Information Disclosure - Vulnerabilities

Vulnerability Name	CVE	CWE	Severity
.htaccess file readable		CWE-16	Medium
Access database found		CWE-538	Medium
Adobe ColdFusion directory traversal	CVE-2013-3336	CWE-22	High
Amazon S3 public bucket		CWE-264	Medium
Amazon S3 publicly writable bucket		CWE-264	High
Apache 2.0.43 Win32 file reading vulnerability	CVE-2003-0017	CWE-20	High
Apache 2.x version older than 2.0.48	CVE-2003-0542 CVE-2003-0789	CWE-119	Medium
Apache Axis2 administration console weak password		CWE-200	High
Apache Axis2 information disclosure		CWE-200	Medium
Apache Axis2 web services enumeration		CWE-200	Low
Apache httpOnly cookie disclosure	CVE-2012-0053	CWE-264	Medium
Apache mod_negotiation filename bruteforcing		CWE-538	Low
Apache perl-status enabled		CWE-200	Medium
Apache server-info enabled		CWE-200	Medium
Apache server-status enabled		CWE-200	Medium
Apache Solr endpoint		CWE-16	Low
Apache solr service exposed		CWE-16	High
Apache stronghold-info enabled		CWE-200	Low
Apache stronghold-status enabled		CWE-200	Low
Apache Tomcat "allowLinking" on Case Insensitive Filesystems		CWE-538	High
Apache Tomcat directory traversal	CVE-2007-0450	CWE-22	Medium
Apache Tomcat examples directory vulnerabilities		CWE-264	Medium
Apache Tomcat Information Disclosure	CVE-2017-12616	CWE-200	High
Apache Tomcat version older than 4.1.37	CVE-2005-3164 CVE-2007-1355 CVE-2007-2449 CVE-2007-2450 CVE-2007-3382 CVE-2007-3383 CVE-2007-3385 CVE-2007-5333 CVE-2007-5461	CWE-79	Medium
Apache Tomcat version older than 6.0.11	CVE-2005-2090 CVE-2007-1355	CWE-79	Medium
Apache Tomcat version older than 6.0.35	CVE-2011-3190 CVE-2011-3375 CVE-2012-0022	CWE-264	High
Apache Tomcat version older than 7.0.21	CVE-2011-3190	CWE-264	High
apc.php page found		CWE-538	Medium
Application error message		CWE-200	Medium
Arbitrary file existence disclosure in Action Pack	CVE-2014-7829	CWE-200	Medium
ASP.NET application trace enabled		CWE-16	Medium
ASP.NET custom errors disabled (AcuSensor)		CWE-16	Medium
ASP.NET debugging enabled		CWE-16	Low
ASP.NET diagnostic page		CWE-200	Medium
ASP.NET error message		CWE-16	Medium
ASP.NET MVC version disclosure		CWE-200	Low
ASP.NET padding oracle vulnerability	CVE-2010-3332	CWE-310	High
ASP.NET path disclosure		CWE-200	Low
ASP.NET version disclosure		CWE-200	Low
Atlassian Confluence Access Restriction Bypass	CVE-2017-9505		Medium
Atlassian Confluence information disclosure	CVE-2017-7415		High
Atlassian Confluence Stored Cross Site Scripting	CVE-2016-6283		Medium
Atlassian Jira Manage Filters information disclosure		CWE-200	Low
AWStats script		CWE-538	Medium
Backup files		CWE-538	Medium
Backup files		CWE-538	Medium
Bazaar repository found		CWE-538	High
Bonjour service running		CWE-16	Low
Chrome Logger information disclosure		CWE-16	Medium
ColdFusion path disclosure		CWE-200	Low
ColdFusion Request Debugging information disclosure		CWE-200	Medium
ColdFusion Robust Exception enabled		CWE-200	Medium
Configuration file disclosure		CWE-538	High
Configuration file source code disclosure		CWE-538	High
Core dump checker PHP script		CWE-200	Medium
Core dump file		CWE-200	High
Credit card number disclosed		CWE-200	Medium
CVS web repository		CWE-16	High
Database connection string disclosure		CWE-200	Medium
Development configuration file		CWE-538	Medium
Devise weak password		CWE-200	High
Directory listing		CWE-538	Medium
Django debug mode enabled		CWE-200	Medium
DNS cache snooping		CWE-16	Medium
DNS zone transfer	CVE-1999-0532	CWE-16	High
Documentation file		CWE-538	Low
Dotenv .env file		CWE-538	High
Drupal 7 arbitrary PHP code execution and information disclosure	CVE-2012-4553 CVE-2012-4554	CWE-264	High
Drupal Backup Migrate directory publicly accessible		CWE-538	High
Drupal Core 5.x Information Disclosure (5.0 - 5.18)	CVE-2009-2374	CWE-200	High
Drupal Core 6.x Information Disclosure (6.0 - 6.30)	CVE-2014-2983	CWE-200	High
Drupal Core 7.x Information Disclosure (7.0 - 7.14)	CVE-2012-2922	CWE-200	High
Drupal Core 7.x Information Disclosure (7.0 - 7.26)	CVE-2014-2983	CWE-200	High
Drupal Views module information disclosure vulnerability		CWE-200	Medium
Elasticsearch service accessible		CWE-16	High
elmah.axd information disclosure		CWE-16	Medium
Email address found		CWE-200	Informational
Environment variable information disclosure		CWE-200	Low
Error message		CWE-200	Medium
Error message on page		CWE-200	Medium
Error page path disclosure		CWE-200	Low
Error page web server version disclosure		CWE-200	Informational
Files listed in robots.txt but not linked		CWE-200	Informational
Finger service running		CWE-16	Medium
Frontpage authors.pwd available		CWE-538	Medium
Frontpage extensions enabled		CWE-16	Low
FTP anonymous logins		CWE-16	Low
FTP anonymous writable directories		CWE-16	Medium
FTP weak password		CWE-16	High
Full public read access Azure blob storage		CWE-264	Medium
Git repository found		CWE-538	High
GlassFish admin console weak credentials		CWE-16	High
Global.asa backup file found		CWE-538	Medium
HTML Form found in redirect page		CWE-287	Low
IBM Web Content Manager XPath injection	CVE-2013-6735	CWE-264	High
IBM WebSphere/WebLogic application source file exposure		CWE-200	High
IBM WebSphere administration console weak password		CWE-200	High
IMAP weak password		CWE-16	High
Insecure transition from HTTPS to HTTP in form post		CWE-200	Low
Insecure transition from HTTP to HTTPS in form post		CWE-200	Medium
Internet Information Server returns IP address in HTTP header (Content-Location)		CWE-200	Low
Javascript eval() usage		CWE-200	Informational
JBoss BSHDeployer MBean		CWE-16	High
JBoss HttpAdaptor JMXInvokerServlet		CWE-16	High
JBoss JMX Console Unrestricted Access		CWE-16	High
JBoss JMX management console		CWE-16	High
JBoss Seam remoting vulnerabilities	CVE-2013-6447 CVE-2013-6448	CWE-611	High
JBoss ServerInfo MBean	CVE-2010-0738	CWE-16	High
JBoss Server MBean		CWE-16	High
JBoss status servlet information leak	CVE-2010-1429	CWE-200	Medium
JBoss Web Console JMX Invoker		CWE-16	High
JBoss web service console		CWE-200	Low
Jenkins dashboard		CWE-200	Medium
Jenkins user enumeration		CWE-200	Low
Jenkins weak password		CWE-200	High
JetBrains .idea project directory		CWE-538	Medium
JetLeak vulnerability	CVE-2015-2080	CWE-200	High
Joe Editor DEADJOE file		CWE-538	Low
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.11)	CVE-2011-4911	CWE-200	High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.12)		CWE-200	High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.14)		CWE-200	High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.15)	CVE-2010-1432	CWE-200	High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.23)	CVE-2011-3629	CWE-200	High
Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.25)	CVE-2012-1599	CWE-264	High
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.3)		CWE-200	High
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6)	CVE-2012-0819	CWE-200	High
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6)	CVE-2012-0821	CWE-200	High
Joomla! Core 1.7.0 Information Disclosure (1.7.0 - 1.7.0)		CWE-200	High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1)	CVE-2011-3629	CWE-200	High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1)	CVE-2011-4937	CWE-200	High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3)	CVE-2012-0819	CWE-200	High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3)	CVE-2012-0821	CWE-200	High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4)	CVE-2012-0835	CWE-200	High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4)	CVE-2012-0836	CWE-200	High
Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4)	CVE-2012-0837	CWE-200	High
Joomla! Core 2.5.0 Information Disclosure (2.5.0 - 2.5.0)	CVE-2012-0837	CWE-200	High
