Medium Severity Vulnerabilities

Vulnerability Name CVE CWE Severity
ASP.NET application trace enabled CWE-16  Medium
ASP.NET diagnostic page CWE-200  Medium
ASP.NET error message CWE-200  Medium
AWStats script CWE-538  Medium
Access database found CWE-538  Medium
Amazon S3 public bucket CWE-264  Medium
Apache 2.x version equal to 2.0.51 CVE-2004-0811  CWE-264  Medium
Apache 2.x version older than 2.0.43 CVE-2002-0840  CVE-2002-1156  CWE-538  Medium
Apache 2.x version older than 2.0.45 CVE-2003-0132  CWE-400  Medium
Apache 2.x version older than 2.0.46 CVE-2003-0083  CVE-2003-0134  CVE-2003-0189  CVE-2003-0245  CWE-20  Medium
Apache 2.x version older than 2.0.47 CVE-2003-0192  CVE-2003-0253  CVE-2003-0254  CWE-20  Medium
Apache 2.x version older than 2.0.48 CVE-2003-0542  CVE-2003-0789  CWE-119  Medium
Apache 2.x version older than 2.0.49 CVE-2003-0020  CVE-2004-0113  CVE-2004-0174  CWE-20  Medium
Apache 2.x version older than 2.0.51 CVE-2004-0747  CVE-2004-0748  CVE-2004-0751  CVE-2004-0786  CVE-2004-0809  CWE-119  Medium
Apache 2.x version older than 2.0.55 CVE-2005-1268  CVE-2005-2088  CVE-2005-2491  CVE-2005-2700  CVE-2005-2728  CVE-2005-2970  CWE-119  Medium
Apache 2.x version older than 2.0.61 CVE-2006-5752  CVE-2007-1863  CVE-2007-3304  CVE-2007-3847  CWE-701  Medium
Apache 2.x version older than 2.0.63 CVE-2007-5000  CVE-2007-6388  CVE-2008-0005  CWE-79  Medium
Apache 2.x version older than 2.2.3 CVE-2006-3747  CWE-189  Medium
Apache 2.x version older than 2.2.6 CVE-2006-5752  CVE-2007-1862  CVE-2007-1863  CVE-2007-3304  CVE-2007-3847  CWE-20  Medium
Apache 2.x version older than 2.2.8 CVE-2007-5000  CVE-2007-6388  CVE-2007-6421  CVE-2007-6422  CVE-2008-0005  CWE-79  Medium
Apache 2.x version older than 2.2.9 CVE-2007-6420  CVE-2008-2364  CWE-399  Medium
Apache Axis2 information disclosure CWE-200  Medium
Apache JServ protocol service CWE-16  Medium
Apache Proxy HTTP CONNECT method enabled CWE-16  Medium
Apache Tomcat WAR file directory traversal vulnerability CVE-2009-2693  CVE-2009-2901  CWE-22  Medium
Apache Tomcat directory host Appbase authentication bypass vulnerability CVE-2009-2901  CWE-264  Medium
Apache Tomcat directory traversal CVE-2007-0450  CWE-22  Medium
Apache Tomcat examples directory vulnerabilities CWE-264  Medium
Apache Tomcat sample files CWE-538  Medium
Apache Tomcat version older than 4.1.37 CVE-2005-3164  CVE-2007-1355  CVE-2007-2449  CVE-2007-2450  CVE-2007-3382  CVE-2007-3383  CVE-2007-3385  CVE-2007-5333  CVE-2007-5461  CWE-79  Medium
Apache Tomcat version older than 4.1.39 CVE-2008-0128  CVE-2008-1232  CVE-2008-2370  CWE-22  Medium
Apache Tomcat version older than 5.5.25 CVE-2007-2449  CVE-2007-2450  CVE-2007-3382  CVE-2007-3385  CVE-2007-3386  CWE-79  Medium
Apache Tomcat version older than 5.5.26 CVE-2007-5333  CVE-2007-5342  CVE-2007-5461  CVE-2007-6286  CWE-264  Medium
Apache Tomcat version older than 5.5.27 CVE-2008-1232  CVE-2008-1947  CVE-2008-2370  CWE-22  Medium
Apache Tomcat version older than 6.0.10 CVE-2007-0450  CWE-22  Medium
Apache Tomcat version older than 6.0.11 CVE-2005-2090  CVE-2007-1355  CWE-79  Medium
Apache Tomcat version older than 6.0.14 CVE-2007-2449  CVE-2007-2450  CVE-2007-3382  CVE-2007-3385  CVE-2007-3386  CWE-79  Medium
Apache Tomcat version older than 6.0.16 CVE-2007-5333  CVE-2007-5342  CVE-2007-5461  CVE-2007-6286  CVE-2008-0002  CWE-264  Medium
Apache Tomcat version older than 6.0.18 CVE-2008-1232  CVE-2008-1947  CVE-2008-2370  CWE-79  Medium
Apache Tomcat version older than 6.0.9 CVE-2008-0128  CWE-16  Medium
Apache configured to run as proxy CWE-16  Medium
Apache error log escape sequence injection vulnerability CVE-2003-0020  CWE-20  Medium
Apache httpOnly cookie disclosure CVE-2012-0053  CWE-264  Medium
Apache httpd remote denial of service CVE-2011-3192  CWE-399  Medium
Apache perl-status enabled CWE-200  Medium
Apache server-info enabled CWE-200  Medium
