Booking Calendar Multiple Vulnerabilities (1.1.7) CVE-2015-7319 CVE-2015-7320 CWE-79 CWE-89 High
WordPress Plugin Appointment Booking Calendar SQL Injection (1.1.23) CWE-89 High
WordPress Plugin Appointments Scheduler Cross-Site Scripting (1.5) CVE-2014-4579 CWE-79 High
WordPress Plugin April's Super Functions Pack Cross-Site Scripting (1.4.7) CVE-2014-100026 CWE-79 High
WordPress Plugin ArcadePress 'upload.php' Arbitrary File Upload (0.65) CWE-434 High
WordPress Plugin AskApache Firefox Adsense Cross-Site Request Forgery (3.0) CVE-2013-6992 CWE-352 High
WordPress Plugin Aspose Cloud eBook Generator Arbitrary File Download (1.0) CWE-22 High
WordPress Plugin Aspose DOC Exporter Arbitrary File Download (1.0) CWE-22 High
WordPress Plugin Aspose Importer & Exporter Arbitrary File Download (2.0) CWE-22 High
WordPress Plugin Aspose PDF Exporter Arbitrary File Download (1.0) CWE-22 High
WordPress Plugin Asset Manager 'upload.php' Arbitrary File Upload (0.3) CWE-434 High
WordPress Plugin Auction Cross-Site Request Forgery (1.0.0) CWE-352 High
WordPress Plugin Auctions 'upload.php' Arbitrary File Upload (2.0.1.3) CWE-434 High
WordPress Plugin Audio 'showfile' Parameter Cross-Site Scripting (0.5.1) CWE-79 High
WordPress Plugin Audio Player Cross-Site Scripting (2.0.4.5) CVE-2013-1464 CWE-79 High
WordPress Plugin Audit Trail Cross-Site Scripting (1.1.13) CWE-79 High
WordPress Plugin Author Manager Multiple Vulnerabilities (1.0) CWE-79 CWE-352 High
WordPress Plugin Authorize.net Payment Gateway For WooCommerce Security Bypass (2.0) CWE-264 High
WordPress Plugin Auto Affiliate Links Multiple SQL Injection Vulnerabilities (4.9.9.4) CWE-89 High
WordPress Plugin Auto Attachments TimThumb Arbitrary File Upload (0.3) CVE-2011-4106 CWE-20 High
WordPress Plugin Auto ThickBox Plus Cross-Site Scripting (1.9) CWE-79 High
WordPress Plugin Automatic 'q' Parameter SQL Injection (2.0.3) CWE-89 High
WordPress Plugin Automatic Online Backup 'url' Parameter Cross-Site Scripting (0.8.2) CWE-79 High
WordPress Plugin Automattic Stats Referer Field HTML Injection (1.0) CWE-79 High
WordPress Plugin Avenir-soft Direct Download Multiple Vulnerabilities (1.0) CWE-79 CWE-352 High
WordPress Plugin Aviary Image Editor Add-on For Gravity Forms Arbitrary File Upload (3.0) CVE-2015-4455 CWE-434 High
WordPress Plugin Awesome Filterable Portfolio Multiple SQL Injection Vulnerabilities (1.8.6) CWE-89 High
WordPress Plugin BIC Media Widget Cross-Site Scripting (1.0) CVE-2014-4516 CWE-79 High
WordPress Plugin BJ Lazy Load Remote Code Execution (0.7.5) CWE-94 High
WordPress Plugin BP Code Snippets Cross-Site Scripting (2.0) CVE-2013-1808 CWE-79 High
WordPress Plugin BP Group Documents Multiple Vulnerabilities (1.2.1) CWE-22 CWE-79 CWE-352 High
WordPress Plugin BSK PDF Manager Multiple Cross-Site Scripting Vulnerabilities (1.3) CWE-79 High
WordPress Plugin BSK PDF Manager Multiple SQL Injection Vulnerabilities (1.3.2) CVE-2014-4944 CWE-89 High
WordPress Plugin BackUpWordPress Remote File Inclusion (0.4.2b) CVE-2007-5800 CWE-94 High
