Acunetix Web Vulnerabilities Index

Vulnerability Name CVE CWE Severity
Bazaar repository found CWE-538 High
Blind SQL Injection CWE-89 High
Blind XSS CWE-80 High
Bonjour service running CWE-16 Low
BREACH attack CVE-2013-3587 CWE-310 Medium
Broken links CWE-16 Informational
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability CVE-2010-4335 CWE-20 High
Chargen service running CWE-16 Medium
Check for apache versions up to 1.3.25, 2.0.38 CVE-2002-0392 CWE-119 High
Chrome Logger information disclosure CWE-16 Medium
Cisco Adaptive Security Appliance (ASA) Path Traversal CVE-2018-0296 CWE-22 High
CKEditor 4.0.1 cross-site scripting vulnerability CWE-79 High
Clickjacking: X-Frame-Options header missing CWE-693 Low
Code execution CWE-94 High
CodeIgniter 2.1.3 xss_clean() filter bypass CVE-2013-4891 CWE-80 High
CodeIgniter session decoding vulnerability CWE-16 High
CodeIgniter weak encryption key CWE-200 High
ColdFusion 8 FCKEditor file upload vulnerability CVE-2009-2265 CWE-22 High
ColdFusion 9 solr service exposed CVE-2010-0185 CWE-264 High
ColdFusion administrator login page publicly available CWE-16 Low
ColdFusion AMF Deserialization RCE CVE-2017-3066 CWE-502 High
ColdFusion Arbitrary File Upload CVE-2018-15961 CWE-434 High
ColdFusion directory traversal CVE-2010-2861 CWE-22 High
ColdFusion JNDI injection RCE CVE-2018-15957 CWE-502 High
ColdFusion path disclosure CWE-200 Low
ColdFusion RDS Service enabled CWE-16 Low
ColdFusion Request Debugging information disclosure CWE-200 Medium
ColdFusion Robust Exception enabled CWE-200 Medium
ColdFusion User-Agent cross-site scripting CVE-2007-0817 CWE-79 High
Configuration file disclosure CWE-538 High
Configuration file source code disclosure CWE-538 High
Content Security Policy (CSP) not implemented CWE-16 Informational
Content type is not specified CWE-16 Informational
Cookie(s) without HttpOnly flag set CWE-16 Low
Cookie(s) without Secure flag set CWE-16 Low
Core dump checker PHP script CWE-200 Medium
Core dump file CWE-200 High
CORS (Cross-Origin Resource Sharing) origin validation failure High
CouchDB REST API publicly accessible CWE-285 High
Credit card number disclosed CWE-200 Medium
CRIME SSL/TLS attack CVE-2012-4929 CWE-310 Medium
CRLF injection/HTTP response splitting CWE-113 Medium
CRLF injection/HTTP response splitting (Web Server) CWE-113 Medium
Cross-Site Request Forgery (CSRF) (CMS Made Simple) CVE-2016-7904 CWE-352 Medium
Cross-site scripting vulnerability in Google Web Toolkit CVE-2012-4563 CWE-80 High
Cross-site scripting vulnerability in Google Web Toolkit (CVE-2012-5920) CVE-2012-5920 CWE-80 High
Cross-site scripting vulnerability in Open Flash Chart CVE-2013-1636 CWE-79 High
Cross domain data hijacking CWE-20 Medium
Cross frame scripting CWE-79 Medium
Cross site scripting CWE-79 High
Cross Site Scripting (Category Description) (CMS Made Simple) CVE-2017-6555 CWE-79 Medium
Cross site scripting (content-sniffing) CWE-79 Medium
Cross Site Scripting (globalmetadata) (CMS Made Simple) CVE-2017-6556 CWE-79 Medium
Cross site scripting in HTTP-01 ACME challenge implementation CWE-79 High
Cross site scripting vulnerability in clipboard.swf CWE-79 High
Cross site scripting vulnerability in flowplayer SWF CVE-2013-7342 CWE-79 High
Cross site scripting vulnerability in jPlayer SWF CVE-2013-2023 CWE-79 High
Cross site scripting vulnerability in JW Player SWF CVE-2012-3351 CWE-79 High
Cross site scripting vulnerability in SimpleViewer CWE-79 High
Cross site scripting vulnerability in Uploadify SWF CWE-79 High
Cross site scripting vulnerability in ZeroClipboard.swf CWE-79 High
CVS web repository CWE-16 High
Database connection string disclosure CWE-200 Medium
Data Binding Expression Vulnerability in Spring Web Flow CVE-2017-4971 CWE-78 High
Daytime service running CWE-16 Informational
Debian OpenSSL predictable random number generator (SSH) CVE-2008-0166 CWE-310 High
Debian OpenSSL predictable random number generator (SSL) CVE-2008-0166 CWE-310 High
Deserialization of Untrusted Data (Java JSON Deserialization) CWE-502 High
Deserialization of Untrusted Data (Java JSON Deserialization) CWE-502 High
Deserialization of Untrusted Data (Java JSON Deserialization) CWE-502 High
Deserialization of Untrusted Data (Java JSON Deserialization) CWE-502 High
Deserialization of Untrusted Data (Java Object Deserialization) CWE-502 High
Development configuration file CWE-538 Medium
Devise weak password CWE-200 High
Directory listing CWE-538 Medium