Apache server-status enabled CWE-200  Medium
Apache version older than 1.3.27 CVE-2002-0839  CVE-2002-0840  CVE-2002-0843  CWE-119  Medium
Apache version older than 1.3.28 CVE-2003-0460  CWE-20  Medium
Apache version older than 1.3.29 CVE-2003-0542  CWE-119  Medium
Apache version older than 1.3.31 CVE-2003-0020  CVE-2003-0987  CVE-2003-0993  CVE-2004-0174  CWE-264  Medium
Apache version older than 1.3.34 CVE-2005-2088  CWE-20  Medium
Apache version older than 1.3.37 CVE-2006-3747  CWE-189  Medium
Apache version older than 1.3.39 CVE-2006-5752  CVE-2007-3304  CWE-79  Medium
Apache version older than 1.3.41 CVE-2007-6388  CWE-79  Medium
Application error message CWE-200  Medium
Arbitrary file existence disclosure in Action Pack CVE-2014-7829  CWE-200  Medium
BREACH attack CVE-2013-3587  CWE-310  Medium
Backup files CWE-538  Medium
Basic authentication over HTTP CWE-16  Medium
CRIME SSL/TLS attack CVE-2012-4929  CWE-310  Medium
CRLF injection/HTTP response splitting CWE-113  Medium
Chargen service running CWE-16  Medium
Chrome Logger information disclosure CWE-16  Medium
Core dump checker PHP script CWE-200  Medium
Credit card number disclosed CWE-200  Medium
Cross domain data hijacking CWE-20  Medium
Cross frame scripting CWE-79  Medium
DNS cache snooping CWE-16  Medium
DNS open recursion CWE-16  Medium
Database connection string disclosure CWE-200  Medium
Development configuration file CWE-538  Medium
Directory listing CWE-538  Medium
Django debug mode enabled CWE-200  Medium
Drupal Views module information disclosure vulnerability CWE-200  Medium
Echo service running CWE-16  Medium
Error message CWE-200  Medium
Error message on page CWE-200  Medium
FCKeditor arbitrary file upload CVE-2009-2265  CWE-22  Medium
FTP anonymous writable directories CWE-16  Medium
Fantastico fileslist CWE-538  Medium
File tampering CWE-20  Medium
Finger service running CWE-16  Medium
Frontpage authors.pwd available CWE-538  Medium
Full public read access Azure blob storage CWE-264  Medium
Global.asa backup file found CWE-538  Medium
Grails database console CWE-16  Medium
HTML form susceptible to spam CWE-20  Medium
HTML form without CSRF protection CWE-352  Medium
HTML injection CWE-80  Medium
HTTP parameter pollution CWE-88  Medium
HTTPS connection is using SSL version 2 CWE-310  Medium
HTTPS connection with weak key length CWE-310  Medium
Host header attack CWE-20  Medium
Insecure clientaccesspolicy.xml file CWE-16  Medium
Insecure crossdomain.xml file CWE-284  Medium
Insecure transition from HTTP to HTTPS in form post CWE-200  Medium
JBoss status servlet information leak CVE-2010-1429  CWE-200  Medium
JSF ViewState client side storage CWE-16  Medium
Java Management Extensions (JMX/RMI) service detected CWE-16  Medium
Java object deserialization of user-supplied data CWE-20  Medium
Jenkins dashboard CWE-200  Medium
JetBrains .idea project directory CWE-538  Medium
LDAP anonymous binds CWE-16  Medium
Microsoft SQL Server weak password encryption vulnerability CVE-2000-0199  CWE-310  Medium
MongoDB HTTP status interface CWE-16  Medium
Multiple vulnerabilities fixed in PHP versions 5.5.12 and 5.4.28 CVE-2014-0185  CWE-16  Medium
MySQL database dump CWE-538  Medium
MySQL utf8 4-byte truncation CWE-16  Medium
Open SOCKS server CWE-16  Medium
Open proxy server CWE-16  Medium
Oracle applications logs publicy available CWE-200  Medium
PHP 4.3.0 file disclosure and possible code execution CVE-2003-0097  CWE-20  Medium
PHP HTTP POST incorrect MIME header parsing vulnerability CVE-2002-0717  CWE-20  Medium
PHP allow_url_fopen enabled CWE-16  Medium
PHP curl_exec() url is controlled by user CVE-2009-0037  CWE-352  Medium
PHP error logging format string vulnerability CVE-2000-0967  CWE-20  Medium
PHP errors enabled CWE-16  Medium
PHP hangs on parsing particular strings as floating point number CVE-2010-4645  CWE-189  Medium