Joomla! Core 2.5.0 Information Disclosure (2.5.0 - 2.5.0)	CVE-2012-0835	CWE-200	High
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.3)	CVE-2012-1611	CWE-200	High
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.4)	CVE-2012-2748	CWE-200	High
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.8)	CVE-2013-1453	CWE-200	High
Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.9)	CVE-2013-3057	CWE-200	High
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2)	CVE-2013-1454	CWE-200	High
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2)	CVE-2013-1455	CWE-200	High
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2)	CVE-2013-1453	CWE-200	High
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.3)	CVE-2013-3057	CWE-200	High
Joomla! Core 3.7.x Information Disclosure (3.7.0 - 3.7.5)	CVE-2017-14595	CWE-200	High
Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.8.7)	CVE-2018-11325	CWE-200	High
Joomla! Core 3.x.x Information Disclosure (3.1.0 - 3.8.7)	CVE-2018-11327	CWE-200	High
Joomla! Core 3.x.x Information Disclosure (3.4.0 - 3.6.5)	CVE-2017-8057	CWE-200	High
Joomla! Core 3.x.x Information Disclosure (3.7.0 - 3.8.1)	CVE-2017-16633	CWE-200	High
Joomla! Core Information Disclosure (1.5.0 - 3.7.5)	CVE-2017-14596	CWE-200	High
Joomla! Core Information Disclosure (1.5.0 - 3.8.1)	CVE-2017-14596	CWE-200	High
JSONP enabled by default in MappingJackson2JsonView	CVE-2018-11040	CWE-538	Medium
JVM version leakage		CWE-200	Low
Laravel log file publicly accessible		CWE-538	Medium
LDAP anonymous binds		CWE-16	Medium
Macromedia Dreamweaver remote database scripts	CVE-2004-1893	CWE-16	High
Magento Cacheleak		CWE-200	High
MantisBT multiple security issues	CVE-2014-9571 CVE-2014-9572 CVE-2014-9573 CVE-2014-9624 CVE-2015-1042	CWE-200	High
Mercurial repository found		CWE-538	High
Microsoft Frontpage configuration information		CWE-200	Informational
Microsoft IIS5 NTLM and Basic authentication bypass	CVE-2007-2815	CWE-264	High
Microsoft IIS Server service.cnf file found		CWE-538	Low
Microsoft IIS tilde directory enumeration		CWE-20	High
Microsoft IIS version disclosure		CWE-200	Informational
Microsoft Office possible sensitive information		CWE-200	Informational
Microsoft SQL Server weak password		CWE-16	High
Minify arbitrary file disclosure	CVE-2013-6619	CWE-538	High
MongoDB HTTP status interface		CWE-16	Medium
Multiple vulnerabilities in Ioncube loader-wizard.php		CWE-16	High
MySQL connection credentials		CWE-538	High
MySQL database dump		CWE-538	Medium
MySQL Server weak password		CWE-16	High
MySQL username disclosure		CWE-538	Low
Nginx memory disclosure with specially crafted HTTP backend responses	CVE-2012-1180	CWE-399	High
NGINX range filter integer overflow	CVE-2017-7529	CWE-200	Medium
npm log file publicly accessible (npm-debug.log)		CWE-200	Medium
Open X11 server		CWE-16	High
Oracle applications logs publicy available		CWE-200	Medium
Oracle Database Listener has no password		CWE-16	High
Oracle JavaServer Faces multiple vulnerabilities	CVE-2013-3827	CWE-22	High
Oracle Reports Services RWServlet environment variables disclosure		CWE-200	Low
Padding oracle attack		CWE-209	High
Password field submitted using GET method		CWE-200	Medium
Password type input with auto-complete enabled		CWE-200	Informational
PHP-CGI remote code execution	CVE-2012-1823 CVE-2012-2311	CWE-20	High
PHP-CS-Fixer cache file publicly accessible (.php_cs.cache)		CWE-200	Medium
PHP-FPM Status Page		CWE-200	Medium
PHP.exe Windows CGI for Apache may let remote users view files on the server	CVE-2002-2029	CWE-16	Low
PHP curl_exec() url is controlled by user	CVE-2009-0037	CWE-352	Medium
PHP errors enabled		CWE-16	Medium
PHPinfo page		CWE-200	Medium
PHPinfo page found		CWE-200	Medium
phpMyAdmin SQL dump		CWE-538	Medium
POP3 weak password		CWE-16	High
Possible database backup		CWE-538	High
Possible debug parameter found		CWE-200	Medium
Possible internal IP address disclosure		CWE-200	Informational
Possible remote SWF inclusion	CVE-2007-6244 CVE-2007-6637	CWE-79	Medium
Possible sensitive directories		CWE-200	Low
Possible sensitive files		CWE-200	Low
Possible server path disclosure (Unix)		CWE-200	Informational
Possible server path disclosure (Windows)		CWE-200	Informational
Possible social security number disclosed		CWE-200	Medium
Possible SQL Statement in comment		CWE-200	Low
Possible username or password disclosure		CWE-200	Informational
Possible virtual host found		CWE-200	Low
PostgreSQL weak password		CWE-16	High
Public key certificate		CWE-200	Low
Rails controller possible sensitive information disclosure		CWE-200	Medium
Reachable SharePoint interface		CWE-16	High
Rlogin service running		CWE-16	Low
RSA private key		CWE-200	High
Rsh service running		CWE-16	Low
Ruby on Rails database configuration file		CWE-538	High
Ruby on Rails database connection file		CWE-538	High
Script source code disclosure		CWE-538	High
Sensitive data not encrypted		CWE-200	Low
Sensitive page could be cached		CWE-200	Low
Session token in URL		CWE-200	Low
SFTP/FTP credentials exposure		CWE-200	High
SharePoint exposed web services		CWE-200	Medium
SharePoint user enumeration		CWE-200	High
SMB list shares		CWE-16	Low
SMB null session		CWE-16	Low
SNMP information disclosure		CWE-16	Medium
Snoop Servlet information disclosure	CVE-2012-2170	CWE-200	Medium
Socks weak password		CWE-16	High
Solaris in.fingerd information disclosure vulnerability	CVE-2001-1503	CWE-16	High
Source code disclosure		CWE-538	Medium
SQLite database found		CWE-538	Medium
SSH weak password		CWE-16	High
Stack Trace Disclosure (Apache MyFaces)		CWE-209	Low
Stack Trace Disclosure (Apache MyFaces)		CWE-209	Low
Stack Trace Disclosure (ASP.NET)		CWE-209	Low
Stack Trace Disclosure (CakePHP)		CWE-209	Low
Stack Trace Disclosure (CherryPy)		CWE-209	Low
Stack Trace Disclosure (ColdFusion)		CWE-209	Low
Stack Trace Disclosure (Grails)		CWE-209	Low
Stack Trace Disclosure (Java)		CWE-209	Low
Stack Trace Disclosure (Laravel)		CWE-209	Low
Stack Trace Disclosure (Python)		CWE-209	Low
Stack Trace Disclosure (Rails)		CWE-209	Low
Stack Trace Disclosure (Ruby)		CWE-209	Low
Stack Trace Disclosure (Tomcat)		CWE-209	Low
Suspicious comment		CWE-200	Informational
SVN repository found		CWE-538	High
Sybase server weak password		CWE-307	High
Symfony databases.yml configuration file		CWE-538	High
Symfony web debug toolbar		CWE-16	Medium
Telnet service running		CWE-16	Low
Telnet weak password		CWE-307	High
The Heartbleed Bug	CVE-2014-0160	CWE-200	High
Tiki Wiki CMS: Arbitrary Code Execution			High
Tiki Wiki CMS: Arbitrary File Download			High
Tiki Wiki CMS: Remote Code Execution via Calendar Module			High
Tomcat status page		CWE-200	Low
Trojan horse detected		CWE-507	High
Unencrypted __VIEWSTATE parameter		CWE-200	Medium
Unprotected phpMyAdmin interface		CWE-16	High
vBulletin customer number disclosure	CVE-2013-6129	CWE-264	High
Virtual host directory listing		CWE-538	Medium
W3 total cache debug mode		CWE-16	Medium
Weak password		CWE-200	High
web.xml configuration file disclosure		CWE-538	High
webadmin.php script		CWE-16	High
Webalizer script		CWE-538	Medium
WebDAV directory listing		CWE-538	Medium
WebLogic admin console weak credentials		CWE-16	High
Webmail weak password		CWE-200	High
Web server default welcome page		CWE-16	Informational
WordPress database credentials disclosure		CWE-538	Medium
WordPress debug mode		CWE-200	High
WordPress full path disclosure		CWE-200	Low
WordPress pingback scanner	CVE-2013-0235	CWE-918	Medium
WordPress Pingback Source URI Denial of Service and Information Disclosure Vulnerabilities (0.6.2 - 2.1.3)	CVE-2007-0540	CWE-200 CWE-400	High
WordPress Plugin Activity Log Information Disclosure (2.2.12)		CWE-200	High
WordPress Plugin Acumbamail Information Disclosure (1.0.4)		CWE-200	High
WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0)		CWE-200	High
WordPress Plugin Advanced XML Reader XML External Entity Information Disclosure (0.3.4)		CWE-611	High
WordPress Plugin AlertWire Information Disclosure (1.1.1)		CWE-200	High
WordPress Plugin All in One SEO Pack Information Disclosure (2.2.5.1)	CVE-2015-0902	CWE-200	High
WordPress Plugin Aspose Cloud eBook Generator Arbitrary File Download (1.0)		CWE-22	High
WordPress Plugin Aspose DOC Exporter Arbitrary File Download (1.0)		CWE-22	High
WordPress Plugin Aspose Importer & Exporter Arbitrary File Download (2.0)		CWE-22	High
WordPress Plugin Aspose PDF Exporter Arbitrary File Download (1.0)		CWE-22	High
WordPress Plugin BackupBuddy Information Disclosure (2.2.28)	CVE-2013-2743 CVE-2013-2744	CWE-200	High
WordPress Plugin Backup Database Backup Information Disclosure (2.0.1)		CWE-538	High
WordPress Plugin Better WordPress Minify Arbitrary File Disclosure (1.2.2)		CWE-538	High
WordPress Plugin Breadcrumb NavXT Information Disclosure (6.1.0)		CWE-200	High
WordPress Plugin Caldera Forms-More Than Contact Forms Information Disclosure (1.3.5.2)		CWE-200	High
WordPress Plugin Candidate Application Form Arbitrary File Disclosure (1.6)		CWE-538	High
WordPress Plugin Candidate Application Form Arbitrary File Download (1.0)	CVE-2015-1000005	CWE-22	High
WordPress Plugin Cart66 Pro Arbitrary File Disclosure (1.5.3)	CVE-2014-9461	CWE-22	High
WordPress Plugin Cherry Services List Information Disclosure (1.4.1)		CWE-200	High
WordPress Plugin Cherry Team Members Information Disclosure (1.4.1)		CWE-200	High
WordPress Plugin Child Theme Configurator Arbitrary File Disclosure (1.7.4)		CWE-538	High
WordPress Plugin Cimy User Manager 'cimy_um_filename' Parameter Arbitrary File Disclosure (1.4.2)		CWE-22	High
WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46)		CWE-22	High
WordPress Plugin CodeArt-Google MP3 Player Arbitrary File Disclosure (1.0.11)		CWE-538	High
WordPress Plugin Contact Form 7 Database Information Disclosure (1.3)		CWE-200	High
WordPress Plugin Contact Form Email Information Disclosure (1.2.66)		CWE-200	High
WordPress Plugin Count per Day Arbitrary File Download and Cross-Site Scripting Vulnerabilities (3.1)	CVE-2012-0896	CWE-22 CWE-79	High
WordPress Plugin Count per Day Information Disclosure (3.2.5)		CWE-200	High
WordPress Plugin CP Image Store with Slideshow Arbitrary File Download (1.0.5)		CWE-22	High
WordPress Plugin Crayon Syntax Highlighter Local File Disclosure (2.6.10)		CWE-22	High
WordPress Plugin Direct Download for Woocommerce Arbitrary File Download (1.15)		CWE-538	High
WordPress Plugin Download Monitor Information Disclosure (1.6.3)		CWE-538	High
WordPress Plugin Download Shortcode Arbitrary File Disclosure (0.1)		CWE-22	High
WordPress Plugin Download Zip Attachments Arbitrary File Download (1.0.0)	CVE-2015-4704	CWE-22	High
WordPress Plugin Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0)		CWE-22	High
WordPress Plugin DZS Video Gallery Information Disclosure (3.1.3)		CWE-200	High
WordPress Plugin Easy Author Image Information Disclosure (1.5)		CWE-200	High
WordPress Plugin Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0)		CWE-22	High
WordPress Plugin Easy Digital Downloads Information Disclosure (2.7.6)		CWE-200	High
WordPress Plugin eCommerce Shopping Cart by WP EasyCart Information Disclosure (2.0.5)	CVE-2014-4942	CWE-200	High
WordPress Plugin Email Log Information Disclosure (1.9)		CWE-200	High
WordPress Plugin Email newsletter 'option' Parameter Information Disclosure (8.0)		CWE-200	High
WordPress Plugin Email Subscribers & Newsletters Information Disclosure (3.4.7)	CVE-2018-6015	CWE-200	High
WordPress Plugin Eshop Magic Arbitrary File Disclosure (0.1)		CWE-22	High
WordPress Plugin Filedownload 'download.php' Local File Disclosure (0.1)		CWE-22	High
WordPress Plugin FireStats Arbitrary File Download (1.6.5)		CWE-538	High
WordPress Plugin Formidable Forms-Form Builder for WordPress Information Disclosure (2.0.07)		CWE-200	High
WordPress Plugin Forums 'url' Parameter Arbitrary File Disclosure (1.4.3)	CVE-2012-4920	CWE-22	High
WordPress Plugin Fusion Engage Local File Disclosure (1.0.5)		CWE-22	High
WordPress Plugin Gallery by BestWebSoft Arbitrary File Disclosure (3.8.3)		CWE-538	High
WordPress Plugin Ghost Arbitrary File Download (0.5.5)		CWE-538	High
WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1)		CWE-95 CWE-200	High
WordPress Plugin GlotPress Information Disclosure (2.2.1)		CWE-200	High
WordPress Plugin Gmail SMTP Arbitrary File Disclosure (1.1.0)	CVE-2017-5223	CWE-200	High
WordPress Plugin Google Doc Embedder Arbitrary File Disclosure (2.4.6)	CVE-2012-4915	CWE-22	High
WordPress Plugin Google Drive for WordPress Information Disclosure (2.2)		CWE-538	High
WordPress Plugin Grand Flagallery-Photo Gallery Information Disclosure (4.24)	CVE-2014-8491	CWE-200	High
WordPress Plugin GRAND Flash Album Gallery SQL Injection and Information Disclosure Vulnerabilities (0.59)		CWE-22 CWE-89	High
WordPress Plugin HB AUDIO GALLERY LITE Arbitrary File Download (1.0.0)		CWE-538	High
WordPress Plugin Health Check & Troubleshooting Arbitrary File Disclosure (1.2.3)		CWE-538	High
WordPress Plugin History Collection Arbitrary File Download (1.1.1)		CWE-538	High
WordPress Plugin HTML5 MP3 Player with Playlist Free Information Disclosure (2.6)	CVE-2014-9177	CWE-200	High
WordPress Plugin IBS Mappro Arbitrary File Download (0.6)	CVE-2015-5472	CWE-22	High
WordPress Plugin Image Export Arbitrary File Download (1.1.0)	CVE-2015-5609	CWE-22	High
WordPress Plugin IP Blacklist Cloud Arbitrary File Disclosure (3.42)		CWE-22	High
WordPress Plugin iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1)		CWE-200	High
WordPress Plugin Jigoshop Information Disclosure (1.17.9)		CWE-200	High
WordPress Plugin JM Twitter Cards Information Disclosure (6.1)		CWE-200	High
WordPress Plugin Log Emails Information Disclosure (1.0.6)		CWE-200	High
WordPress Plugin MAC PHOTO GALLERY 'albid' Parameter Arbitrary File Disclosure (2.8)		CWE-22	High
WordPress Plugin MAC PHOTO GALLERY Arbitrary File Download (3.0)		CWE-538	High
WordPress Plugin Mailing List 'dl.php' Arbitrary File Download (1.4.1)		CWE-22	High
WordPress Plugin Mashshare-Social Media Icons SEO Share Buttons for Facebook, Twitter, Subscribe Information Disclosure (2.3.0)		CWE-200	High
WordPress Plugin Membership Simplified Arbitrary File Download (1.58)	CVE-2017-1002008	CWE-538	High
WordPress Plugin Memphis Documents Library Arbitrary File Download (3.1.5)		CWE-538	High
WordPress Plugin Meta Slider Information Disclosure (3.3.1)		CWE-200	High
WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Disclosure (1.0.4)		CWE-538	High
WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Download (1.0.5)		CWE-538	High
WordPress Plugin MP3-jPlayer Information Disclosure (2.3.2)	CVE-2015-1000008	CWE-200	High
WordPress Plugin MP3-jPlayer Local File Disclosure (2.3)		CWE-538	High
WordPress Plugin Multi Plugin Installer Arbitrary File Disclosure (1.1.0)		CWE-538	High
WordPress Plugin NextGEN Gallery-WordPress Gallery Information Disclosure (1.9.11)	CVE-2013-0291	CWE-200	High
WordPress Plugin Order/Coupon/Subscription Export Import Plugin for WooCommerce (BASIC) Information Disclosure (1.0.8)		CWE-200	High
WordPress Plugin Organizer Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (1.2.1)	CVE-2012-6511 CVE-2012-6512	CWE-79 CWE-200	High
WordPress Plugin Page and Post Clone Information Disclosure (1.1)		CWE-200	High
WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2)	CVE-2008-5752	CWE-22	High
WordPress Plugin Paid Memberships Pro 'memberslist-csv.php' Information Disclosure (1.4.9)		CWE-538	High
