Information Disclosure Vulnerabilities

Vulnerability Name CVE CWE Severity
.htaccess file readable CWE-16  Informational
ASP.NET MVC version disclosure CWE-200  Low
ASP.NET application trace enabled CWE-16  Medium
ASP.NET debugging enabled CWE-16  Low
ASP.NET diagnostic page CWE-200  Medium
ASP.NET error message CWE-200  Medium
ASP.NET padding oracle vulnerability CVE-2010-3332  CWE-310  High
ASP.NET path disclosure CWE-200  Low
ASP.NET version disclosure CWE-200  Low
AWStats script CWE-538  Medium
Access database found CWE-538  Medium
Adobe ColdFusion directory traversal CVE-2013-3336  CWE-22  High
Amazon S3 public bucket CWE-264  Medium
Apache 2.0.43 Win32 file reading vulnerability CVE-2003-0017  CWE-20  High
Apache 2.x version older than 2.0.48 CVE-2003-0542  CVE-2003-0789  CWE-119  Medium
Apache Axis2 administration console weak password CWE-200  High
Apache Axis2 information disclosure CWE-200  Medium
Apache Axis2 web services enumeration CWE-200  Low
Apache Solr endpoint CWE-16  Low
Apache Tomcat "allowLinking" on Case Insensitive Filesystems CWE-538  High
Apache Tomcat directory traversal CVE-2007-0450  CWE-22  Medium
Apache Tomcat examples directory vulnerabilities CWE-264  Medium
Apache Tomcat version older than 4.1.37 CVE-2005-3164  CVE-2007-1355  CVE-2007-2449  CVE-2007-2450  CVE-2007-3382  CVE-2007-3383  CVE-2007-3385  CVE-2007-5333  CVE-2007-5461  CWE-79  Medium
Apache Tomcat version older than 6.0.11 CVE-2005-2090  CVE-2007-1355  CWE-79  Medium
Apache Tomcat version older than 6.0.35 CVE-2011-3190  CVE-2011-3375  CVE-2012-0022  CWE-264  High
Apache Tomcat version older than 7.0.21 CVE-2011-3190  CWE-264  High
Apache httpOnly cookie disclosure CVE-2012-0053  CWE-264  Medium
Apache mod_negotiation filename bruteforcing CWE-538  Low
Apache perl-status enabled CWE-200  Medium
Apache server-info enabled CWE-200  Medium
Apache server-status enabled CWE-200  Medium
Apache solr service exposed CWE-16  High
Apache stronghold-info enabled CWE-200  Low
Apache stronghold-status enabled CWE-200  Low
Application error message CWE-200  Medium
Arbitrary file existence disclosure in Action Pack CVE-2014-7829  CWE-200  Medium
Backup files CWE-538  Medium
Bazaar repository found CWE-538  High
Bonjour service running CWE-16  Low
CVS web repository CWE-16  High
Chrome Logger information disclosure CWE-16  Medium
ColdFusion path disclosure CWE-200  Low
Configuration file disclosure CWE-538  High
Configuration file source code disclosure CWE-538  High
Core dump checker PHP script CWE-200  Medium
Core dump file CWE-200  High
Credit card number disclosed CWE-200  Medium
DNS cache snooping CWE-16  Medium
DNS zone transfer CVE-1999-0532  CWE-16  High
Database connection string disclosure CWE-200  Medium
Development configuration file CWE-538  Medium
Devise weak password CWE-200  High
Directory listing CWE-538  Medium
Django debug mode enabled CWE-200  Medium
Documentation file CWE-538  Low
Drupal 7 arbitrary PHP code execution and information disclosure CVE-2012-4553  CVE-2012-4554  CWE-264  High
Drupal Views module information disclosure vulnerability CWE-200  Medium
Elasticsearch service accessible CWE-16  High
Email address found CWE-200  Informational
Environment variable information disclosure CWE-200  Low
Error message CWE-200  Medium
Error message on page CWE-200  Medium
Error page path disclosure CWE-200  Low
Error page web server version disclosure CWE-200  Informational
FTP anonymous logins CWE-16  Low
FTP anonymous writable directories CWE-16  Medium
FTP weak password CWE-16  High