WordPress Plugin BackWPup 'wp_export_generate.php' Local and Remote File Include Vulnerabilities (2.1.4) CWE-94 High
WordPress Plugin BackWPup Free Cross-Site Scripting (3.0.12) CVE-2013-4626 CWE-79 High
WordPress Plugin BackWPup Free Remote and Local Code Execution (1.6.1) CVE-2011-4342 CVE-2011-5208 CWE-22 CWE-94 High
WordPress Plugin BackWPup Free-WordPress Backup Multiple Local File Include Vulnerabilities (1.5.2) CWE-22 High
WordPress Plugin BackWPup Free-WordPress Backup Multiple Unspecified Vulnerabilities (3.2.1) High
WordPress Plugin Backend Localization Multiple Cross-Site Scripting Vulnerabilities (1.6.1) CWE-79 High
WordPress Plugin Background Music Cross-Site Scripting (1.0) CVE-2013-1942 CWE-79 High
WordPress Plugin Backup Database Backup Information Disclosure (2.0.1) CWE-538 High
WordPress Plugin Backup Guard Arbitrary File Upload (1.0.2) CWE-434 High
WordPress Plugin BackupBuddy Information Disclosure (2.2.28) CVE-2013-2743 CVE-2013-2744 CWE-200 High
WordPress Plugin Bad Behavior Multiple Cross-Site Scripting Vulnerabilities (2.2.4) CVE-2012-4271 CWE-79 High
WordPress Plugin Banner Effect Header Cross-Site Request Forgery (1.2.6) CVE-2015-0920 CWE-352 High
WordPress Plugin Banner Effect Header Cross-Site Scripting (1.2.7) CVE-2015-1384 CWE-79 High
WordPress Plugin BannerMan Cross-Site Scripting (0.2.4) CVE-2014-4845 CWE-79 High
WordPress Plugin Basic Google Maps Placemarks Cross-Site Scripting (1.10.2) CWE-79 High
WordPress Plugin Beaver Builder-WordPress Page Builder Security Bypass (1.7) CWE-264 High
WordPress Plugin Beer Recipes Cross-Site Scripting (1.0) CWE-79 High
WordPress Plugin Better Search Replace Multiple Unspecified Vulnerabilities (1.0.3) High
WordPress Plugin Better WordPress Minify Arbitrary File Disclosure (1.2.2) CWE-538 High
WordPress Plugin BezahlCode-Generator 'gen_name' Parameter Cross-Site Scripting (1.0) CWE-79 High
WordPress Plugin Bilingual Linker Cross-Site Scripting (2.1.1) CWE-79 High
WordPress Plugin Bird Feeder Multiple Vulnerabilities (1.2.3) CVE-2014-9334 CWE-79 CWE-352 High
WordPress Plugin Blaze Slideshow 'upload.php' Arbitrary File Upload (2.4) CWE-434 High
WordPress Plugin Bliss Gallery 'upload.php' Arbitrary File Upload (2.1) CWE-434 High
WordPress Plugin Blogroll Fun-Show Last Post and Last Update Time Cross-Site Scripting (0.8.4) CWE-79 High
WordPress Plugin Blogstand Banner Cross-Site Scripting (1.0) CVE-2014-4848 CWE-79 High
WordPress Plugin Bloom eMail Opt-In Security Bypass (1.1) CWE-264 High
WordPress Plugin Blubrry PowerPress Podcasting Cross-Site Scripting (6.0) CVE-2015-1385 CWE-79 High
WordPress Plugin Blubrry PowerPress Podcasting Cross-Site Scripting (6.0.4) CWE-79 High
WordPress Plugin Blubrry PowerPress Podcasting SQL Injection (6.0.2) CWE-89 High
WordPress Plugin Blue Wrench Video Widget Cross-Site Request Forgery (1.0.5) CVE-2013-6797 CWE-352 High
WordPress Plugin BookX Local File Inclusion (1.7) CVE-2014-4937 CWE-22 High
WordPress Plugin Booking Calendar Contact Form Multiple Vulnerabilities (1.0.2) CWE-79 CWE-89 High
WordPress Plugin Booking Calendar Contact Form Multiple Vulnerabilities (1.0.23) CWE-79 CWE-89 High
