Acunetix Web Vulnerabilities Index

Vulnerability Name CVE CWE Severity
BREACH attack CVE-2013-3587 CWE-310 Medium
Chargen service running CWE-16 Medium
Chrome Logger information disclosure CWE-16 Medium
ColdFusion Request Debugging information disclosure CWE-200 Medium
ColdFusion Robust Exception enabled CWE-200 Medium
Core dump checker PHP script CWE-200 Medium
Credit card number disclosed CWE-200 Medium
CRIME SSL/TLS attack CVE-2012-4929 CWE-310 Medium
CRLF injection/HTTP response splitting CWE-113 Medium
CRLF injection/HTTP response splitting (Web Server) CWE-113 Medium
Cross-Site Request Forgery (CSRF) (CMS Made Simple) CVE-2016-7904 CWE-352 Medium
Cross domain data hijacking CWE-20 Medium
Cross frame scripting CWE-79 Medium
Cross Site Scripting (Category Description) (CMS Made Simple) CVE-2017-6555 CWE-79 Medium
Cross site scripting (content-sniffing) CWE-79 Medium
Cross Site Scripting (globalmetadata) (CMS Made Simple) CVE-2017-6556 CWE-79 Medium
Database connection string disclosure CWE-200 Medium
Development configuration file CWE-538 Medium
Directory listing CWE-538 Medium
Django debug mode enabled CWE-200 Medium
DNS cache snooping CWE-16 Medium
DNS open recursion CWE-16 Medium
Drupal Views module information disclosure vulnerability CWE-200 Medium
Echo service running CWE-16 Medium
elmah.axd information disclosure CWE-16 Medium
Error message CWE-200 Medium
Error message on page CWE-200 Medium
FCKeditor arbitrary file upload CVE-2009-2265 CWE-22 Medium
File tampering CWE-20 Medium
Finger service running CWE-16 Medium
Firebase database accessible without authentication CWE-200 Medium
Frontpage authors.pwd available CWE-538 Medium
FTP anonymous writable directories CWE-16 Medium
Full public read access Azure blob storage CWE-264 Medium
Global.asa backup file found CWE-538 Medium
Grails database console CWE-16 Medium
Host header attack CWE-20 Medium
HTML form susceptible to spam CWE-20 Medium
HTML form without CSRF protection CWE-352 Medium
HTML injection CWE-80 Medium
Httpoxy vulnerability CWE-16 Medium
HTTP parameter pollution CWE-88 Medium
HTTPS connection is using SSL version 2 CWE-310 Medium
HTTPS connection with weak key length CWE-310 Medium
Insecure clientaccesspolicy.xml file CWE-16 Medium
Insecure crossdomain.xml file CWE-284 Medium
Insecure transition from HTTP to HTTPS in form post CWE-200 Medium
Java Management Extensions (JMX/RMI) service detected CWE-16 Medium
JavaMelody publicly accessible CWE-200 Medium
Java object deserialization of user-supplied data CWE-20 Medium
JBoss status servlet information leak CVE-2010-1429 CWE-200 Medium
Jenkins dashboard CWE-200 Medium
JetBrains .idea project directory CWE-538 Medium
JSF ViewState client side storage CWE-16 Medium
JSONP enabled by default in MappingJackson2JsonView CVE-2018-11040 CWE-538 Medium
Laravel log file publicly accessible CWE-538 Medium
LDAP anonymous binds CWE-16 Medium
Liferay version older than 7.0 CWE-502 Medium
Liferay version older than 7.1 CWE-918 Medium
Local File Inclusion (CMS Made Simple) CWE-94 Medium
Microsoft SQL Server weak password encryption vulnerability CVE-2000-0199 CWE-310 Medium
MongoDB HTTP status interface CWE-16 Medium
Multiple vulnerabilities fixed in PHP versions 5.5.12 and 5.4.28 CVE-2014-0185 CWE-16 Medium
MySQL database dump CWE-538 Medium
MySQL utf8 4-byte truncation CWE-16 Medium
NGINX range filter integer overflow CVE-2017-7529 CWE-200 Medium
Nginx Redirect Header Injection CWE-93 Medium
Node.js web application source code disclosure CWE-540 Medium
npm log file publicly accessible (npm-debug.log) CWE-200 Medium
Open proxy server CWE-16 Medium
Open SOCKS server CWE-16 Medium
Oracle applications logs publicy available CWE-200 Medium
Partial user controllable script source CWE-20 Medium
Password field submitted using GET method CWE-200 Medium
PHP-CS-Fixer cache file publicly accessible (.php_cs.cache) CWE-200 Medium