Fantastico fileslist CWE-538  Medium
Files listed in robots.txt but not linked CWE-200  Informational
Finger service running CWE-16  Medium
Frontpage authors.pwd available CWE-538  Medium
Frontpage extensions enabled CWE-16  Low
Full public read access Azure blob storage CWE-264  Medium
Git repository found CWE-538  High
GlassFish admin console weak credentials CWE-16  High
Global.asa backup file found CWE-538  Medium
HTML Form found in redirect page CWE-287  Low
IBM Web Content Manager XPath injection CVE-2013-6735  CWE-264  High
IBM WebSphere administration console weak password CWE-200  High
IBM WebSphere application source file exposure CWE-200  High
IMAP weak password CWE-16  High
Insecure transition from HTTP to HTTPS in form post CWE-200  Medium
Insecure transition from HTTPS to HTTP in form post CWE-200  Low
Internet Information Server returns IP address in HTTP header (Content-Location) CWE-200  Low
JBoss BSHDeployer MBean CWE-16  High
JBoss HttpAdaptor JMXInvokerServlet CWE-16  High
JBoss JMX Console Unrestricted Access CWE-16  High
JBoss JMX management console CWE-16  High
JBoss Seam remoting vulnerabilities CVE-2013-6447  CVE-2013-6448  CWE-611  High
JBoss Server MBean CWE-16  High
JBoss ServerInfo MBean CVE-2010-0738  CWE-16  High
JBoss Web Console JMX Invoker CWE-16  High
JBoss status servlet information leak CVE-2010-1429  CWE-200  Medium
JBoss web service console CWE-200  Low
JVM version leakage CWE-200  Low
Javascript eval() usage CWE-200  Informational
Jenkins dashboard CWE-200  Medium
JetBrains .idea project directory CWE-538  Medium
JetLeak vulnerability CVE-2015-2080  CWE-200  High
LDAP anonymous binds CWE-16  Medium
Macromedia Dreamweaver remote database scripts CVE-2004-1893  CWE-16  High
Magento Cacheleak CWE-200  High
MantisBT multiple security issues CVE-2014-9571  CVE-2014-9572  CVE-2014-9573  CVE-2014-9624  CVE-2015-1042  CWE-200  High
Mercurial repository found CWE-538  High
Microsoft Frontpage configuration information CWE-200  Informational
Microsoft IIS Server service.cnf file found CWE-538  Low
Microsoft IIS tilde directory enumeration CWE-20  High
Microsoft IIS version disclosure CWE-200  Informational
Microsoft IIS5 NTLM and Basic authentication bypass CVE-2007-2815  CWE-264  High
Microsoft Office possible sensitive information CWE-200  Informational
Microsoft SQL Server weak password CWE-16  High
Minify arbitrary file disclosure CVE-2013-6619  CWE-538  High
MongoDB HTTP status interface CWE-16  Medium
Multiple vulnerabilities in Ioncube loader-wizard.php CWE-16  High
MySQL Server weak password CWE-16  High
MySQL connection credentials CWE-538  High
MySQL database dump CWE-538  Medium
MySQL username disclosure CWE-538  Low
Nginx memory disclosure with specially crafted HTTP backend responses CVE-2012-1180  CWE-399  High
Open X11 server CWE-16  High
Oracle Database Listener has no password CWE-16  High
Oracle JavaServer Faces multiple vulnerabilities CVE-2013-3827  CWE-22  High
Oracle applications logs publicy available CWE-200  Medium
PHP curl_exec() url is controlled by user CVE-2009-0037  CWE-352  Medium
PHP errors enabled CWE-16  Medium
PHP-CGI remote code execution CVE-2012-1823  CWE-20  High
PHP-CGI remote code execution CVE-2012-1823  CVE-2012-2311  CWE-20  High
PHP.exe Windows CGI for Apache may let remote users view files on the server CVE-2002-2029  CWE-16  Low
PHPinfo page CWE-200  Medium
PHPinfo page found CWE-200  Medium
POP3 weak password CWE-16  High
Padding oracle attack CWE-209  High
Password field submitted using GET method CWE-200  Medium