WordPress Plugin Booking Calendar Cross-Site Request Forgery (4.1.5) CWE-352 High
WordPress Plugin Bookings Cross-Site Scripting (1.8.2) CWE-79 High
WordPress Plugin Bookmarkify Multiple Vulnerabilities (2.9.2) CWE-79 CWE-352 High
WordPress Plugin Bookshelf Cross-Site Scripting (2.0.4) CWE-79 High
WordPress Plugin Brandfolder-Digital Asset Management Simplified Local/Remote File Inclusion (3.0) CWE-98 High
WordPress Plugin Breezing Forms Cross-Site Scripting (1.2.7.33) CWE-79 High
WordPress Plugin Breezing Forms SQL Injection (1.2.7.30) CWE-89 High
WordPress Plugin Broken Link Checker Cross-Site Scripting (1.10.1) CWE-79 High
WordPress Plugin Broken Link Checker Cross-Site Scripting (1.10.4) CWE-79 High
WordPress Plugin Broken Link Checker Cross-Site Scripting (1.10.5) CWE-79 High
WordPress Plugin Broken Link Checker Cross-Site Scripting (1.10.8) CVE-2015-5057 CWE-79 High
WordPress Plugin Broken Link Checker Multiple Cross-Site Scripting Vulnerabilities (1.9.1) CWE-79 High
WordPress Plugin Broken Link Checker Unspecified Vulnerability (1.10.7) High
WordPress Plugin Broken Link Manager Cross-Site Scripting (0.5.5) CWE-79 High
WordPress Plugin Broken Link Manager Multiple Vulnerabilities (0.4.5) CWE-79 CWE-89 High
WordPress Plugin Browser Rejector Remote File Inclusion (2.10) CWE-94 High
WordPress Plugin Brute Force Login Protection Unspecified Vulnerability (1.5) High
WordPress Plugin Buckets Cross-Site Scripting (0.1.9.2) CVE-2013-1808 CWE-79 High
WordPress Plugin BuddyDrive Cross-Site Scripting (1.2.2) CWE-79 High
WordPress Plugin BuddyPress 'page' Parameter SQL Injection (1.5.4) CVE-2012-2109 CWE-89 High
WordPress Plugin BuddyPress Activity Plus Cross-Site Scripting (1.6.3) CWE-79 High
WordPress Plugin BuddyPress Activity Plus Multiple Vulnerabilities (1.6.1) CWE-73 CWE-352 High
WordPress Plugin BuddyPress Cross-Site Scripting (2.2.2.1) CWE-79 High
WordPress Plugin BuddyPress Extended Friendship Request Cross-Site Scripting (1.0.1) CVE-2013-4944 CWE-79 High
WordPress Plugin BuddyPress Multiple SQL Injection Vulnerabilities (1.7.1) CWE-89 High
WordPress Plugin BuddyPress Multiple Vulnerabilities (1.9.1) CVE-2014-1888 CVE-2014-1889 CWE-79 CWE-264 High
WordPress Plugin BuddyPress PHP Object Injection (2.0.2) CWE-915 High
WordPress Plugin BuddyPress Security Bypass (2.3.4) CWE-264 High
WordPress Plugin BuddyStream Multiple Cross-Site Scripting Vulnerabilities (2.6.2) CWE-79 High
WordPress Plugin Bulk Delete Privilege Escalation (5.5.3) CWE-264 High
WordPress Plugin Bulk Delete Users by Email Cross-Site Request Forgery (1.0) CWE-352 High
WordPress Plugin BulletProof Security Cross-Site Scripting (.47) CVE-2012-4268 CWE-79 High
WordPress Plugin BulletProof Security Cross-Site Scripting (.50.9) CWE-79 High
WordPress Plugin BulletProof Security Cross-Site Scripting (.52.4) CWE-79 High
WordPress Plugin BulletProof Security Multiple Cross-Site Scripting Vulnerabilities (.48.9) CVE-2013-3487 CWE-79 High
WordPress Plugin BulletProof Security Multiple Cross-Site Scripting Vulnerabilities (.53.2) CWE-79 High
