Vulnerability Name CVE Severity
.htaccess file readable
Adobe ColdFusion 9 administrative login bypass CVE-2013-0625 CVE-2013-0629 CVE-2013-0631 CVE-2013-0632
Adobe Experience Manager Information Disclosure via Apache Sling v2.3.6 vulnerability CVE-2016-0956
Adobe Experience Manager Misconfiguration CVE-2016-0957
Apache Axis2 administration console weak password
Apache Cassandra Unauthorized Access Vulnerability
Apache configured to run as proxy
Apache Geronimo default administrative credentials
Apache JServ protocol service
Apache Kafka Unauthorized Access Vulnerability
Apache mod_negotiation filename bruteforcing
Apache perl-status enabled
Apache Proxy HTTP CONNECT method enabled
Apache REST RCE CVE-2018-11770
Apache Roller OGNL injection CVE-2013-4212
Apache server-info enabled
Apache server-status enabled
Apache Solr endpoint
Apache solr service exposed
Apache Spark Master Unauthorized Access Vulnerability
Apache Spark Web UI Unauthorized Access Vulnerability
Apache stronghold-info enabled
Apache stronghold-status enabled
Apache Tapestry weak secret key
Apache Tomcat examples directory vulnerabilities
Apache Tomcat insecure default administrative password
Apache Tomcat version older than 6.0.35 CVE-2011-3190 CVE-2011-3375 CVE-2012-0022
Apache Tomcat version older than 6.0.36 CVE-2012-2733 CVE-2012-3439 CVE-2012-3546 CVE-2012-4431 CVE-2012-4534
Apache Tomcat version older than 7.0.21 CVE-2011-3190
Apache Tomcat version older than 7.0.23 CVE-2012-0022
Apache Tomcat version older than 7.0.28 CVE-2012-2733 CVE-2012-4534
Apache Tomcat version older than 7.0.30 CVE-2012-3439 CVE-2012-3544 CVE-2012-3546
Apache Tomcat version older than 7.0.32 CVE-2012-4431
Apache ZooKeeper Unauthorized Access Vulnerability
ASP.NET: failure to require SSL for authentication cookies
ASP.NET application-level tracing enabled
ASP.NET application trace enabled
ASP.NET ASPX debugging enabled
ASP.NET cookieless authentication enabled
ASP.NET Cookieless session state enabled
ASP.NET cookies accessible from client-side scripts
ASP.NET custom errors disabled
ASP.NET debugging enabled
ASP.NET diagnostic page
ASP.NET EnableViewStateMac turned off
ASP.NET error message
ASP.NET login credentials stored in plain text
ASP.NET ValidateRequest globally disabled
ASP.NET ViewStateUserKey not set
AWStats script
BottlePy weak secret key
Broken Link Hijacking
Chrome Logger information disclosure
CodeIgniter session decoding vulnerability
CodeIgniter weak encryption key
ColdFusion administrator login page publicly available
ColdFusion RDS Service enabled
Content Security Policy (CSP) not implemented
Content type is not specified
Cookie signed with weak secret key
Cookies with missing, inconsistent or contradictory properties
Cookies without HttpOnly flag set
Cookies without Secure flag set
Cookies with Secure flag set over insecure connection
Core dump file
CouchDB REST API publicly accessible
CRIME SSL/TLS attack CVE-2012-4929
Cross domain data hijacking
Devise weak password
Directory listings
Django weak secret key
Docker Engine API is accessible without authentication
Docker Registry API is accessible without authentication
Elasticsearch service accessible
elmah.axd information disclosure
Error page path disclosure
Error page web server version disclosure
Express cookie-session weak secret key
Express express-session weak secret key
File uploads
Firebase database accessible without authentication
Flask weak secret key
Frontpage authors.pwd available
Frontpage extensions enabled
GlassFish admin console weak credentials
Grails database console
H2 console publicly accessible
Hadoop cluster web interface
Hadoop YARN ResourceManager publicly accessible
Hostile subdomain takeover
HTTP header reflected in cached response
Httpoxy vulnerability
HTTP verb tampering
HTTP verb tampering via POST
IBM WebSphere administration console weak password
IIS extended unicode directory traversal vulnerability CVE-2000-0884
Insecure clientaccesspolicy.xml file
Insecure crossdomain.xml file
Insecure Flash embed parameter
Internet Information Server returns IP address in HTTP header (Content-Location)
JAAS authentication bypass
Java Debug Wire Protocol remote code execution
Java Management Extensions (JMX/RMI) service detected
JavaMelody publicly accessible
JBoss BSHDeployer MBean
JBoss HttpAdaptor JMXInvokerServlet
JBoss JMX Console Unrestricted Access
JBoss JMX management console
