Vulnerability Name CVE Severity
Password found in server response
Payara Micro File Read (CVE-2021-41381) CVE-2021-41381
PHP-CS-Fixer cache file publicly accessible (.php_cs.cache)
PHP-FPM Status Page
PHP4 IMAP module buffer overflow vulnerability
PHP 4.3.0 file disclosure and possible code execution CVE-2003-0097
PHP allow_url_fopen enabled
PHP allow_url_include enabled
PHP Console addon enabled
PHP curl_exec() url is controlled by user CVE-2009-0037
PHP Debug Bar enabled
PHP enable_dl enabled
PHP errors enabled
PHP errors enabled
PHP eval() used on user input
Phpfastcache phpinfo publicly accessible (CVE-2021-37704) CVE-2021-37704
PHP hangs on parsing particular strings as floating point number CVE-2010-4645
PHP HTTP POST incorrect MIME header parsing vulnerability CVE-2002-0717
PHPinfo page
PHPinfo pages
PHP mail function ASCII control character header spoofing vulnerability CVE-2002-0986
PHP multipart/form-data denial of service CVE-2009-4017
PHP object deserialization of user-supplied data
PHP opcache-gui publicly accessible
PHP opcache-status page publicly accessible
PHP open_basedir is not set
PHP open_basedir is not set
PHP preg_replace used on user input
PHP register_globals enabled
PHP session.use_only_cookies disabled
PHP session.use_trans_sid enabled
PHP session.use_trans_sid enabled
PHP socket_iovec_alloc() integer overflow CVE-2003-0172
PHP super-globals-overwrite
PHP undefined Safe_Mode_Include_Dir safemode bypass vulnerability CVE-2003-0863
PHP unserialize() used on user input
PHP unspecified remote arbitrary file upload vulnerability CVE-2004-0959
PHP upload arbitrary file disclosure vulnerability CVE-2000-0860
PHP version older than 4.3.8 CVE-2004-0594 CVE-2004-0595
Play framework weak secret key
Possible social security number disclosed
Pyramid debug mode
Pyramid DebugToolbar enabled
Pyramid framework weak secret key
Python object deserialization of user-supplied data
Python web application source code disclosure
rack-mini-profiler environment variables disclosure
Rails application running in development mode
Rails controller possible sensitive information disclosure
Redis Unauthorized Access Vulnerability
Reverse proxy bypass CVE-2011-3368
Reverse proxy misrouting through HTTP/2 pseudo-headers (SSRF)
Ruby web application source code disclosure
Same origin method execution (SOME)
Same site scripting
SAP BO BIP SSRF (CVE-2020-6308)
SAP ICF /sap/public/info sensitive information disclosure
SAP ICF URL redirection Vulnerability
SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability
SAP NetWeaver server info information disclosure
SAP NetWeaver server info information disclosure BCB
Secrets leakage
Server-based source code disclosures
SharePoint exposed web services
SharePoint Reflected Cross-Site Scripting (CVE-2017-8514) CVE-2017-8514
Sonicwall SMA 100 Unintended proxy (CVE-2021-20042)
Source code disclosures
Spring Boot Actuator
Spring Boot Actuator v2
Spring Boot Misconfiguration: Actuator endpoint security disabled
Spring Boot Misconfiguration: Admin MBean enabled
Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed
Spring Boot Misconfiguration: Datasource credentials stored in the properties file
Spring Boot Misconfiguration: Developer tools enabled on production
Spring Boot Misconfiguration: H2 console enabled