Severity High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Apache 2.x version older than 2.2.10 CVE-2008-2939 CVE-2010-2791 CWE-79 CWE-79 Low Apache Axis2 web services enumeration CWE-200 CWE-200 Low Apache mod_negotiation filename bruteforcing CWE-538 CWE-538 Low Apache Solr endpoint CWE-200 CWE-200 Low Apache stronghold-info enabled CWE-200 CWE-200 Low Apache stronghold-status enabled CWE-200 CWE-200 Low Apache Tomcat hello.jsp XSS CVE-2007-1355 CWE-79 CWE-79 Low Apache Tomcat version older than 6.0.6 CVE-2007-1358 CWE-79 CWE-79 Low Apache version up to 1.3.33 htpasswd local overflow CVE-2006-1078 CWE-119 CWE-119 Low ASP.NET debugging enabled CWE-11 CWE-11 Low ASP.NET MVC version disclosure CWE-200 CWE-200 Low ASP.NET path disclosure CWE-200 CWE-200 Low ASP.NET version disclosure CWE-200 CWE-200 Low ASP.NET ViewStateUserKey not set CWE-642 CWE-642 Low Atlassian Jira Manage Filters information disclosure CWE-200 CWE-200 Low Broken Link Hijacking CWE-610 CWE-610 Low Clickjacking: CSP frame-ancestors missing CWE-1021 CWE-1021 Low Clickjacking: X-Frame-Options header CWE-1021 CWE-1021 Low ColdFusion administrator login page publicly available CWE-200 CWE-200 Low ColdFusion path disclosures CWE-200 CWE-200 Low ColdFusion RDS Service enabled CWE-200 CWE-200 Low Composer installed.json publicly accessible CWE-200 CWE-200 Low Cookies with missing, inconsistent or contradictory properties CWE-284 CWE-284 Low Cookies without HttpOnly flag set CWE-1004 CWE-1004 Low Cookies without Secure flag set CWE-614 CWE-614 Low Cross site scripting (requiring unencoded quote) CWE-79 CWE-79 Low Documentation files CWE-538 CWE-538 Low Drupal Core Open Redirect CWE-601 CWE-601 Low Envoy Metadata disclosure CWE-200 CWE-200 Low Error page path disclosure CWE-200 CWE-200 Low F5 BIG-IP Cookie Information Disclosure CWE-200 CWE-200 Low Gitlab user disclosure CWE-200 CWE-200 Low H2 console publicly accessible CWE-287 CWE-287 Low HTML Attribute Injection CWE-80 CWE-80 Low HTML Form found in redirect page CWE-287 CWE-287 Low HTTP Strict Transport Security (HSTS) not implemented CWE-16 CWE-16 Low IIS Path disclosure CWE-200 CWE-200 Low Insecure Inline Frame (iframe) CWE-829 CWE-829 Low Insecure transition from HTTPS to HTTP in form post CWE-200 CWE-200 Low Internet Information Server returns IP address in HTTP header (Content-Location) CWE-200 CWE-200 Low JBoss web service console CWE-200 CWE-200 Low Jenkins open people list CWE-200 CWE-200 Low Jenkins user enumeration CWE-200 CWE-200 Low Jira Projects accessible anonymously CWE-200 CWE-200 Low Jira Unauthorized User Enumeration via UserPickerBrowser CWE-200 CWE-200 Low Joe Editor DEADJOE file CWE-538 CWE-538 Low Kentico Staging API publicly accessible CWE-200 CWE-200 Low Microsoft IIS Server service.cnf file found CWE-538 CWE-538 Low Microsoft Office possible sensitive information CWE-200 CWE-200 Low MySQL username disclosure CWE-538 CWE-538 Low OData feed accessible anonymously CWE-200 CWE-200 Low Oracle Reports Services RWServlet environment variables disclosure CWE-200 CWE-200 Low Passive Mixed Content over HTTPS CWE-284 CWE-284 Low Possible CSRF (Cross-site request forgery) CWE-352 CWE-352 Low Possible sensitive directories CWE-200 CWE-200 Low Possible sensitive files CWE-200 CWE-200 Low Possible SQL Statement in comment CWE-200 CWE-200 Low Possible virtual host found CWE-200 CWE-200 Low Ruby on Rails CookieStore session cookie persistence CWE-284 CWE-284 Low Sensitive pages could be cached CWE-200 CWE-200 Low Session cookies scoped to parent domain CWE-284 CWE-284 Low Session token in URL CWE-200 CWE-200 Low Snoop Servlet information disclosure CWE-200 CWE-200 Low Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed CWE-16 CWE-16 Low Stack Trace Disclosure (Apache MyFaces) CWE-209 CWE-209 Low Stack Trace Disclosure (ASP.NET) CWE-209 CWE-209 Low Stack Trace Disclosure (CakePHP) CWE-209 CWE-209 Low Stack Trace Disclosure (CherryPy) CWE-209 CWE-209 Low Stack Trace Disclosure (ColdFusion) CWE-209 CWE-209 Low Stack Trace Disclosure (Grails) CWE-209 CWE-209 Low Stack Trace Disclosure (GWT) CWE-209 CWE-209 Low Stack Trace Disclosure (Java) CWE-209 CWE-209 Low Stack Trace Disclosure (Laravel) CWE-209 CWE-209 Low Stack Trace Disclosure (Node.js) CWE-209 CWE-209 Low Stack Trace Disclosure (Python) CWE-209 CWE-209 Low 12 1 / 2