WordPress Plugin PAYPAL CURRENCY CONVERTER BASIC FOR WOOCOMMERCE Arbitrary File Disclosure (1.3)		CWE-538	High
WordPress Plugin PICA Photo Gallery 'imgname' Parameter Information Disclosure (1.0)		CWE-22	High
WordPress Plugin Pike Firewall Information Disclosure (1.4)		CWE-200	High
WordPress Plugin Plugin:Newsletter 'data' Parameter Information Disclosure (1.5)	CVE-2012-3588	CWE-22	High
WordPress Plugin RB Agency Local File Disclosure (2.4.7)		CWE-22	High
WordPress Plugin Recent Backups Arbitrary File Download (0.7)	CVE-2015-1000006	CWE-22	High
WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics Arbitrary File Download (0.7)		CWE-22	High
WordPress Plugin Save Contact Form 7 Information Disclosure (2.0)		CWE-200	High
WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.1)	CVE-2014-9511	CWE-538	High
WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.17)		CWE-22	High
WordPress Plugin Service Finder-Provider and Business Listing Local File Disclosure (3.0)		CWE-538	High
WordPress Plugin Share Drafts Publicly Information Disclosure (1.1.4)		CWE-200	High
WordPress Plugin ShareYourCart Information Disclosure (1.6.1)	CVE-2012-4332	CWE-200	High
WordPress Plugin Simple Backup Arbitrary File Download (2.7.10)		CWE-538	High
WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)		CWE-22	High
WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure (1.1.3)	CVE-2012-6313	CWE-200	High
WordPress Plugin Simple History Information Disclosure (1.0.7)		CWE-200	High
WordPress Plugin Simple History Information Disclosure (2.7.4)		CWE-200	High
WordPress Plugin Simple Image Manipulator Arbitrary File Download (1.0)	CVE-2015-1000010	CWE-538	High
WordPress Plugin Simply Static Arbitrary File Download (1.6.2)		CWE-22	High
WordPress Plugin Slideshow Information Disclosure (2.2.21)	CVE-2015-3634	CWE-200	High
WordPress Plugin Slideshow Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (2.1.12)		CWE-79 CWE-200	High
WordPress Plugin SL User Create Information Disclosure (0.2.4)		CWE-200	High
WordPress Plugin Social Discussions Remote File Include and Information Disclosure Vulnerabilities (6.1.1)		CWE-94 CWE-200	High
WordPress Plugin Social Network Tabs Information Disclosure (1.7.1)	CVE-2018-20555	CWE-200	High
WordPress Plugin SS Downloads Cross-Site Request Forgery and Information Disclosure Vulnerabilities (1.4.3)		CWE-352 CWE-538	High
WordPress Plugin SSL Insecure Content Fixer Information Disclosure (2.0.0)		CWE-200	High
WordPress Plugin Stop User Enumeration Cross-Site Scripting (1.3.7)		CWE-79	High
WordPress Plugin Stop User Enumeration Security Bypass (1.3.18)		CWE-264	High
WordPress Plugin Stop User Enumeration User Enumeration (1.2.4)		CWE-203	High
WordPress Plugin Stop User Enumeration User Enumeration (1.3.4)		CWE-203	High
WordPress Plugin Stop User Enumeration User Enumeration (1.3.8)		CWE-203	High
WordPress Plugin Subscribe to Comments Unsubscribe Challenge Information Disclosure (2.0.2)		CWE-200	High
WordPress Plugin Super Refer A Friend Information Disclosure (1.0)		CWE-200	High
WordPress Plugin Swim Team Arbitrary File Download (1.44.1077)	CVE-2015-5471	CWE-22	High
WordPress Plugin Thinkun Remind 'dirPath' Parameter Information Disclosure (1.1.3)		CWE-22	High
WordPress Plugin Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure (1.0.7)		CWE-22	High
WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)		CWE-22	High
WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1)		CWE-22	High
WordPress Plugin Ultimate CSV Importer Arbitrary File Disclosure (3.7)		CWE-22	High
WordPress Plugin Ultimate CSV Importer Information Disclosure (3.6.74)		CWE-200	High
WordPress Plugin Ultimate Member-User Profile & Membership Information Disclosure (1.2.5)		CWE-200	High
WordPress Plugin UnGallery Local File Disclosure (1.5.8)		CWE-22	High
WordPress Plugin UpiCRM-Free WordPress CRM and Lead Management Information Disclosure (2.1.8.5)		CWE-538	High
WordPress Plugin User Meta Manager Information Disclosure (3.4.7)		CWE-200	High
WordPress Plugin Video Embed & Thumbnail Generator Information Disclosure (1.1)	CVE-2012-1786	CWE-200	High
WordPress Plugin Vitamin Multiple Arbitrary File Disclosure Vulnerabilities (1.0.0)	CVE-2012-6651	CWE-22	High
WordPress Plugin W3 Total Cache Information Disclosure (0.9.2.4)		CWE-200	High
WordPress Plugin WebP Express Arbitrary File Disclosure (0.10.0)		CWE-538	High
WordPress Plugin WooCommerce Arbitrary File Download (3.4.5)		CWE-538	High
WordPress Plugin WooCommerce Email Test Information Disclosure (1.5)		CWE-200	High
WordPress Plugin WordPress Backup to Dropbox Information Disclosure (4.7.1)		CWE-200	High
WordPress Plugin WordPress Mobile Pack Information Disclosure (2.0.1)	CVE-2014-5337	CWE-264	High
WordPress Plugin WordPress Mobile Pack Information Disclosure (2.1.2)	CVE-2015-9269	CWE-200	High
WordPress Plugin WordPress renaming tool by Vlajo Arbitrary File Download (1.0)	CVE-2015-4703	CWE-538	High
WordPress Plugin WordPress Social Stream Information Disclosure (1.6)		CWE-522	High
WordPress Plugin WP-DBManager 'wp-config.php' Arbitrary File Download (2.60)		CWE-22	High
WordPress Plugin wp-FileManager Arbitrary File Disclosure (1.3.0)		CWE-22	High
WordPress Plugin Wp-ImageZoom 'file' Parameter Information Disclosure (1.0.3)		CWE-22	High
WordPress Plugin WP-Mon Arbitrary File Disclosure (0.5.1)		CWE-22	High
WordPress Plugin WP-Property-WordPress Powered Real Estate and Property Management Information Disclosure (1.38.3.2)		CWE-200	High
WordPress Plugin WP Attachment Export Arbitrary File Download (0.2.3)		CWE-538	High
WordPress Plugin WP CSS 'wp-css-compress.php' Local File Disclosure (2.0.5)		CWE-22	High
WordPress Plugin WP Custom Pages 'url' Parameter Local File Disclosure (0.5.0.1)	CVE-2011-1669	CWE-22	High
WordPress Plugin WP e-Commerce Shop Styling Arbitrary File Download (2.5)	CVE-2015-5468	CWE-22	High
WordPress Plugin WP Easy full backup Information Disclosure (1.4)		CWE-200	High
WordPress Plugin WP Hide & Security Enhancer Arbitrary File Download (1.3.9.2)		CWE-538	High
WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution Arbitrary File Download (2.4.0)	CVE-2014-9013 CVE-2014-9014	CWE-22	High
WordPress Plugin WP Mobile Edition Arbitrary File Disclosure (2.2.7)		CWE-22	High
WordPress Plugin WP Online Store Local File Include and Multiple File Disclosure Vulnerabilities (1.3.1)		CWE-22 CWE-538	High
WordPress Plugin WP PHP widget Information Disclosure (1.0.2)	CVE-2013-0721	CWE-200	High
WordPress Plugin WP REST API (WP API) Information Disclosure (1.2)		CWE-200	High
WordPress Plugin WP Security Audit Log Information Disclosure (3.1.1)	CVE-2018-8719	CWE-200	High
WordPress Plugin wp superb Slideshow Information Disclosure (2.4)		CWE-200	High
WordPress Plugin wptf-image-gallery Arbitrary File Download (1.0.3)	CVE-2015-1000007	CWE-538	High
WordPress Plugin Yoast SEO Information Disclosure (3.2.4)		CWE-200	High
WordPress Plugin Zip Attachments Arbitrary File Download (1.4)	CVE-2015-4694	CWE-538	High
WordPress REST API User Enumeration		CWE-200	Low
WordPress username enumeration		CWE-200	Medium
WordPress W3 Total Cache plugin predictable cache filenames	CVE-2012-6077 CVE-2012-6078 CVE-2012-6079	CWE-200	High
WPEngine _wpeprivate/config.json information disclosure		CWE-200	High
WS_FTP log file found		CWE-538	Medium
X-Forwarded-For HTTP header security bypass		CWE-287	High
XML external entity injection		CWE-611	High
XML external entity injection and XML injection		CWE-611	High
XML external entity injection via external file		CWE-611	High
XML external entity injection via File Upload		CWE-611	High
Yii2 debug toolkit		CWE-200	Medium
Zend framework configuration file information disclosure		CWE-538	High
Zend Framework local file disclosure via XXE injection	CVE-2012-3363	CWE-611	High