PHP mail function ASCII control character header spoofing vulnerability CVE-2002-0986  CWE-20  Medium
PHP multipart/form-data denial of service CVE-2009-4017  CWE-400  Medium
PHP object deserialization of user-supplied data CWE-20  Medium
PHP open_basedir is not set CWE-16  Medium
PHP preg_replace used on user input CWE-20  Medium
PHP session.use_only_cookies disabled CWE-16  Medium
PHP session.use_trans_sid enabled CWE-16  Medium
PHP socket_iovec_alloc() integer overflow CVE-2003-0172  CWE-119  Medium
PHP super-globals-overwrite CWE-16  Medium
PHP undefined Safe_Mode_Include_Dir safemode bypass vulnerability CVE-2003-0863  CWE-16  Medium
PHP unserialize() used on user input CWE-20  Medium
PHP upload arbitrary file disclosure vulnerability CVE-2000-0860  CWE-538  Medium
PHP version older than 4.3.8 CVE-2004-0594  CVE-2004-0595  CWE-16  Medium
PHP4 IMAP module buffer overflow vulnerability CWE-119  Medium
PHP4 multiple vulnerabilities CVE-2003-0860  CVE-2003-0861  CWE-119  Medium
PHPinfo page CWE-200  Medium
PHPinfo page found CWE-200  Medium
Partial user controllable script source CWE-20  Medium
Password field submitted using GET method CWE-200  Medium
Possible debug parameter found CWE-200  Medium
Possible remote SWF inclusion CVE-2007-6244  CVE-2007-6637  CWE-79  Medium
Possible social security number disclosed CWE-200  Medium
Proxy accepts CONNECT requests to itself CWE-16  Medium
Pyramid debug mode CWE-16  Medium
Python object deserialization of user-supplied data CWE-20  Medium
RC4 cipher suites detected CVE-2013-2566  CWE-310  Medium
Rails application running in development mode CWE-200  Medium
Rails controller possible sensitive information disclosure CWE-200  Medium
Reflected file download CWE-20  Medium
Reverse proxy bypass CVE-2011-3368  CWE-20  Medium
SMTP EXPN/VRFY verbs enabled CWE-16  Medium
SMTP open mail relay CWE-16  Medium
SNMP information disclosure CWE-16  Medium
SQLite database found CWE-538  Medium
SSL certificate common name invalid CWE-295  Medium
SSL certificate public key less than 2048 bit CWE-310  Medium
SSL weak ciphers CWE-310  Medium
Same origin method execution (SOME) CWE-20  Medium
Same site scripting CWE-16  Medium
SharePoint exposed web services CWE-200  Medium
Slow HTTP Denial of Service Attack Medium
Snoop Servlet information disclosure CVE-2012-2170  CWE-200  Medium
Source code disclosure CWE-538  Medium
Spring Boot Actuator CWE-16  Medium
Symfony web debug toolbar CWE-16  Medium
TLS1/SSLv3 Renegotiation Vulnerability Medium
The FREAK attack (export cipher suites supported) CVE-2015-0204  CWE-310  Medium
The POODLE attack (SSLv3 supported) CVE-2014-3566  CWE-16  Medium
Tornado debug mode CWE-16  Medium
URL redirection CWE-601  Medium
Unencrypted __VIEWSTATE parameter CWE-200  Medium
Universal Plug and Play service running CWE-287  Medium
User controllable charset CWE-20  Medium
User controllable tag parameter CWE-79  Medium
User credentials are sent in clear text CWE-310  Medium
User-controlled form action CWE-20  Medium
View state MAC disabled CWE-16  Medium
Virtual host directory listing CWE-538  Medium
Vulnerable Javascript library CWE-16  Medium
W3 total cache debug mode CWE-16  Medium
WS_FTP log file found CWE-538  Medium
Web Application Firewall detected CWE-16  Medium
WebDAV directory listing CWE-538  Medium
Webalizer script CWE-538  Medium
WordPress 3.4.2 cross site request forgery CVE-2012-4448  CWE-352  Medium
WordPress XML-RPC authentication brute force CWE-521  Medium
WordPress database credentials disclosure CWE-538  Medium
WordPress pingback scanner CVE-2013-0235  CWE-918  Medium
WordPress username enumeration CWE-200  Medium
XSS on Apache HTTP Server 413 error pages via malformed HTTP method CVE-2007-6203  CWE-79  Medium
You are using an old version of Typo3 CWE-16  Medium
apc.php page found CWE-538  Medium
elmah.axd information disclosure CWE-16  Medium
phpMyAdmin SQL dump CWE-538  Medium