Vulnerability Name CVE Severity
Atlassian Confluence Access Restriction Bypass CVE-2017-9505
Atlassian Confluence Stored Cross Site Scripting CVE-2016-6283
AWStats script
Backup files
Basic authentication over HTTP
Bitrix server test script publicly accessible
BREACH attack CVE-2013-3587
Chargen service running
Chrome Logger information disclosure
ColdFusion Request Debugging information disclosure
ColdFusion Robust Exception enabled
Cookie signed with weak secret key
Core dump checker PHP script
Credit card number disclosed
CRIME SSL/TLS attack CVE-2012-4929
CRLF injection/HTTP response splitting
CRLF injection/HTTP response splitting (Web Server)
Cross-Site Request Forgery (CSRF) (CMS Made Simple) CVE-2016-7904
Cross domain data hijacking
Cross frame scripting
Cross Site Scripting (Category Description) (CMS Made Simple) CVE-2017-6555
Cross site scripting (content-sniffing)
Cross Site Scripting (globalmetadata) (CMS Made Simple) CVE-2017-6556
Database connection string disclosure
Development configuration file
Directory listing
Django debug mode enabled
Django weak secret key
DNS cache snooping
DNS open recursion
Drupal Views module information disclosure vulnerability
Echo service running
elmah.axd information disclosure
Error message
Error message on page
Express cookie-session weak secret key
FCKeditor arbitrary file upload CVE-2009-2265
File tampering
Finger service running
Firebase database accessible without authentication
Flask weak secret key
Folder backup
Frontpage authors.pwd available
FTP anonymous writable directories
Full public read access Azure blob storage
Global.asa backup file found
Golang runtime profiling data
Grails database console
Header-Based Authentication Bypass CVE-2017-6555
Host header attack
HTML form susceptible to spam
HTML injection
Httpoxy vulnerability
HTTP parameter pollution
HTTPS connection is using SSL version 2
HTTPS connection uses outdated TLS version
HTTPS connection with weak key length
Insecure clientaccesspolicy.xml file
Insecure crossdomain.xml file
Insecure transition from HTTP to HTTPS in form post
Java Management Extensions (JMX/RMI) service detected
JavaMelody publicly accessible
Java object deserialization of user-supplied data
JBoss status servlet information leak CVE-2010-1429
Jenkins dashboard
JetBrains .idea project directory
JSF ViewState client side storage
JSONP enabled by default in MappingJackson2JsonView CVE-2018-11040
JWT none algorithm
JWT weak secret key
Laravel log file publicly accessible
LDAP anonymous binds
Liferay version older than 7.0
Liferay version older than 7.1
Liferay XMLRPC Blind SSRF