Severity High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Spring Boot Misconfiguration: MongoDB credentials stored in the properties file CWE-16 CWE-16 Medium Spring Boot Misconfiguration: Overly long session timeout CWE-16 CWE-16 Medium Spring Boot Misconfiguration: Unsafe value for session tracking CWE-16 CWE-16 Medium Spring Misconfiguration: HTML Escaping disabled CWE-16 CWE-16 Medium SQLite database found CWE-538 CWE-538 Medium Struts 2 Config Browser plugin enabled CWE-16 CWE-16 Medium Symfony debug mode enabled (AcuSensor) CWE-16 CWE-16 Medium Symfony Profiler open CWE-200 CWE-200 Medium Symfony running in dev mode CWE-16 CWE-16 Medium Symfony web debug toolbar CWE-489 CWE-489 Medium Test CGI script leaking environment variables Medium The FREAK attack CVE-2015-0204 CWE-310 CWE-310 Medium The POODLE attack (SSLv3 with CBC cipher suites) CVE-2014-3566 CWE-326 CWE-326 Medium TLS/SSL certificate key size too small CWE-310 CWE-310 Medium TLS/SSL LOGJAM attack CVE-2015-4000 CWE-310 CWE-310 Medium TLS/SSL Sweet32 attack CVE-2016-2183 CVE-2016-6329 CWE-310 CWE-310 Medium TLS/SSL Weak Cipher Suites CWE-310 CWE-310 Medium TLS 1.1 enabled CWE-326 CWE-326 Medium Tornado debug mode CWE-489 CWE-489 Medium Tornado weak secret key CWE-693 CWE-693 Medium Tracy debugging tool enabled CWE-200 CWE-200 Medium Typo3 Install Tool publicly accessible CWE-200 CWE-200 Medium Unauthorized Access to a web app installer CWE-200 CWE-200 Medium Unencrypted connection CWE-319 CWE-319 Medium Unencrypted __VIEWSTATE parameter CWE-200 CWE-200 Medium Unicode transformation issues CWE-176 CWE-176 Medium Unprotected Apache NiFi API interface CWE-287 CWE-287 Medium Unprotected JSON file leaking secrets CWE-200 CWE-200 Medium Unprotected Kong Gateway Admin API interface CWE-287 CWE-287 Medium Unrestricted access to NGINX+ API interface (read only) CWE-200 CWE-200 Medium Unrestricted access to NGINX+ Dashboard CWE-200 CWE-200 Medium Unrestricted access to NGINX+ Upstream HTTP interface CWE-200 CWE-200 Medium Unsafe value for session tracking in in servlet configuration CWE-16 CWE-16 Medium URL redirection CWE-601 CWE-601 Medium URL redirection (Web Server) CWE-601 CWE-601 Medium URL rewrite vulnerability CWE-436 CWE-436 Medium User-controlled form action CWE-20 CWE-20 Medium User controllable charset CWE-20 CWE-20 Medium User controllable tag parameter CWE-79 CWE-79 Medium User credentials are sent in clear text CWE-523 CWE-523 Medium Verb tampering via misconfigured security constraint CWE-16 CWE-16 Medium Virtual host directory listing CWE-538 CWE-538 Medium Vulnerable JavaScript libraries CWE-937 CWE-937 Medium Vulnerable package dependencies [medium] CWE-1104 CWE-1104 Medium W3 total cache debug mode CWE-489 CWE-489 Medium Web2py weak secret key CWE-693 CWE-693 Medium Webalizer script CWE-538 CWE-538 Medium Web Cache Poisoning DoS CWE-400 CWE-400 Medium Web Cache Poisoning DoS (for javascript) CWE-400 CWE-400 Medium Web Cache Poisoning DoS through HTTP/2 headers CWE-400 CWE-400 Medium WebDAV directory listing CWE-538 CWE-538 Medium WebPageTest Unauthorized Access Vulnerability CWE-200 CWE-200 Medium WordPress allows editing theme/plugin files CWE-16 CWE-16 Medium WordPress configuration file weak file permissions CWE-16 CWE-16 Medium WordPress database credentials disclosure CWE-538 CWE-538 Medium WordPress pingback scanner CVE-2013-0235 CWE-918 CWE-918 Medium WordPress username enumeration CWE-200 CWE-200 Medium WordPress XML-RPC authentication brute force CWE-521 CWE-521 Medium WS_FTP log file found CWE-538 CWE-538 Medium XSS on Apache HTTP Server 413 error pages via malformed HTTP method CVE-2007-6203 CWE-79 CWE-79 Medium Yii2 debug toolkit CWE-200 CWE-200 Medium Yii2 Gii extension CWE-200 CWE-200 Medium Yii2 weak secret key CWE-693 CWE-693 Medium Yii debug mode enabled CWE-16 CWE-16 Medium Yii running in dev mode CWE-16 CWE-16 Medium Zabbix Guest Access CWE-200 CWE-200 Medium 12345 5 / 5
