Severity High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Apache Struts2 remote command execution (S2-045) CVE-2017-5638 CWE-94 CWE-94 High Apache Struts2 Remote Command Execution (S2-048) CVE-2017-9791 CWE-94 CWE-94 High Apache Struts2 Remote Command Execution (S2-052) CVE-2017-9805 CWE-94 CWE-94 High Apache Struts2 Remote Command Execution (S2-053) CVE-2017-12611 CWE-94 CWE-94 High Apache Tomcat examples directory vulnerabilities CWE-264 CWE-264 Medium Authentication bypass via MongoDB operator injection CWE-943 CWE-943 High CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability CVE-2010-4335 CWE-20 CWE-20 High CKEditor 4.0.1 cross-site scripting vulnerability CWE-79 CWE-79 High DotNetNuke multiple vulnerabilities CVE-2012-1030 CWE-79 CWE-79 High Drupal 7 arbitrary PHP code execution and information disclosure CVE-2012-4553 CVE-2012-4554 CWE-264 CWE-264 High Drupal Views module information disclosure vulnerability CWE-200 CWE-200 Medium Ektron CMS400.NET ContentRatingGraph.aspx SQL injection CVE-2008-5122 CWE-89 CWE-89 High Ektron CMS multiple vulnerabilities CWE-434 CWE-434 High Ektron CMS unauthenticated code execution and Local File Read CVE-2012-5357 CVE-2012-5358 CWE-20 CWE-20 High Gallery 3.0.4 remote code execution CWE-20 CWE-20 High Horde/IMP Plesk webmail exploit CWE-20 CWE-20 High IBM Lotus Domino web server Cross-Site Scripting vulnerabilities CVE-2012-3301 CVE-2012-3302 CWE-79 CWE-79 High IBM Tivoli Access Manager directory traversal CVE-2010-4622 CVE-2011-0494 CWE-22 CWE-22 High Invision Power Board version 3.3.4 unserialize PHP code execution CVE-2012-5692 CWE-20 CWE-20 High Joomla! 1.6.0 SQL injection vulnerability CVE-2011-1151 CWE-89 CWE-89 High Joomla! 1.7/2.5 SQL injection vulnerability CVE-2012-1116 CWE-89 CWE-89 High Kayako Fusion v4.51.1891 - multiple web vulnerabilities CWE-79 CWE-79 High Liferay JSON service API authentication vulnerability CWE-287 CWE-287 High MediaWiki multiple remote vulnerabilities CVE-2012-4377 CVE-2012-4378 CWE-79 CWE-79 High MoinMoin CVE-2012-6081 multiple arbitrary code execution vulnerabilities CVE-2012-6081 CWE-434 CWE-434 High MongoDB $where operator JavaScript injection CWE-943 CWE-943 High MongoDB injection CWE-943 CWE-943 High Moveable Type 4.x unauthenticated remote command execution CVE-2013-0209 CWE-287 CWE-287 High Multiple critical vulnerabilities in Apache Struts2 CVE-2012-0393 CWE-264 CWE-264 High Nginx PHP code execution via FastCGI CWE-94 CWE-94 High Nginx stack-based buffer overflow CVE-2013-2028 CWE-189 CWE-189 High OpenX arbitrary file upload CVE-2009-4140 CWE-434 CWE-434 High OpenX xajaxargs SQL injection vulnerability CWE-89 CWE-89 High Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability CVE-2011-0807 CWE-287 CWE-287 High Parallels Plesk SQL injection vulnerability CVE-2012-1557 CWE-89 CWE-89 High PHP-CGI remote code execution CVE-2012-1823 CVE-2012-2311 CWE-20 CWE-20 High phpThumb() fltr[] parameter command injection vulnerability CVE-2010-1598 CWE-20 CWE-20 High Rails mass assignment CWE-915 CWE-915 High Roundcube security updates 0.8.6 and 0.7.3 CVE-2013-1904 CWE-22 CWE-22 High Ruby on Rails SQL injection CVE-2012-2695 CWE-89 CWE-89 High Security update: Hotfix available for ColdFusion CVE-2013-0625 CVE-2013-0629 CVE-2013-0631 CVE-2013-0632 CWE-255 CWE-255 High SQL Injection in Symphony CVE-2013-2559 CWE-89 CWE-89 High Struts2/XWork remote command execution (S2-014) CVE-2013-1966 CVE-2013-2115 CWE-94 CWE-94 High timthumb.php remote code execution CVE-2011-4106 CWE-20 CWE-20 High TinyMCE ajax_create_folder remote code execution vulnerability CWE-94 CWE-94 High Umbraco CMS remote code execution CWE-94 CWE-94 High Uploadify arbitrary file upload CWE-434 CWE-434 High vBSEO 3.6.0 PHP code injection CVE-2012-5223 CWE-94 CWE-94 High vBulletin 4 (up to 4.1.2) search.php SQL injection CWE-89 CWE-89 High VMware directory traversal and privilege escalation vulnerabilities CVE-2009-2267 CVE-2009-3733 CWE-22 CWE-22 High Vulnerable package dependencies [high] CWE-1104 CWE-1104 High Vulnerable package dependencies [low] CWE-1104 CWE-1104 Low Vulnerable package dependencies [medium] CWE-1104 CWE-1104 Medium WooFramework shortcode exploit CWE-95 CWE-95 High WordPress caching plugins PHP code execution CVE-2013-2010 CWE-95 CWE-95 High WordPress W3 Total Cache plugin predictable cache filenames CVE-2012-6077 CVE-2012-6078 CVE-2012-6079 CWE-200 CWE-200 High Zend Framework local file disclosure via XXE injection CVE-2012-3363 CVE-2015-5161 CWE-611 CWE-611 High