.htaccess file readable

CWE-16

Medium

Access database found

CWE-538

Medium

Adobe ColdFusion directory traversal

CVE-2013-3336

CWE-22

High

Amazon S3 public bucket

CWE-264

Medium

Amazon S3 publicly writable bucket

CWE-264

High

Apache 2.0.43 Win32 file reading vulnerability

CVE-2003-0017

CWE-20

High

Apache 2.x version older than 2.0.48

CVE-2003-0542 CVE-2003-0789

CWE-119

Medium

Apache Axis2 administration console weak password

CWE-200

High

Apache Axis2 information disclosure

CWE-200

Medium

Apache Axis2 web services enumeration

CWE-200

Low

Apache httpOnly cookie disclosure

CVE-2012-0053

CWE-264

Medium

Apache mod_negotiation filename bruteforcing

CWE-538

Low

Apache perl-status enabled

CWE-200

Medium

Apache server-info enabled

CWE-200

Medium

Apache server-status enabled

CWE-200

Medium

Apache Solr endpoint

CWE-16

Low

Apache solr service exposed

CWE-16

High

Apache stronghold-info enabled

CWE-200

Low

Apache stronghold-status enabled

CWE-200

Low

Apache Tomcat "allowLinking" on Case Insensitive Filesystems

CWE-538

High

Apache Tomcat directory traversal

CVE-2007-0450

CWE-22

Medium

Apache Tomcat examples directory vulnerabilities

CWE-264

Medium

Apache Tomcat Information Disclosure

CVE-2017-12616

CWE-200

High

Apache Tomcat version older than 4.1.37

CVE-2005-3164 CVE-2007-1355 CVE-2007-2449 CVE-2007-2450 CVE-2007-3382 CVE-2007-3383 CVE-2007-3385 CVE-2007-5333 CVE-2007-5461

CWE-79

Medium

Apache Tomcat version older than 6.0.11

CVE-2005-2090 CVE-2007-1355

CWE-79

Medium

Apache Tomcat version older than 6.0.35

CVE-2011-3190 CVE-2011-3375 CVE-2012-0022

CWE-264

High

Apache Tomcat version older than 7.0.21

CVE-2011-3190

CWE-264

High

apc.php page found

CWE-538

Medium

Application error message

CWE-200

Medium

Arbitrary file existence disclosure in Action Pack

CVE-2014-7829

CWE-200

Medium

ASP.NET application trace enabled

CWE-16

Medium

ASP.NET custom errors disabled (AcuSensor)

CWE-16

Medium

ASP.NET debugging enabled

CWE-16

Low

ASP.NET diagnostic page

CWE-200

Medium

ASP.NET error message

CWE-16

Medium

ASP.NET MVC version disclosure

CWE-200

Low

ASP.NET padding oracle vulnerability

CVE-2010-3332

CWE-310

High

ASP.NET path disclosure

CWE-200

Low

ASP.NET version disclosure

CWE-200

Low

Atlassian Confluence Access Restriction Bypass

CVE-2017-9505

Medium

Atlassian Confluence information disclosure

CVE-2017-7415

High

Atlassian Confluence Stored Cross Site Scripting

CVE-2016-6283

Medium

Atlassian Jira Manage Filters information disclosure

CWE-200

Low

AWStats script

CWE-538

Medium

Backup files

CWE-538

Medium

Backup files

CWE-538

Medium

Bazaar repository found

CWE-538

High

Bonjour service running

CWE-16

Low

Chrome Logger information disclosure

CWE-16

Medium

ColdFusion path disclosure

CWE-200

Low

ColdFusion Request Debugging information disclosure

CWE-200

Medium

ColdFusion Robust Exception enabled

CWE-200

Medium

Configuration file disclosure

CWE-538

High

Configuration file source code disclosure

CWE-538

High

Core dump checker PHP script

CWE-200

Medium

Core dump file

CWE-200

High

Credit card number disclosed

CWE-200

Medium

CVS web repository

CWE-16

High

Database connection string disclosure

CWE-200

Medium

Development configuration file

CWE-538

Medium

Devise weak password

CWE-200

High

Directory listing

CWE-538

Medium

Django debug mode enabled

CWE-200

Medium

DNS cache snooping

CWE-16

Medium

DNS zone transfer

CVE-1999-0532

CWE-16

High

Documentation file

CWE-538

Low

Dotenv .env file

CWE-538

High

Drupal 7 arbitrary PHP code execution and information disclosure

CVE-2012-4553 CVE-2012-4554

CWE-264

High

Drupal Backup Migrate directory publicly accessible

CWE-538

High

Drupal Core 5.x Information Disclosure (5.0 - 5.18)

CVE-2009-2374

CWE-200

High

Drupal Core 6.x Information Disclosure (6.0 - 6.30)

CVE-2014-2983

CWE-200

High

Drupal Core 7.x Information Disclosure (7.0 - 7.14)

CVE-2012-2922

CWE-200

High

Drupal Core 7.x Information Disclosure (7.0 - 7.26)

CVE-2014-2983

CWE-200

High

Drupal Views module information disclosure vulnerability

CWE-200

Medium

Elasticsearch service accessible

CWE-16

High

elmah.axd information disclosure

CWE-16

Medium

Email address found

CWE-200

Informational

Environment variable information disclosure

CWE-200

Low

Error message

CWE-200

Medium

Error message on page

CWE-200

Medium

Error page path disclosure

CWE-200

Low

Error page web server version disclosure

CWE-200

Informational

Files listed in robots.txt but not linked

CWE-200

Informational

Finger service running

CWE-16

Medium

Frontpage authors.pwd available

CWE-538

Medium

Frontpage extensions enabled

CWE-16

Low

FTP anonymous logins

CWE-16

Low

FTP anonymous writable directories

CWE-16

Medium

FTP weak password

CWE-16

High

Full public read access Azure blob storage

CWE-264

Medium

Git repository found

CWE-538

High

GlassFish admin console weak credentials

CWE-16

High

Global.asa backup file found

CWE-538

Medium

HTML Form found in redirect page

CWE-287

Low

IBM Web Content Manager XPath injection

CVE-2013-6735

CWE-264

High

IBM WebSphere/WebLogic application source file exposure

CWE-200

High

IBM WebSphere administration console weak password

CWE-200

High

IMAP weak password

CWE-16

High

Insecure transition from HTTPS to HTTP in form post

CWE-200

Low

Insecure transition from HTTP to HTTPS in form post

CWE-200

Medium

Internet Information Server returns IP address in HTTP header (Content-Location)

CWE-200

Low

Javascript eval() usage

CWE-200

Informational

JBoss BSHDeployer MBean

CWE-16

High

JBoss HttpAdaptor JMXInvokerServlet

CWE-16

High

JBoss JMX Console Unrestricted Access

CWE-16

High

JBoss JMX management console

CWE-16

High

JBoss Seam remoting vulnerabilities

CVE-2013-6447 CVE-2013-6448

CWE-611

High

JBoss ServerInfo MBean

CVE-2010-0738

CWE-16

High

JBoss Server MBean

CWE-16

High

JBoss status servlet information leak

CVE-2010-1429

CWE-200

Medium

JBoss Web Console JMX Invoker

CWE-16

High

JBoss web service console

CWE-200

Low

Jenkins dashboard

CWE-200

Medium

Jenkins user enumeration

CWE-200

Low

Jenkins weak password

CWE-200

High

JetBrains .idea project directory

CWE-538

Medium

JetLeak vulnerability

CVE-2015-2080

CWE-200

High

Joe Editor DEADJOE file

CWE-538

Low

Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.11)

CVE-2011-4911

CWE-200

High

Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.12)

CWE-200

High

Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.14)

CWE-200

High

Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.15)

CVE-2010-1432

CWE-200

High

Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.23)

CVE-2011-3629

CWE-200

High

Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.25)

CVE-2012-1599

CWE-264

High

Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.3)

CWE-200

High

Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6)

CVE-2012-0819

CWE-200

High

Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6)

CVE-2012-0821

CWE-200

High

Joomla! Core 1.7.0 Information Disclosure (1.7.0 - 1.7.0)

CWE-200

High

Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1)

CVE-2011-3629

CWE-200

High

Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1)

CVE-2011-4937

CWE-200

High

Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3)

CVE-2012-0819

CWE-200

High

Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3)

CVE-2012-0821

CWE-200

High

Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4)

CVE-2012-0835

CWE-200

High

Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4)

CVE-2012-0836

CWE-200

High

Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4)

CVE-2012-0837

CWE-200

High

Joomla! Core 2.5.0 Information Disclosure (2.5.0 - 2.5.0)

CVE-2012-0837

CWE-200

High

Joomla! Core 2.5.0 Information Disclosure (2.5.0 - 2.5.0)

CVE-2012-0835

CWE-200

High

Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.3)

CVE-2012-1611

CWE-200

High

Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.4)

CVE-2012-2748

CWE-200

High

Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.8)

CVE-2013-1453

CWE-200

High

Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.9)

CVE-2013-3057

CWE-200

High

Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2)

