Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Citrix Gateway Open Redirect And XSS Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Apache 2.x version older than 2.2.3 CVE-2006-3747 CWE-189 CWE-189 Medium Apache Solr SSRF CVE-2017-3164 CWE-918 CWE-918 Medium Hashicorp Consul API is accessible without authentication CWE-200 CWE-200 Medium Liferay version older than 7.1 CWE-918 CWE-918 Medium Liferay XMLRPC Blind SSRF CWE-918 CWE-918 Medium PHP4 IMAP module buffer overflow vulnerability CWE-119 CWE-119 Medium PHP 4.3.0 file disclosure and possible code execution CVE-2003-0097 CWE-20 CWE-20 Medium PHP curl_exec() url is controlled by user CVE-2009-0037 CWE-352 CWE-352 Medium PHP eval() used on user input CWE-95 CWE-95 Medium PHP HTTP POST incorrect MIME header parsing vulnerability CVE-2002-0717 CWE-20 CWE-20 Medium PHP object deserialization of user-supplied data CWE-20 CWE-20 Medium PHP preg_replace used on user input CWE-20 CWE-20 Medium PHP unserialize() used on user input CWE-20 CWE-20 Medium PHP version older than 4.3.8 CVE-2004-0594 CVE-2004-0595 CWE-1104 CWE-1104 Medium Python object deserialization of user-supplied data CWE-20 CWE-20 Medium Array CWE-20 CWE-20