WordPress Plugin BulletProof Security Multiple Vulnerabilities (.51) CVE-2014-7958 CVE-2014-7959 CVE-2014-8749 CWE-79 CWE-89 CWE-918 High
WordPress Plugin CAC Featured Content TimThumb Arbitrary File Upload (0.8) CVE-2011-4106 CWE-20 High
WordPress Plugin CAPTCHA in Thai Multiple Cross-Site Scripting Vulnerabilities (1.1) CWE-79 High
WordPress Plugin CBI Referral Manager Cross-Site Scripting (1.2.1) CVE-2014-4517 CWE-79 High
WordPress Plugin CIP4 Folder Download Widget Local File Inclusion (1.10) CWE-22 High
WordPress Plugin CKEditor for WordPress Cross-Site Scripting (4.5.3) CWE-79 High
WordPress Plugin CM Ad Changer Multiple Cross-Site Scripting Vulnerabilities (1.7.2) CWE-79 High
WordPress Plugin CM Download Manager Code Injection (2.0.3) CVE-2014-8877 CWE-95 High
WordPress Plugin CM Download Manager Multiple Vulnerabilities (2.0.6) CVE-2014-9129 CWE-79 CWE-352 High
WordPress Plugin CM Tooltip Glossary Cross-Site Scripting (3.3.4) CWE-79 High
WordPress Plugin CMS Tree Page View 'cms_tpv_view' Parameter Cross-Site Scripting (0.8.8) CVE-2012-1834 CWE-79 High
WordPress Plugin CMS Tree Page View Cross-Site Request Forgery (1.2.4) CWE-352 High
WordPress Plugin CMS Tree Page View Cross-Site Scripting (1.2.31) CWE-79 High
WordPress Plugin CONTUS VBLOG-Video Blogging 'save.php' Arbitrary File Upload (1.0) CWE-434 High
WordPress Plugin CP Contact Form with Paypal Multiple Vulnerabilities (1.1.5) CWE-79 CWE-89 CWE-352 High
WordPress Plugin CP Image Store with Slideshow Arbitrary File Download (1.0.5) CWE-22 High
WordPress Plugin CP Multi View Event Calendar Multiple SQL Injection Vulnerabilities (1.1.7) CWE-89 High
WordPress Plugin CP Multi View Event Calendar Multiple Vulnerabilities (1.1.4) CWE-79 CWE-89 High
WordPress Plugin CP Multi View Event Calendar SQL Injection (1.01) CVE-2014-8586 CWE-89 High
WordPress Plugin CP Polls Multiple Vulnerabilities (1.0.8) CWE-79 CWE-352 High
WordPress Plugin CP Reservation Calendar SQL Injection (1.1.6) CVE-2015-7235 CWE-89 High
WordPress Plugin CSS Plus Multiple Unspecified Vulnerabilities (1.3.1) High
WordPress Plugin CSV Import Cross-Site Scripting (1.0) CWE-79 High
WordPress Plugin CSV Importer Multiple Unspecified Vulnerabilities (0.3.7) High
WordPress Plugin Calculated Fields Form Cross-Site Scripting (1.0.81) CWE-79 High
WordPress Plugin Calculated Fields Form Multiple SQL Injection Vulnerabilities (1.0.10) CWE-89 High
WordPress Plugin Calendar Cross-Site Request Forgery (1.3.2) CVE-2013-2698 CWE-352 High
WordPress Plugin Calendar Multiple Cross-Site Scripting Vulnerabilities (1.2.1) CWE-79 High
WordPress Plugin Candidate Application Form Arbitrary File Download (1.0) CWE-22 High
WordPress Plugin Captain Slider Cross-Site Scripting (1.0.6) CWE-79 High
WordPress Plugin Captcha by BestWebSoft Multiple Cross-Site Scripting Vulnerabilities (4.0.2) CWE-79 High
WordPress Plugin Captcha by BestWebSoft Multiple Cross-Site Scripting Vulnerabilities (4.1.5) CWE-79 High
WordPress Plugin Captcha by BestWebSoft SQL Injection (4.1.4) CWE-89 High
WordPress Plugin Captcha by BestWebSoft SQL Injection (4.1.7) CWE-89 High
WordPress Plugin Captcha by BestWebSoft Security Bypass (3.8.7) CWE-284 High