CVE-2013-1454

CWE-200

High

Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2)

CVE-2013-1455

CWE-200

High

Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2)

CVE-2013-1453

CWE-200

High

Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.3)

CVE-2013-3057

CWE-200

High

Joomla! Core 3.7.x Information Disclosure (3.7.0 - 3.7.5)

CVE-2017-14595

CWE-200

High

Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.8.7)

CVE-2018-11325

CWE-200

High

Joomla! Core 3.x.x Information Disclosure (3.1.0 - 3.8.7)

CVE-2018-11327

CWE-200

High

Joomla! Core 3.x.x Information Disclosure (3.4.0 - 3.6.5)

CVE-2017-8057

CWE-200

High

Joomla! Core 3.x.x Information Disclosure (3.7.0 - 3.8.1)

CVE-2017-16633

CWE-200

High

Joomla! Core Information Disclosure (1.5.0 - 3.7.5)

CVE-2017-14596

CWE-200

High

Joomla! Core Information Disclosure (1.5.0 - 3.8.1)

CVE-2017-14596

CWE-200

High

JSONP enabled by default in MappingJackson2JsonView

CVE-2018-11040

CWE-538

Medium

JVM version leakage

CWE-200

Low

Laravel log file publicly accessible

CWE-538

Medium

LDAP anonymous binds

CWE-16

Medium

Macromedia Dreamweaver remote database scripts

CVE-2004-1893

CWE-16

High

Magento Cacheleak

CWE-200

High

MantisBT multiple security issues

CVE-2014-9571 CVE-2014-9572 CVE-2014-9573 CVE-2014-9624 CVE-2015-1042

CWE-200

High

Mercurial repository found

CWE-538

High

Microsoft Frontpage configuration information

CWE-200

Informational

Microsoft IIS5 NTLM and Basic authentication bypass

CVE-2007-2815

CWE-264

High

Microsoft IIS Server service.cnf file found

CWE-538

Low

Microsoft IIS tilde directory enumeration

CWE-20

High

Microsoft IIS version disclosure

CWE-200

Informational

Microsoft Office possible sensitive information

CWE-200

Informational

Microsoft SQL Server weak password

CWE-16

High

Minify arbitrary file disclosure

CVE-2013-6619

CWE-538

High

MongoDB HTTP status interface

CWE-16

Medium

Multiple vulnerabilities in Ioncube loader-wizard.php

CWE-16

High

MySQL connection credentials

CWE-538

High

MySQL database dump

CWE-538

Medium

MySQL Server weak password

CWE-16

High

MySQL username disclosure

CWE-538

Low

Nginx memory disclosure with specially crafted HTTP backend responses

CVE-2012-1180

CWE-399

High

NGINX range filter integer overflow

CVE-2017-7529

CWE-200

Medium

npm log file publicly accessible (npm-debug.log)

CWE-200

Medium

Open X11 server

CWE-16

High

Oracle applications logs publicy available

CWE-200

Medium

Oracle Database Listener has no password

CWE-16

High

Oracle JavaServer Faces multiple vulnerabilities

CVE-2013-3827

CWE-22

High

Oracle Reports Services RWServlet environment variables disclosure

CWE-200

Low

Padding oracle attack

CWE-209

High

Password field submitted using GET method

CWE-200

Medium

Password type input with auto-complete enabled

CWE-200

Informational

PHP-CGI remote code execution

CVE-2012-1823 CVE-2012-2311

CWE-20

High

PHP-CS-Fixer cache file publicly accessible (.php_cs.cache)

CWE-200

Medium

PHP-FPM Status Page

CWE-200

Medium

PHP.exe Windows CGI for Apache may let remote users view files on the server

CVE-2002-2029

CWE-16

Low

PHP curl_exec() url is controlled by user

CVE-2009-0037

CWE-352

Medium

PHP errors enabled

CWE-16

Medium

PHPinfo page

CWE-200

Medium

PHPinfo page found

CWE-200

Medium

phpMyAdmin SQL dump

CWE-538

Medium

POP3 weak password

CWE-16

High

Possible database backup

CWE-538

High

Possible debug parameter found

CWE-200

Medium

Possible internal IP address disclosure

CWE-200

Informational

Possible remote SWF inclusion

CVE-2007-6244 CVE-2007-6637

CWE-79

Medium

Possible sensitive directories

CWE-200

Low

Possible sensitive files

CWE-200

Low

Possible server path disclosure (Unix)

CWE-200

Informational

Possible server path disclosure (Windows)

CWE-200

Informational

Possible social security number disclosed

CWE-200

Medium

Possible SQL Statement in comment

CWE-200

Low

Possible username or password disclosure

CWE-200

Informational

Possible virtual host found

CWE-200

Low

PostgreSQL weak password

CWE-16

High

Public key certificate

CWE-200

Low

Rails controller possible sensitive information disclosure

CWE-200

Medium

Reachable SharePoint interface

CWE-16

High

Rlogin service running

CWE-16

Low

RSA private key

CWE-200

High

Rsh service running

CWE-16

Low

Ruby on Rails database configuration file

CWE-538

High

Ruby on Rails database connection file

CWE-538

High

Script source code disclosure

CWE-538

High

Sensitive data not encrypted

CWE-200

Low

Sensitive page could be cached

CWE-200

Low

Session token in URL

CWE-200

Low

SFTP/FTP credentials exposure

CWE-200

High

SharePoint exposed web services

CWE-200

Medium

SharePoint user enumeration

CWE-200

High

SMB list shares

CWE-16

Low

SMB null session

CWE-16

Low

SNMP information disclosure

CWE-16

Medium

Snoop Servlet information disclosure

CVE-2012-2170

CWE-200

Medium

Socks weak password

CWE-16

High

Solaris in.fingerd information disclosure vulnerability

CVE-2001-1503

CWE-16

High

Source code disclosure

CWE-538

Medium

SQLite database found

CWE-538

Medium

SSH weak password

CWE-16

High

Stack Trace Disclosure (Apache MyFaces)

CWE-209

Low

Stack Trace Disclosure (Apache MyFaces)

CWE-209

Low

Stack Trace Disclosure (ASP.NET)

CWE-209

Low

Stack Trace Disclosure (CakePHP)

CWE-209

Low

Stack Trace Disclosure (CherryPy)

CWE-209

Low

Stack Trace Disclosure (ColdFusion)

CWE-209

Low

Stack Trace Disclosure (Grails)

CWE-209

Low

Stack Trace Disclosure (Java)

CWE-209

Low

Stack Trace Disclosure (Laravel)

CWE-209

Low

Stack Trace Disclosure (Python)

CWE-209

Low

Stack Trace Disclosure (Rails)

CWE-209

Low

Stack Trace Disclosure (Ruby)

CWE-209

Low

Stack Trace Disclosure (Tomcat)

CWE-209

Low

Suspicious comment

CWE-200

Informational

SVN repository found

CWE-538

High

Sybase server weak password

CWE-307

High

Symfony databases.yml configuration file

CWE-538

High

Symfony web debug toolbar

CWE-16

Medium

Telnet service running

CWE-16

Low

Telnet weak password

CWE-307

High

The Heartbleed Bug

CVE-2014-0160

CWE-200

High

Tiki Wiki CMS: Arbitrary Code Execution

High

Tiki Wiki CMS: Arbitrary File Download

High

Tiki Wiki CMS: Remote Code Execution via Calendar Module

High

Tomcat status page

CWE-200

Low

Trojan horse detected

CWE-507

High

Unencrypted __VIEWSTATE parameter

CWE-200

Medium

Unprotected phpMyAdmin interface

CWE-16

High

vBulletin customer number disclosure

CVE-2013-6129

CWE-264

High

Virtual host directory listing

CWE-538

Medium

W3 total cache debug mode

CWE-16

Medium

Weak password

CWE-200

High

web.xml configuration file disclosure

CWE-538

High

webadmin.php script

CWE-16

High

Webalizer script

CWE-538

Medium

WebDAV directory listing

CWE-538

Medium

WebLogic admin console weak credentials

CWE-16

High

Webmail weak password

CWE-200

High

Web server default welcome page

CWE-16

Informational

WordPress database credentials disclosure

CWE-538

Medium

WordPress debug mode

CWE-200

High

WordPress full path disclosure

CWE-200

Low

WordPress pingback scanner

CVE-2013-0235

CWE-918

Medium

WordPress Pingback Source URI Denial of Service and Information Disclosure Vulnerabilities (0.6.2 - 2.1.3)

CVE-2007-0540

CWE-200 CWE-400

High

WordPress Plugin Activity Log Information Disclosure (2.2.12)

CWE-200

High

WordPress Plugin Acumbamail Information Disclosure (1.0.4)

CWE-200

High

WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0)

CWE-200

High

WordPress Plugin Advanced XML Reader XML External Entity Information Disclosure (0.3.4)

CWE-611

High

WordPress Plugin AlertWire Information Disclosure (1.1.1)

