Vulnerability Name CVE Severity
Apache 2.x version older than 2.2.10 CVE-2008-2939 CVE-2010-2791
Apache Axis2 web services enumeration
Apache mod_negotiation filename bruteforcing
Apache Solr endpoint
Apache stronghold-info enabled
Apache stronghold-status enabled
Apache Tomcat hello.jsp XSS CVE-2007-1355
Apache Tomcat version older than 6.0.6 CVE-2007-1358
Apache version up to 1.3.33 htpasswd local overflow CVE-2006-1078
ASP.NET debugging enabled
ASP.NET MVC version disclosure
ASP.NET path disclosure
ASP.NET version disclosure
ASP.NET ViewStateUserKey not set
Atlassian Jira Manage Filters information disclosure
Broken Link Hijacking
Clickjacking: CSP frame-ancestors missing
Clickjacking: X-Frame-Options header
ColdFusion administrator login page publicly available
ColdFusion path disclosures
ColdFusion RDS Service enabled
Composer installed.json publicly accessible
Cookies with missing, inconsistent or contradictory properties
Cookies without HttpOnly flag set
Cookies without Secure flag set
Cross site scripting (requiring unencoded quote)
Documentation files
Drupal Core Open Redirect
Envoy Metadata disclosure
Error page path disclosure
F5 BIG-IP Cookie Information Disclosure
Gitlab user disclosure
H2 console publicly accessible
HTML Attribute Injection
HTML Form found in redirect page
HTTP Strict Transport Security (HSTS) not implemented
IIS Path disclosure
Insecure Inline Frame (iframe)
Insecure transition from HTTPS to HTTP in form post
Internet Information Server returns IP address in HTTP header (Content-Location)
JBoss web service console
Jenkins open people list
Jenkins user enumeration
Jira Projects accessible anonymously
Jira Unauthorized User Enumeration via UserPickerBrowser
Joe Editor DEADJOE file
Kentico Staging API publicly accessible
Microsoft IIS Server service.cnf file found
Microsoft Office possible sensitive information
MySQL username disclosure
OData feed accessible anonymously
Oracle Reports Services RWServlet environment variables disclosure
Passive Mixed Content over HTTPS
Possible CSRF (Cross-site request forgery)
Possible sensitive directories
Possible sensitive files
Possible SQL Statement in comment
Possible virtual host found
Ruby on Rails CookieStore session cookie persistence
Sensitive pages could be cached
Session cookies scoped to parent domain
Session token in URL
Snoop Servlet information disclosure
Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed
Stack Trace Disclosure (Apache MyFaces)
Stack Trace Disclosure (ASP.NET)
Stack Trace Disclosure (CakePHP)
Stack Trace Disclosure (CherryPy)
Stack Trace Disclosure (ColdFusion)
Stack Trace Disclosure (Grails)
Stack Trace Disclosure (GWT)
Stack Trace Disclosure (Java)
Stack Trace Disclosure (Laravel)
Stack Trace Disclosure (Node.js)
Stack Trace Disclosure (Python)