Vulnerabilities - Acunetix

Vulnerability Name	CVE CWE	CWE	Severity
(Possible) Cross site scripting	CWE-79	CWE-79	Informational
.htaccess File Detected	CWE-443	CWE-443	Informational
.NET HTTP Remoting publicly exposed	CWE-502	CWE-502	High
.NET JSON.NET Deserialization RCE	CWE-502	CWE-502	High
AbanteCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20141)	CVE-2018-20141 CWE-707	CWE-707	Medium
AbanteCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42050)	CVE-2021-42050 CWE-707	CWE-707	Medium
AbanteCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42051)	CVE-2021-42051 CWE-707	CWE-707	Medium
AbanteCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-10755)	CVE-2016-10755 CWE-138	CWE-138	High
AbanteCart Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-26521)	CVE-2022-26521 CWE-434	CWE-434	High
Access-Control-Allow-Origin header with wildcard (*) value	CWE-284	CWE-284	Informational
ACME mini_httpd arbitrary file read	CVE-2018-18778 CWE-23	CWE-23	High
Active Mixed Content over HTTPS	CWE-284	CWE-284	Medium
Adminer 4.6.2 file disclosure vulnerability	CWE-22	CWE-22	High
Adminer Server Side Request Forgery (SSRF)	CVE-2021-21311 CWE-918	CWE-918	Medium
Adobe Coldfusion 8 multiple linked XSS vulnerabilies	CVE-2009-1872 CWE-79	CWE-79	High
Adobe ColdFusion 9 administrative login bypass	CVE-2013-0625 CVE-2013-0629 CVE-2013-0631 CVE-2013-0632 CWE-287	CWE-287	High
Adobe ColdFusion directory traversal	CVE-2013-3336 CWE-22	CWE-22	High
Adobe Experience Manager Information Disclosure via Apache Sling v2.3.6 vulnerability	CVE-2016-0956 CWE-668	CWE-668	Medium
Adobe Experience Manager Misconfiguration	CVE-2016-0957 CWE-693	CWE-693	High
Adobe Flex 3 DOM-based XSS vulnerability	CVE-2008-2640 CWE-79	CWE-79	High
Agentejo Cockpit CMS resetpassword NoSQLi (CVE-2020-35847)	CVE-2020-35847 CWE-89	CWE-89	High
AjaxControlToolkit directory traversal	CVE-2015-4670 CWE-434	CWE-434	High
AjaxPro.NET Professional Deserialization RCE (CVE-2021-23758)	CWE-502	CWE-502	High
Akeeba backup access control bypass	CWE-287	CWE-287	High
Alibaba Nacos Authentication Bypass (CVE-2021-29441)	CWE-287	CWE-287	High
Amazon S3 public bucket	CWE-264	CWE-264	Medium
Amazon S3 publicly writable bucket	CWE-264	CWE-264	High
Ampache Deserialization of Untrusted Data Vulnerability (CVE-2017-18375)	CVE-2017-18375 CWE-502	CWE-502	High
Ampache Improper Access Control Vulnerability (CVE-2021-21399)	CVE-2021-21399 CWE-284	CWE-284	High
Ampache Improper Authentication Vulnerability (CVE-2007-4438)	CVE-2007-4438 CWE-287	CWE-287	Medium
Ampache Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-3929)	CVE-2008-3929 CWE-59	CWE-59	High
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12386)	CVE-2019-12386 CWE-707	CWE-707	Medium
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-32644)	CVE-2021-32644 CWE-707	CWE-707	Medium
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0606)	CVE-2023-0606 CWE-707	CWE-707	Medium
Ampache Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-12385)	CVE-2019-12385 CWE-138	CWE-138	High
Ampache Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-15153)	CVE-2020-15153 CWE-138	CWE-138	Critical
Ampache Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-0771)	CVE-2023-0771 CWE-138	CWE-138	High
Ampache Other Vulnerability (CVE-2006-5668)	CVE-2006-5668		High