CWE-200

High

WordPress Plugin All in One SEO Pack Information Disclosure (2.2.5.1)

CVE-2015-0902

CWE-200

High

WordPress Plugin Aspose Cloud eBook Generator Arbitrary File Download (1.0)

CWE-22

High

WordPress Plugin Aspose DOC Exporter Arbitrary File Download (1.0)

CWE-22

High

WordPress Plugin Aspose Importer & Exporter Arbitrary File Download (2.0)

CWE-22

High

WordPress Plugin Aspose PDF Exporter Arbitrary File Download (1.0)

CWE-22

High

WordPress Plugin BackupBuddy Information Disclosure (2.2.28)

CVE-2013-2743 CVE-2013-2744

CWE-200

High

WordPress Plugin Backup Database Backup Information Disclosure (2.0.1)

CWE-538

High

WordPress Plugin Better WordPress Minify Arbitrary File Disclosure (1.2.2)

CWE-538

High

WordPress Plugin Breadcrumb NavXT Information Disclosure (6.1.0)

CWE-200

High

WordPress Plugin Caldera Forms-More Than Contact Forms Information Disclosure (1.3.5.2)

CWE-200

High

WordPress Plugin Candidate Application Form Arbitrary File Disclosure (1.6)

CWE-538

High

WordPress Plugin Candidate Application Form Arbitrary File Download (1.0)

CVE-2015-1000005

CWE-22

High

WordPress Plugin Cart66 Pro Arbitrary File Disclosure (1.5.3)

CVE-2014-9461

CWE-22

High

WordPress Plugin Cherry Services List Information Disclosure (1.4.1)

CWE-200

High

WordPress Plugin Cherry Team Members Information Disclosure (1.4.1)

CWE-200

High

WordPress Plugin Child Theme Configurator Arbitrary File Disclosure (1.7.4)

CWE-538

High

WordPress Plugin Cimy User Manager 'cimy_um_filename' Parameter Arbitrary File Disclosure (1.4.2)

CWE-22

High

WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46)

CWE-22

High

WordPress Plugin CodeArt-Google MP3 Player Arbitrary File Disclosure (1.0.11)

CWE-538

High

WordPress Plugin Contact Form 7 Database Information Disclosure (1.3)

CWE-200

High

WordPress Plugin Contact Form Email Information Disclosure (1.2.66)

CWE-200

High

WordPress Plugin Count per Day Arbitrary File Download and Cross-Site Scripting Vulnerabilities (3.1)

CVE-2012-0896

CWE-22 CWE-79

High

WordPress Plugin Count per Day Information Disclosure (3.2.5)

CWE-200

High

WordPress Plugin CP Image Store with Slideshow Arbitrary File Download (1.0.5)

CWE-22

High

WordPress Plugin Crayon Syntax Highlighter Local File Disclosure (2.6.10)

CWE-22

High

WordPress Plugin Direct Download for Woocommerce Arbitrary File Download (1.15)

CWE-538

High

WordPress Plugin Download Monitor Information Disclosure (1.6.3)

CWE-538

High

WordPress Plugin Download Shortcode Arbitrary File Disclosure (0.1)

CWE-22

High

WordPress Plugin Download Zip Attachments Arbitrary File Download (1.0.0)

CVE-2015-4704

CWE-22

High

WordPress Plugin Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0)

CWE-22

High

WordPress Plugin DZS Video Gallery Information Disclosure (3.1.3)

CWE-200

High

WordPress Plugin Easy Author Image Information Disclosure (1.5)

CWE-200

High

WordPress Plugin Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0)

CWE-22

High

WordPress Plugin Easy Digital Downloads Information Disclosure (2.7.6)

CWE-200

High

WordPress Plugin eCommerce Shopping Cart by WP EasyCart Information Disclosure (2.0.5)

CVE-2014-4942

CWE-200

High

WordPress Plugin Email Log Information Disclosure (1.9)

CWE-200

High

WordPress Plugin Email newsletter 'option' Parameter Information Disclosure (8.0)

CWE-200

High

WordPress Plugin Email Subscribers & Newsletters Information Disclosure (3.4.7)

CVE-2018-6015

CWE-200

High

WordPress Plugin Eshop Magic Arbitrary File Disclosure (0.1)

CWE-22

High

WordPress Plugin Filedownload 'download.php' Local File Disclosure (0.1)

CWE-22

High

WordPress Plugin FireStats Arbitrary File Download (1.6.5)

CWE-538

High

WordPress Plugin Formidable Forms-Form Builder for WordPress Information Disclosure (2.0.07)

CWE-200

High

WordPress Plugin Forums 'url' Parameter Arbitrary File Disclosure (1.4.3)

CVE-2012-4920

CWE-22

High

WordPress Plugin Fusion Engage Local File Disclosure (1.0.5)

CWE-22

High

WordPress Plugin Gallery by BestWebSoft Arbitrary File Disclosure (3.8.3)

CWE-538

High

WordPress Plugin Ghost Arbitrary File Download (0.5.5)

CWE-538

High

WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1)

CWE-95 CWE-200

High

WordPress Plugin GlotPress Information Disclosure (2.2.1)

CWE-200

High

WordPress Plugin Gmail SMTP Arbitrary File Disclosure (1.1.0)

CVE-2017-5223

CWE-200

High

WordPress Plugin Google Doc Embedder Arbitrary File Disclosure (2.4.6)

CVE-2012-4915

CWE-22

High

WordPress Plugin Google Drive for WordPress Information Disclosure (2.2)

CWE-538

High

WordPress Plugin Grand Flagallery-Photo Gallery Information Disclosure (4.24)

CVE-2014-8491

CWE-200

High

WordPress Plugin GRAND Flash Album Gallery SQL Injection and Information Disclosure Vulnerabilities (0.59)

CWE-22 CWE-89

High

WordPress Plugin HB AUDIO GALLERY LITE Arbitrary File Download (1.0.0)

CWE-538

High

WordPress Plugin Health Check & Troubleshooting Arbitrary File Disclosure (1.2.3)

CWE-538

High

WordPress Plugin History Collection Arbitrary File Download (1.1.1)

CWE-538

High

WordPress Plugin HTML5 MP3 Player with Playlist Free Information Disclosure (2.6)

CVE-2014-9177

CWE-200

High

WordPress Plugin IBS Mappro Arbitrary File Download (0.6)

CVE-2015-5472

CWE-22

High

WordPress Plugin Image Export Arbitrary File Download (1.1.0)

CVE-2015-5609

CWE-22

High

WordPress Plugin IP Blacklist Cloud Arbitrary File Disclosure (3.42)

CWE-22

High

WordPress Plugin iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1)

CWE-200

High

WordPress Plugin Jigoshop Information Disclosure (1.17.9)

CWE-200

High

WordPress Plugin JM Twitter Cards Information Disclosure (6.1)

CWE-200

High

WordPress Plugin Log Emails Information Disclosure (1.0.6)

CWE-200

High

WordPress Plugin MAC PHOTO GALLERY 'albid' Parameter Arbitrary File Disclosure (2.8)

CWE-22

High

WordPress Plugin MAC PHOTO GALLERY Arbitrary File Download (3.0)

CWE-538

High

WordPress Plugin Mailing List 'dl.php' Arbitrary File Download (1.4.1)

CWE-22

High

WordPress Plugin Mashshare-Social Media Icons SEO Share Buttons for Facebook, Twitter, Subscribe Information Disclosure (2.3.0)

CWE-200

High

WordPress Plugin Membership Simplified Arbitrary File Download (1.58)

CVE-2017-1002008

CWE-538

High

WordPress Plugin Memphis Documents Library Arbitrary File Download (3.1.5)

CWE-538

High

WordPress Plugin Meta Slider Information Disclosure (3.3.1)

CWE-200

High

WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Disclosure (1.0.4)

CWE-538

High

WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Download (1.0.5)

CWE-538

High

WordPress Plugin MP3-jPlayer Information Disclosure (2.3.2)

CVE-2015-1000008

CWE-200

High

WordPress Plugin MP3-jPlayer Local File Disclosure (2.3)

CWE-538

High

WordPress Plugin Multi Plugin Installer Arbitrary File Disclosure (1.1.0)

CWE-538

High

WordPress Plugin NextGEN Gallery-WordPress Gallery Information Disclosure (1.9.11)

CVE-2013-0291

CWE-200

High

WordPress Plugin Order/Coupon/Subscription Export Import Plugin for WooCommerce (BASIC) Information Disclosure (1.0.8)

CWE-200

High

WordPress Plugin Organizer Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (1.2.1)

CVE-2012-6511 CVE-2012-6512

CWE-79 CWE-200

High

WordPress Plugin Page and Post Clone Information Disclosure (1.1)

CWE-200

High

WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2)

CVE-2008-5752

CWE-22

High

WordPress Plugin Paid Memberships Pro 'memberslist-csv.php' Information Disclosure (1.4.9)

CWE-538

High

WordPress Plugin PAYPAL CURRENCY CONVERTER BASIC FOR WOOCOMMERCE Arbitrary File Disclosure (1.3)

