High Severity Vulnerabilities

Vulnerability Name	CVE	CWE	Severity
Adobe Coldfusion 8 multiple linked XSS vulnerabilies	CVE-2009-1872	CWE-79	High
Adobe ColdFusion 9 administrative login bypass	CVE-2013-0625 CVE-2013-0629 CVE-2013-0631 CVE-2013-0632	CWE-287	High
Adobe ColdFusion directory traversal	CVE-2013-3336	CWE-22	High
Adobe Flex 3 DOM-based XSS vulnerability	CVE-2008-2640	CWE-79	High
AjaxControlToolkit directory traversal	CVE-2015-4670	CWE-434	High
Akeeba backup access control bypass		CWE-287	High
Amazon S3 publicly writable bucket		CWE-264	High
AmCharts SWF XSS vulnerability	CVE-2012-1303	CWE-79	High
AngularJS client-side template injection		CWE-79	High
Apache 2.0.39 Win32 directory traversal	CVE-2002-0661	CWE-22	High
Apache 2.0.43 Win32 file reading vulnerability	CVE-2003-0017	CWE-20	High
Apache 2.2.14 mod_isapi Dangling Pointer	CVE-2010-0425	CWE-20	High
Apache Axis2 administration console weak password		CWE-200	High
Apache Axis2 xsd local file inclusion		CWE-22	High
Apache Geronimo default administrative credentials		CWE-16	High
Apache mod_rewrite off-by-one buffer overflow vulnerability	CVE-2006-3747	CWE-189	High
Apache Roller OGNL injection	CVE-2013-4212	CWE-20	High
Apache Shiro Deserialization RCE		CWE-78	High
Apache solr service exposed		CWE-16	High
Apache Struts 2 ClassLoader manipulation and denial of service	CVE-2014-0112	CWE-701	High
Apache Struts 2 ClassLoader manipulation and denial of service (S2-020)	CVE-2014-0094	CWE-701	High
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution	CVE-2013-2251	CWE-20	High
Apache Struts2 remote code execution vulnerability	CVE-2016-0785	CWE-78	High
Apache Struts2 remote command execution (S2-045)	CVE-2017-5638	CWE-94	High
Apache Struts2 Remote Command Execution (S2-048)	CVE-2017-9791	CWE-94	High
Apache Struts2 Remote Command Execution (S2-052)	CVE-2017-9805	CWE-94	High
Apache Struts2 Remote Command Execution (S2-053)	CVE-2017-12611	CWE-94	High
Apache Struts Remote Code Execution (S2-057)	CVE-2018-11776	CWE-917	High
Apache Tomcat "allowLinking" on Case Insensitive Filesystems		CWE-538	High
Apache Tomcat Information Disclosure	CVE-2017-12616	CWE-200	High
Apache Tomcat insecure default administrative password		CWE-284	High
Apache Tomcat JK connector security bypass	CVE-2007-1860	CWE-16	High
Apache Tomcat version older than 6.0.35	CVE-2011-3190 CVE-2011-3375 CVE-2012-0022	CWE-264	High
Apache Tomcat version older than 6.0.36	CVE-2012-2733 CVE-2012-3439 CVE-2012-3546 CVE-2012-4431 CVE-2012-4534	CWE-20	High
Apache Tomcat version older than 7.0.21	CVE-2011-3190	CWE-264	High
Apache Tomcat version older than 7.0.23	CVE-2012-0022	CWE-189	High
Apache Tomcat version older than 7.0.28	CVE-2012-2733 CVE-2012-4534	CWE-20	High
Apache Tomcat version older than 7.0.30	CVE-2012-3439 CVE-2012-3544 CVE-2012-3546	CWE-20	High
Apache Tomcat version older than 7.0.32	CVE-2012-4431	CWE-264	High
Apache Win32 batch file remote command execution vulnerability	CVE-2002-0061	CWE-20	High
Arbitrary EL Evaluation in RichFaces		CWE-917	High
Arbitrary file creation		CWE-20	High
Arbitrary file deletion		CWE-20	High
Arbitrary local file read via file upload		CWE-200	High
ASP.NET padding oracle vulnerability	CVE-2010-3332	CWE-310	High
ASP code injection		CWE-95	High
Atlassian Confluence information disclosure	CVE-2017-7415		High
Atlassian Jira DOM-based cross-site scripting vulnerability		CWE-79	High
Atlassian Jira insecure REST permissions			High
Atlassian OAuth Plugin IconUriServlet SSRF	CVE-2017-9506	CWE-918	High
Auxiliary systems SSRF		CWE-918	High
Barracuda networks products multiple directory traversal vulnerabilities		CWE-22	High
Bash code injection vulnerability	CVE-2014-6271	CWE-78	High
Bazaar repository found		CWE-538	High
Blind SQL Injection		CWE-89	High
Blind XSS		CWE-80	High
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability	CVE-2010-4335	CWE-20	High
Check for apache versions up to 1.3.25, 2.0.38	CVE-2002-0392	CWE-119	High
Cisco Adaptive Security Appliance (ASA) Path Traversal	CVE-2018-0296	CWE-22	High
CKEditor 4.0.1 cross-site scripting vulnerability		CWE-79	High
Code execution		CWE-94	High
CodeIgniter 2.1.3 xss_clean() filter bypass	CVE-2013-4891	CWE-80	High
CodeIgniter session decoding vulnerability		CWE-16	High
CodeIgniter weak encryption key		CWE-200	High
ColdFusion 8 FCKEditor file upload vulnerability	CVE-2009-2265	CWE-22	High
ColdFusion 9 solr service exposed	CVE-2010-0185	CWE-264	High
ColdFusion directory traversal	CVE-2010-2861	CWE-22	High
ColdFusion User-Agent cross-site scripting	CVE-2007-0817	CWE-79	High
Configuration file disclosure		CWE-538	High
Configuration file source code disclosure		CWE-538	High
Core dump file		CWE-200	High
CORS (Cross-Origin Resource Sharing) origin validation failure			High
Cross-site scripting vulnerability in Google Web Toolkit	CVE-2012-4563	CWE-80	High
Cross-site scripting vulnerability in Google Web Toolkit (CVE-2012-5920)	CVE-2012-5920	CWE-80	High
Cross-site scripting vulnerability in Open Flash Chart	CVE-2013-1636	CWE-79	High

Adobe Coldfusion 8 multiple linked XSS vulnerabilies

CVE-2009-1872

CWE-79

High

Adobe ColdFusion 9 administrative login bypass

CVE-2013-0625 CVE-2013-0629 CVE-2013-0631 CVE-2013-0632

CWE-287

High

Adobe ColdFusion directory traversal

CVE-2013-3336

CWE-22

High