Acunetix Web Vulnerabilities Index

Vulnerability Name CVE CWE Severity
Apache 2.x version older than 2.2.10 CVE-2008-2939 CVE-2010-2791 CWE-79 Low
Apache Axis2 web services enumeration CWE-200 Low
Apache mod_negotiation filename bruteforcing CWE-538 Low
Apache Solr endpoint CWE-16 Low
Apache stronghold-info enabled CWE-200 Low
Apache stronghold-status enabled CWE-200 Low
Apache Tomcat hello.jsp XSS CVE-2007-1355 CWE-79 Low
Apache Tomcat version older than 6.0.6 CVE-2007-1358 CWE-79 Low
Apache version up to 1.3.33 htpasswd local overflow CVE-2006-1078 CWE-119 Low
ASP.NET debugging enabled CWE-16 Low
ASP.NET MVC version disclosure CWE-200 Low
ASP.NET path disclosure CWE-200 Low
ASP.NET version disclosure CWE-200 Low
ASP.NET ViewStateUserKey not set (AcuSensor) CWE-16 Low
Aspect Low
Atlassian Jira Manage Filters information disclosure CWE-200 Low
Bonjour service running CWE-16 Low
Clickjacking: X-Frame-Options header missing CWE-693 Low
ColdFusion administrator login page publicly available CWE-16 Low
ColdFusion path disclosure CWE-200 Low
Cookie(s) without HttpOnly flag set CWE-16 Low
Cookie(s) without Secure flag set CWE-16 Low
Documentation file CWE-538 Low
Drupal Core Open Redirect CWE-601 Low
Environment variable information disclosure CWE-200 Low
Error page path disclosure CWE-200 Low
File upload CWE-16 Low
Frontpage extensions enabled CWE-16 Low
FTP anonymous logins CWE-16 Low
Hidden form input named price was found CWE-16 Low
HTML Form found in redirect page CWE-287 Low
Insecure Flash embed parameter CWE-284 Low
Insecure response with wildcard '*' in Access-Control-Allow-Origin CWE-16 Low
Insecure transition from HTTPS to HTTP in form post CWE-200 Low
Internet Information Server returns IP address in HTTP header (Content-Location) CWE-200 Low
JBoss web service console CWE-200 Low
Joe Editor DEADJOE file CWE-538 Low
JVM version leakage CWE-200 Low
Login page password-guessing attack CWE-307 Low
Microsoft IIS Server service.cnf file found CWE-538 Low
MySQL Community Server 5.0 to 5.0.45 multiple vulnerabilities CVE-2007-2691 CVE-2007-2692 CVE-2007-3780 CVE-2007-3781 CVE-2007-3782 CWE-264 Low
MySQL username disclosure CWE-538 Low
OPTIONS method is enabled CWE-200 Low
PHP.exe Windows CGI for Apache may let remote users view files on the server CVE-2002-2029 CWE-16 Low
Possible relative path overwrite CWE-20 Low
Possible sensitive directories CWE-200 Low
Possible sensitive files CWE-200 Low
Possible SQL Statement in comment CWE-200 Low
Possible virtual host found CWE-200 Low
Public key certificate CWE-200 Low
Rlogin service running CWE-16 Low
Rsh service running CWE-16 Low
Ruby on Rails CookieStore session cookie persistence CWE-284 Low
Sensitive data not encrypted CWE-200 Low
Sensitive page could be cached CWE-200 Low
Session Cookie scoped to parent domain CWE-16 Low
Session token in URL CWE-200 Low
Slow response time CWE-400 Low
SMB list shares CWE-16 Low
SMB null session CWE-16 Low
Telnet service running CWE-16 Low
Tomcat status page CWE-200 Low
TRACE method is enabled CWE-16 Low
TRACK method is enabled CWE-16 Low
WebDAV enabled CWE-16 Low
Web Server Cache Poisoning CVE-2016-2784 CWE-20 Low
WordPress admin accessible without HTTP authentication CWE-16 Low
WordPress default administrator account CWE-16 Low
WordPress full path disclosure CWE-200 Low
WordPress REST API User Enumeration CWE-200 Low
XDMCP service running CWE-16 Low
Your SSL certificate is about to expire CWE-298 Low