CWE-538

High

WordPress Plugin PICA Photo Gallery 'imgname' Parameter Information Disclosure (1.0)

CWE-22

High

WordPress Plugin Pike Firewall Information Disclosure (1.4)

CWE-200

High

WordPress Plugin Plugin:Newsletter 'data' Parameter Information Disclosure (1.5)

CVE-2012-3588

CWE-22

High

WordPress Plugin RB Agency Local File Disclosure (2.4.7)

CWE-22

High

WordPress Plugin Recent Backups Arbitrary File Download (0.7)

CVE-2015-1000006

CWE-22

High

WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics Arbitrary File Download (0.7)

CWE-22

High

WordPress Plugin Save Contact Form 7 Information Disclosure (2.0)

CWE-200

High

WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.1)

CVE-2014-9511

CWE-538

High

WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.17)

CWE-22

High

WordPress Plugin Service Finder-Provider and Business Listing Local File Disclosure (3.0)

CWE-538

High

WordPress Plugin Share Drafts Publicly Information Disclosure (1.1.4)

CWE-200

High

WordPress Plugin ShareYourCart Information Disclosure (1.6.1)

CVE-2012-4332

CWE-200

High

WordPress Plugin Simple Backup Arbitrary File Download (2.7.10)

CWE-538

High

WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)

CWE-22

High

WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure (1.1.3)

CVE-2012-6313

CWE-200

High

WordPress Plugin Simple History Information Disclosure (1.0.7)

CWE-200

High

WordPress Plugin Simple History Information Disclosure (2.7.4)

CWE-200

High

WordPress Plugin Simple Image Manipulator Arbitrary File Download (1.0)

CVE-2015-1000010

CWE-538

High

WordPress Plugin Simply Static Arbitrary File Download (1.6.2)

CWE-22

High

WordPress Plugin Slideshow Information Disclosure (2.2.21)

CVE-2015-3634

CWE-200

High

WordPress Plugin Slideshow Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (2.1.12)

CWE-79 CWE-200

High

WordPress Plugin SL User Create Information Disclosure (0.2.4)

CWE-200

High

WordPress Plugin Social Discussions Remote File Include and Information Disclosure Vulnerabilities (6.1.1)

CWE-94 CWE-200

High

WordPress Plugin Social Network Tabs Information Disclosure (1.7.1)

CVE-2018-20555

CWE-200

High

WordPress Plugin SS Downloads Cross-Site Request Forgery and Information Disclosure Vulnerabilities (1.4.3)

CWE-352 CWE-538

High

WordPress Plugin SSL Insecure Content Fixer Information Disclosure (2.0.0)

CWE-200

High

WordPress Plugin Stop User Enumeration Cross-Site Scripting (1.3.7)

CWE-79

High

WordPress Plugin Stop User Enumeration Security Bypass (1.3.18)

CWE-264

High

WordPress Plugin Stop User Enumeration User Enumeration (1.2.4)

CWE-203

High

WordPress Plugin Stop User Enumeration User Enumeration (1.3.4)

CWE-203

High

WordPress Plugin Stop User Enumeration User Enumeration (1.3.8)

CWE-203

High

WordPress Plugin Subscribe to Comments Unsubscribe Challenge Information Disclosure (2.0.2)

CWE-200

High

WordPress Plugin Super Refer A Friend Information Disclosure (1.0)

CWE-200

High

WordPress Plugin Swim Team Arbitrary File Download (1.44.1077)

CVE-2015-5471

CWE-22

High

WordPress Plugin Thinkun Remind 'dirPath' Parameter Information Disclosure (1.1.3)

CWE-22

High

WordPress Plugin Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure (1.0.7)

CWE-22

High

WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)

CWE-22

High

WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1)

CWE-22

High

WordPress Plugin Ultimate CSV Importer Arbitrary File Disclosure (3.7)

CWE-22

High

WordPress Plugin Ultimate CSV Importer Information Disclosure (3.6.74)

CWE-200

High

WordPress Plugin Ultimate Member-User Profile & Membership Information Disclosure (1.2.5)

CWE-200

High

WordPress Plugin UnGallery Local File Disclosure (1.5.8)

CWE-22

High

WordPress Plugin UpiCRM-Free WordPress CRM and Lead Management Information Disclosure (2.1.8.5)

CWE-538

High

WordPress Plugin User Meta Manager Information Disclosure (3.4.7)

CWE-200

High

WordPress Plugin Video Embed & Thumbnail Generator Information Disclosure (1.1)

CVE-2012-1786

CWE-200

High

WordPress Plugin Vitamin Multiple Arbitrary File Disclosure Vulnerabilities (1.0.0)

CVE-2012-6651

CWE-22

High

WordPress Plugin W3 Total Cache Information Disclosure (0.9.2.4)

CWE-200

High

WordPress Plugin WebP Express Arbitrary File Disclosure (0.10.0)

CWE-538

High

WordPress Plugin WooCommerce Arbitrary File Download (3.4.5)

CWE-538

High

WordPress Plugin WooCommerce Email Test Information Disclosure (1.5)

CWE-200

High

WordPress Plugin WordPress Backup to Dropbox Information Disclosure (4.7.1)

CWE-200

High

WordPress Plugin WordPress Mobile Pack Information Disclosure (2.0.1)

CVE-2014-5337

CWE-264

High

WordPress Plugin WordPress Mobile Pack Information Disclosure (2.1.2)

CVE-2015-9269

CWE-200

High

WordPress Plugin WordPress renaming tool by Vlajo Arbitrary File Download (1.0)

CVE-2015-4703

CWE-538

High

WordPress Plugin WordPress Social Stream Information Disclosure (1.6)

CWE-522

High

WordPress Plugin WP-DBManager 'wp-config.php' Arbitrary File Download (2.60)

CWE-22

High

WordPress Plugin wp-FileManager Arbitrary File Disclosure (1.3.0)

CWE-22

High

WordPress Plugin Wp-ImageZoom 'file' Parameter Information Disclosure (1.0.3)

CWE-22

High

WordPress Plugin WP-Mon Arbitrary File Disclosure (0.5.1)

CWE-22

High

WordPress Plugin WP-Property-WordPress Powered Real Estate and Property Management Information Disclosure (1.38.3.2)

CWE-200

High

WordPress Plugin WP Attachment Export Arbitrary File Download (0.2.3)

CWE-538

High

WordPress Plugin WP CSS 'wp-css-compress.php' Local File Disclosure (2.0.5)

CWE-22

High

WordPress Plugin WP Custom Pages 'url' Parameter Local File Disclosure (0.5.0.1)

CVE-2011-1669

CWE-22

High

WordPress Plugin WP e-Commerce Shop Styling Arbitrary File Download (2.5)

CVE-2015-5468

CWE-22

High

WordPress Plugin WP Easy full backup Information Disclosure (1.4)

CWE-200

High

WordPress Plugin WP Hide & Security Enhancer Arbitrary File Download (1.3.9.2)

CWE-538

High

WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution Arbitrary File Download (2.4.0)

CVE-2014-9013 CVE-2014-9014

CWE-22

High

WordPress Plugin WP Mobile Edition Arbitrary File Disclosure (2.2.7)

CWE-22

High

WordPress Plugin WP Online Store Local File Include and Multiple File Disclosure Vulnerabilities (1.3.1)

CWE-22 CWE-538

High

WordPress Plugin WP PHP widget Information Disclosure (1.0.2)

CVE-2013-0721

CWE-200

High

WordPress Plugin WP REST API (WP API) Information Disclosure (1.2)

CWE-200

High

WordPress Plugin WP Security Audit Log Information Disclosure (3.1.1)

CVE-2018-8719

CWE-200

High

WordPress Plugin wp superb Slideshow Information Disclosure (2.4)

CWE-200

High

WordPress Plugin wptf-image-gallery Arbitrary File Download (1.0.3)

CVE-2015-1000007

CWE-538

High

WordPress Plugin Yoast SEO Information Disclosure (3.2.4)

CWE-200

High

WordPress Plugin Zip Attachments Arbitrary File Download (1.4)

CVE-2015-4694

CWE-538

High

WordPress REST API User Enumeration

CWE-200

Low

WordPress username enumeration

CWE-200

Medium

WordPress W3 Total Cache plugin predictable cache filenames

CVE-2012-6077 CVE-2012-6078 CVE-2012-6079

CWE-200

High

WPEngine _wpeprivate/config.json information disclosure

CWE-200

High

WS_FTP log file found

CWE-538

Medium

X-Forwarded-For HTTP header security bypass

CWE-287

High

XML external entity injection

CWE-611

High

XML external entity injection and XML injection

CWE-611

High

XML external entity injection via external file

CWE-611

High

XML external entity injection via File Upload

CWE-611

High

Yii2 debug toolkit

CWE-200

Medium

Zend framework configuration file information disclosure

CWE-538

High

Zend Framework local file disclosure via XXE injection

CVE-2012-3363

CWE-611

High

Website Security Scanner