Ampache Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-4665)	CVE-2022-4665 CWE-434	CWE-434	High
AngularJS client-side template injection	CWE-79	CWE-79	High
AngularJS Improper Input Validation Vulnerability (CVE-2019-10768)	CVE-2019-10768 CWE-20	CWE-20	High
AngularJS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14863)	CVE-2019-14863 CWE-707	CWE-707	Medium
AngularJS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-7676)	CVE-2020-7676 CWE-707	CWE-707	Medium
Apache 2.2.14 mod_isapi Dangling Pointer	CVE-2010-0425 CWE-20	CWE-20	High
Apache 2.x version equal to 2.0.51	CVE-2004-0811 CWE-264	CWE-264	Medium
Apache 2.x version older than 2.0.43	CVE-2002-0840 CVE-2002-1156 CWE-538	CWE-538	Medium
Apache 2.x version older than 2.0.45	CVE-2003-0132 CWE-400	CWE-400	Medium
Apache 2.x version older than 2.0.46	CVE-2003-0083 CVE-2003-0134 CVE-2003-0189 CVE-2003-0245 CWE-20	CWE-20	Medium
Apache 2.x version older than 2.0.47	CVE-2003-0192 CVE-2003-0253 CVE-2003-0254 CWE-20	CWE-20	Medium
Apache 2.x version older than 2.0.48	CVE-2003-0542 CVE-2003-0789 CWE-119	CWE-119	Medium
Apache 2.x version older than 2.0.49	CVE-2003-0020 CVE-2004-0113 CVE-2004-0174 CWE-20	CWE-20	Medium
Apache 2.x version older than 2.0.51	CVE-2004-0747 CVE-2004-0748 CVE-2004-0751 CVE-2004-0786 CVE-2004-0809 CWE-119	CWE-119	Medium
Apache 2.x version older than 2.0.55	CVE-2005-1268 CVE-2005-2088 CVE-2005-2491 CVE-2005-2700 CVE-2005-2728 CVE-2005-2970 CWE-119	CWE-119	Medium
Apache 2.x version older than 2.0.61	CVE-2006-5752 CVE-2007-1863 CVE-2007-3304 CVE-2007-3847 CWE-701	CWE-701	Medium
Apache 2.x version older than 2.0.63	CVE-2007-5000 CVE-2007-6388 CVE-2008-0005 CWE-79	CWE-79	Medium
Apache 2.x version older than 2.2.3	CVE-2006-3747 CWE-189	CWE-189	Medium
Apache 2.x version older than 2.2.6	CVE-2006-5752 CVE-2007-1862 CVE-2007-1863 CVE-2007-3304 CVE-2007-3847 CWE-20	CWE-20	Medium
Apache 2.x version older than 2.2.8	CVE-2007-5000 CVE-2007-6388 CVE-2007-6421 CVE-2007-6422 CVE-2008-0005 CWE-79	CWE-79	Medium
Apache 2.x version older than 2.2.9	CVE-2007-6420 CVE-2008-2364 CWE-399	CWE-399	Medium
Apache 2.x version older than 2.2.10	CVE-2008-2939 CVE-2010-2791 CWE-79	CWE-79	Low
Apache ActiveMQ default administrative credentials			High
Apache Airflow default credentials	CWE-798	CWE-798	High
Apache Airflow Experimental API Auth Bypass CVE-2020-13927	CVE-2020-13927 CWE-200	CWE-200	High
Apache Airflow Exposed configuration	CWE-200	CWE-200	Medium
Apache Airflow Unauthorized Access Vulnerability	CWE-200	CWE-200	High
Apache APISIX default token (CVE-2020-13945/CVE-2022-24112)	CVE-2020-13945 CWE-259	CWE-259	Medium
Apache Axis2 administration console weak password	CWE-200	CWE-200	High
Apache Axis2 information disclosure	CWE-200	CWE-200	Medium
Apache Axis2 web services enumeration	CWE-200	CWE-200	Low
Apache Axis2 xsd local file inclusion	CWE-22	CWE-22	High
Apache balancer-manager application publicly accessible	CWE-200	CWE-200	Medium
Apache Cassandra Unauthorized Access Vulnerability	CWE-200	CWE-200	Medium
Apache configured to run as proxy	CWE-441	CWE-441	Medium
Apache CouchDB JSON Remote Privilege Escalation Vulnerability	CVE-2017-12635 CWE-285	CWE-285	High
Apache Denial of service in mod_lua r:parsebody Vulnerability (CVE-2022-29404)	CVE-2022-29404		Medium

(Possible) Cross site scripting

CWE-79

Informational