WordPress Plugin Captcha by BestWebSoft Security Bypass (4.0.6) CVE-2014-9283 CWE-254 High
WordPress Plugin Car Demon Multiple Cross-Site Scripting Vulnerabilities (1.0.1) CWE-79 High
WordPress Plugin Car Rental System SQL Injection (3.0) CWE-89 High
WordPress Plugin Carousel slideshow 'swfupload.swf' Cross-Site Scripting (3.10) CVE-2012-3414 CWE-79 High
WordPress Plugin Carousel slideshow 'upload.php' Arbitrary File Upload (3.9) CWE-434 High
WordPress Plugin Cart66 Lite::WordPress Ecommerce Cross-Site Scripting (1.5.4) CWE-79 High
WordPress Plugin Cart66 Lite::WordPress Ecommerce Multiple Vulnerabilities (1.5.1.14) CVE-2013-5977 CVE-2013-5978 CWE-79 CWE-352 High
WordPress Plugin Cart66 Lite::WordPress Ecommerce Multiple Vulnerabilities (1.5.3) CVE-2014-9442 CWE-89 CWE-264 High
WordPress Plugin Cart66 Lite::WordPress Ecommerce SQL Injection (1.5.1.17) CVE-2014-9305 CWE-89 High
WordPress Plugin Cart66 Pro Arbitrary File Disclosure (1.5.3) CVE-2014-9461 CWE-22 High
WordPress Plugin CataBlog 'category' Parameter Cross-Site Scripting (1.6.2) CWE-79 High
WordPress Plugin Category Grid View Gallery Cross-Site Scripting (2.3.3) CVE-2013-4117 CWE-79 High
WordPress Plugin Category Grid View Gallery TimThumb Arbitrary File Upload (0.1.1) CVE-2011-4106 CWE-20 High
WordPress Plugin Category List Portfolio Page TimThumb Arbitrary File Upload (1.2.3) CVE-2011-4106 CWE-20 High
WordPress Plugin Category Order and Taxonomy Terms Order Cross-Site Scripting (1.4.6) CWE-79 High
WordPress Plugin Category and Page Icons Multiple Vulnerabilities (0.9.1) CWE-73 CWE-434 High
WordPress Plugin Ceceppa Multilingua Unspecified Vulnerability (1.5.3) High
WordPress Plugin CevherShare 'cevhershare-admin.php' SQL Injection (2.0) CWE-89 High
WordPress Plugin Chat Cross-Site Scripting (1.0.8) CWE-79 High
WordPress Plugin ChenPress Arbitrary File Upload (3.0) CWE-434 High
WordPress Plugin Chief Editor Multiple Vulnerabilities (3.7.1) CWE-79 CWE-352 High
WordPress Plugin Child Theme Configurator Arbitrary File Disclosure (1.7.4) CWE-538 High
WordPress Plugin Child Theme Creator by Orbisius Arbitrary File Modification (1.2.6) CWE-88 High
WordPress Plugin Cimy Counter HTTP Response Splitting and Cross-Site Scripting Vulnerabilities (0.9.4) CWE-79 CWE-113 High
WordPress Plugin Cimy User Extra Fields Arbitrary File Upload (2.3.7) CWE-434 High
WordPress Plugin Cimy User Extra Fields Denial of Service (2.6.3) CWE-400 High
WordPress Plugin Cimy User Manager 'cimy_um_filename' Parameter Arbitrary File Disclosure (1.4.2) CWE-22 High
WordPress Plugin Citizen Space Cross-Site Scripting (1.0) CWE-79 High
WordPress Plugin Citizen Space Cross-Site Scripting (1.1) CWE-79 High
WordPress Plugin Claptastic Clap! Button Multiple Cross-Site Scripting Vulnerabilities (1.3) CWE-79 High
WordPress Plugin Cleeng-Sell your videos Cross-Site Scripting (2.3.2) CVE-2013-1808 CWE-79 High
WordPress Plugin Click to Copy Grab Box Multiple Cross-Site Scripting Vulnerabilities (0.1.1) CVE-2013-1808 CWE-79 High
WordPress Plugin ClickBank Affiliate Ads Multiple Vulnerabilities (1.7) CWE-79 CWE-352 High