JBoss ServerInfo MBean CVE-2010-0738
JBoss Server MBean
JBoss Web Console JMX Invoker
Jenkins weak password
Jetpack 2.9.3: Critical Security Update CVE-2014-0173
JIRA Security Advisory 2013-02-21
Joomla! 3.2.1 sql injection
Joomla! Core Security Bypass CVE-2017-11364
Joomla 1.5 end of life
JSF ViewState client side storage
Jupyter Notebook publicly accessible
JWT none algorithm
JWT weak secret key
Login page password-guessing attack
Magento Cacheleak
MediaWiki remote code execution CVE-2014-1610
Memcached Unauthorized Access Vulnerability
Microsoft Frontpage configuration information
Microsoft IIS5 NTLM and Basic authentication bypass CVE-2007-2815
Microsoft IIS WebDAV authentication bypass CVE-2009-1535
Mojolicious weak secret key
MovableType remote code execution CVE-2015-1592
Multiple vulnerabilities fixed in PHP versions 5.5.12 and 5.4.28 CVE-2014-0185
Multiple vulnerabilities in Ioncube loader-wizard.php
MySQL utf8 4-byte truncation
Nginx PHP code execution via FastCGI
nginx SPDY heap buffer overflow CVE-2014-0133
Oracle applications logs publicy available
Oracle PeopleSoft SSO weak secret key
OSGi Management Console Default Credentials
Padding oracle attack
PHP allow_url_fopen enabled
PHP allow_url_fopen enabled
PHP allow_url_include enabled
PHP allow_url_include enabled
PHP enable_dl enabled
PHP errors enabled
PHP errors enabled
PHP magic_quotes_gpc is disabled
PHP open_basedir is not set
PHP open_basedir is not set
PHP register_globals enabled
PHP register_globals enabled
PHP session.use_only_cookies disabled
PHP session.use_trans_sid enabled
PHP session.use_trans_sid enabled
Pyramid debug mode
Rails application running in development mode
Reachable SharePoint interface
Redis Unauthorized Access Vulnerability
Reverse proxy detected
Roundcube security updates 0.8.6 and 0.7.3 CVE-2013-1904
Ruby framework weak secret key
Ruby on Rails database configuration file
Ruby on Rails weak/known secret token CVE-2013-0156
Same site scripting
SAP ICF /sap/public/info sensitive information disclosure
SAP Knowledge Management and Collaboration (KMC) incorrect permissions
SAP Management Console get user list
SAP Management Console list logfiles
SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability
SAP NetWeaver server info information disclosure
SAP NetWeaver server info information disclosure BCB
SAP weak/predictable user credentials
Session cookies scoped to parent domain
SharePoint exposed web services
SharePoint user enumeration
Spring Boot Actuator
Spring Boot Actuator v2
SSL 2.0 deprecated protocol
SSL 3.0 deprecated protocol
Struts 2 development mode
Subresource Integrity (SRI) not implemented
Symfony web debug toolbar
The DROWN attack (SSLv2 supported) CVE-2016-0800
The FREAK attack CVE-2015-0204
The Heartbleed Bug CVE-2014-0160
The POODLE attack (SSLv3 with CBC cipher suites) CVE-2014-3566
TLS/SSL (EC)DHE Key Reuse
TLS/SSL certificate about to expire
TLS/SSL certificate invalid date
TLS/SSL certificate key size too small
TLS/SSL LOGJAM attack CVE-2015-4000
TLS/SSL Sweet32 attack CVE-2016-2183 CVE-2016-6329
TLS/SSL Weak Cipher Suites
TLS 1.0 enabled
TLS 1.1 enabled
Tomcat status page
Tornado debug mode
Tornado weak secret key
TRACE method is enabled
TRACK method is enabled
Unicode transformation issues
Unprotected phpMyAdmin interface
Vulnerable project dependencies
W3 total cache debug mode
Weak password
Web2py weak secret key
Webalizer script
Web application default/weak credentials
Web Application Firewall detected
Web Cache Poisoning
Web Cache Poisoning via Fat GET Request
Web Cache Poisoning via Host Header
Web Cache Poisoning via JSONP and UTM_ parameter
Web Cache Poisoning via POST Request
Web Cache Poisoning via semicolon query separator
WebDAV directory listing
WebDAV Directory with write permissions
WebDAV enabled
WebDAV remote code execution
WebLogic admin console weak credentials
Webmail weak password
Web server default welcome page
WordPress admin accessible without HTTP authentication
WordPress default administrator account
WordPress readme.html file
WordPress user registration enabled
Xdebug remote code execution via xdebug.remote_connect_back
XML entity injection
XML external entity injection
XML external entity injection (variant)
XML external entity injection and XML injection
XML external entity injection via external file
XML external entity injection via File Upload
Yii2 debug toolkit
Yii2 Gii extension
Yii2 weak secret key