Password type input with auto-complete enabled CWE-200  Informational
Possible SQL Statement in comment CWE-200  Low
Possible database backup CWE-538  High
Possible debug parameter found CWE-200  Medium
Possible internal IP address disclosure CWE-200  Informational
Possible remote SWF inclusion CVE-2007-6244  CVE-2007-6637  CWE-79  Medium
Possible sensitive directories CWE-200  Low
Possible sensitive files CWE-200  Low
Possible server path disclosure (Unix) CWE-200  Informational
Possible server path disclosure (Windows) CWE-200  Informational
Possible social security number disclosed CWE-200  Medium
Possible username or password disclosure CWE-200  Informational
Possible virtual host found CWE-200  Low
PostgreSQL weak password CWE-16  High
Public key certificate CWE-200  Low
RSA private key CWE-200  High
Rails controller possible sensitive information disclosure CWE-200  Medium
Reachable SharePoint interface CWE-16  High
Rlogin service running CWE-16  Low
Rsh service running CWE-16  Low
Ruby on Rails database configuration file CWE-538  High
Ruby on Rails database connection file CWE-538  High
SFTP/FTP credentials exposure CWE-200  High
SMB list shares CWE-16  Low
SMB null session CWE-16  Low
SNMP information disclosure CWE-16  Medium
SQLite database found CWE-538  Medium
SSH weak password CWE-16  High
SVN repository found CWE-538  High
Script source code disclosure CWE-538  High
Sensitive data not encrypted CWE-200  Low
Sensitive page could be cached CWE-200  Low
Session token in URL CWE-200  Low
SharePoint exposed web services CWE-200  Medium
SharePoint user enumeration CWE-200  High
Snoop Servlet information disclosure CVE-2012-2170  CWE-200  Medium
Socks weak password CWE-16  High
Solaris in.fingerd information disclosure vulnerability CVE-2001-1503  CWE-16  High
Source code disclosure CWE-538  Medium
Suspicious comment CWE-200  Informational
Sybase server weak password CWE-307  High
Symfony web debug toolbar CWE-16  Medium
Telnet service running CWE-16  Low
Telnet weak password CWE-307  High
The Heartbleed Bug CVE-2014-0160  CWE-200  High
Tomcat status page CWE-200  Low
Trojan horse detected CWE-507  High
Unencrypted __VIEWSTATE parameter CWE-200  Medium
Unprotected phpMyAdmin interface CWE-16  High
Virtual host directory listing CWE-538  Medium
W3 total cache debug mode CWE-16  Medium
WS_FTP log file found CWE-538  Medium
Weak password CWE-200  High
Web server default welcome page CWE-16  Informational
WebDAV directory listing CWE-538  Medium
WebLogic admin console weak credentials CWE-16  High
Webalizer script CWE-538  Medium
Webmail weak password CWE-200  High
WordPress W3 Total Cache plugin predictable cache filenames CVE-2012-6077  CVE-2012-6078  CVE-2012-6079  CWE-200  High
WordPress database credentials disclosure CWE-538  Medium
WordPress debug mode CWE-200  High
WordPress full path disclosure CWE-200  Low
WordPress pingback scanner CVE-2013-0235  CWE-918  Medium
WordPress username enumeration CWE-200  Medium
X-Forwarded-For HTTP header security bypass CWE-287  High
XML external entity injection CWE-611  High
XML external entity injection and XML injection CWE-611  High
Zend Framework local file disclosure via XXE injection CVE-2012-3363  CWE-611  High
Zend framework configuration file information disclosure CWE-538  High
apc.php page found CWE-538  Medium
elmah.axd information disclosure CWE-16  Medium
phpMyAdmin SQL dump CWE-538  Medium
vBulletin customer number disclosure CVE-2013-6129  CWE-264  High
web.xml configuration file disclosure CWE-538  High
webadmin.php script CWE-16  High