WordPress Plugin ClickDesk Live Support-Live Chat-Help Desk 'cdwidgetid' Parameter Cross-Site Scripting (2.0) CVE-2011-5181 CWE-79 High
WordPress Plugin ClickDesk Live Support-Live Chat-Help Desk Cross-Site Scripting (4.2) CWE-79 High
WordPress Plugin ClickSold IDX Cross-Site Scripting (1.48) CWE-79 High
WordPress Plugin Clik stats Open Redirect (0.8) CWE-601 High
WordPress Plugin Clipta Video Informer Cross-Site Scripting (1.0) CWE-79 High
WordPress Plugin CloudFlare Multiple Cross-Site Scripting Vulnerabilities (1.3.20) CWE-79 High
WordPress Plugin CloudFlare Multiple Unspecified Vulnerabilities (1.1.6) High
WordPress Plugin Cms Pack TimThumb Arbitrary File Upload (1.3) CVE-2011-4106 CWE-20 High
WordPress Plugin Code Embed 'suffix' Parameter Cross-Site Scripting (2.0.1) CWE-79 High
WordPress Plugin Code Insert Manager (Q2W3 Inc Manager) ZeroClipboard Cross-Site Scripting (2.3.1) CVE-2013-1808 CWE-79 High
WordPress Plugin CodeArt-Google MP3 Player Arbitrary File Disclosure (1.0.11) CWE-538 High
WordPress Plugin Codestyling Localization 'name' Parameter Cross-Site Scripting (1.99.19) CWE-79 High
WordPress Plugin Codestyling Localization Multiple Vulnerabilities (1.99.30) CVE-2015-4179 CWE-79 CWE-95 CWE-352 High
WordPress Plugin Collapse-O-Matic Cross-Site Scripting (1.6.8) CWE-79 High
WordPress Plugin Collision Testimonials 'admin.php' SQL Injection (3.0) CWE-89 High
WordPress Plugin ComicPress Manager 'lang' Parameter Cross-Site Scripting (1.4.9.9 ) CWE-79 High
WordPress Plugin Coming Soon/Maintenance mode Ready! Cross-Site Request Forgery (0.5.0) CWE-352 High
WordPress Plugin Comment Attachment Cross-Site Scripting (1.5.5) CVE-2013-6010 CWE-79 High
WordPress Plugin Comment Extra Fields 'cef-upload.php' Arbitrary File Upload (1.7) CWE-434 High
WordPress Plugin Comment Extra Fields Multiple Cross-Site Scripting Vulnerabilities (1.7) CWE-79 High
WordPress Plugin Comment Rating 'id' Parameter SQL Injection (2.9.23) CWE-89 High
WordPress Plugin Comment Rating 'path' Parameter Cross-Site Scripting (2.9.20) CWE-79 High
WordPress Plugin Comment Rating Cross-Site Request Forgery (2.9.20) CWE-352 High
WordPress Plugin Comment Rating SQL Injection and Security Bypass Weakness Vulnerabilities (2.9.32) CWE-89 CWE-264 High
WordPress Plugin CommentLuv Cross-Site Scripting (2.92.3) CVE-2013-1409 CWE-79 High
WordPress Plugin Commentator Cross-Site Scripting (2.5.2) CWE-79 High
WordPress Plugin Community Events 'id' Parameter SQL Injection (1.2.2) CWE-89 High
WordPress Plugin Community Events SQL Injection (1.3.5) CVE-2015-3313 CWE-89 High
WordPress Plugin Compfight Cross-Site Scripting (1.4) CVE-2014-5202 CVE-2014-8622 CWE-79 High
WordPress Plugin Complete Gallery Manager for WordPress Arbitrary File Upload (3.3.3) CVE-2013-5962 CWE-434 High
WordPress Plugin Conduit Banner 'banner-index-field-id' Parameter Cross-Site Scripting (0.2) CWE-79 High
WordPress Plugin Connections Business Directory Cross-Site Scripting (8.5.8) CVE-2016-0770 CWE-79 High
WordPress Plugin Connections Business Directory Unspecified Vulnerability (0.7.1.5) CVE-2011-5254 High
WordPress Plugin Constant Contact for WordPress Multiple Cross-Site Scripting Vulnerabilities (3.1.7) CWE-79 High
WordPress Plugin Constant Contact for WordPress Unspecified Vulnerability (3.1.6) High
WordPress Plugin Contact Bank-Contact Forms Builder Cross-Site Scripting (2.0.225) CWE-79 High
WordPress Plugin Contact Bank-Contact Forms Builder Cross-Site Scripting (2.0.226) CWE-79 High
WordPress Plugin Contact Form 'wpcf_easyform_formid' Parameter SQL Injection (2.7.5) CWE-89 High
WordPress Plugin Contact Form 7 Arbitrary File Upload (3.5.2) CWE-434 High
WordPress Plugin Contact Form 7 Arbitrary File Upload (3.5.3) CWE-434 High
WordPress Plugin Contact Form 7 Cross-Site Scripting (4.0.1) CWE-79 High
WordPress Plugin Contact Form 7 Integrations Multiple Cross-Site Scripting Vulnerabilities (1.3.10) CVE-2014-6445 CWE-79 High
WordPress Plugin Contact Form 7 Security Bypass (3.7.1) CVE-2014-2265 CWE-264 High
WordPress Plugin Contact Form 7 Security Bypass (4.1) CWE-330 High
WordPress Plugin Contact Form Builder Multiple SQL Injection Vulnerabilities (1.0.24) CWE-89 High
WordPress Plugin Contact Form Builder Security Bypass (1.0.7) CWE-264 High
WordPress Plugin Contact Form Clean and Simple Cross-Site Scripting (4.4.0) CVE-2014-8955 CWE-79 High
WordPress Plugin Contact Form DB Cross-Site Request Forgery (2.8.31) CVE-2015-1874 CWE-352 High
WordPress Plugin Contact Form DB Cross-Site Scripting (2.8.19) CWE-79 High
WordPress Plugin Contact Form DB Cross-Site Scripting (2.8.27) CVE-2015-2040 CWE-79 High
WordPress Plugin Contact Form DB Multiple Cross-Site Scripting Vulnerabilities (2.8.15) CVE-2014-7139 CWE-79 High
WordPress Plugin Contact Form Generator Multiple Cross-Site Request Forgery Vulnerabilities (2.0.1) CVE-2015-6965 CWE-352 High
WordPress Plugin Contact Form Integrated With Google Maps Cross-Site Scripting (2.4) CVE-2014-7238 CWE-79 High
WordPress Plugin Contact Form Maker Cross-Site Scripting (1.7.18) CVE-2014-8796 CWE-79 High
WordPress Plugin Contact Form Maker SQL Injection (1.7.30) CWE-89 High
WordPress Plugin Contact Form Maker Security Bypass (1.7.14) CWE-264 High
WordPress Plugin Contact Form Manager Multiple Cross-Site Scripting Vulnerabilities (1.4.1) CWE-79 High
WordPress Plugin Contact Form Unspecified Vulnerability (1.2) High
WordPress Plugin Contact Form by BestWebSoft Cross-Site Request Forgery (3.82) CWE-352 High
WordPress Plugin Contact Form by BestWebSoft Cross-Site Scripting (3.34) CWE-79 High
WordPress Plugin Contact Form by BestWebSoft Cross-Site Scripting (3.51) CWE-79 High
WordPress Plugin Contact Form by BestWebSoft Cross-Site Scripting (3.81) CWE-79 High
WordPress Plugin Contact Form by BestWebSoft Cross-Site Scripting (3.95) CWE-79 High
WordPress Plugin Contact Form by BestWebSoft Email Header Injection (3.83) CWE-88 High
WordPress Plugin Contact Form by ContactMe.com Cross-Site Scripting (2.3) CVE-2014-4518 CWE-79 High
WordPress Plugin Contact Form to DB by BestWebSoft Cross-Site Scripting (1.4.0) CWE-79 High
WordPress Plugin Contact Form to Email Cross-Site Scripting (1.0) CVE-2014-8798 CWE-79 High