Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Citrix Gateway Open Redirect And XSS Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity CodeIgniter weak encryption key CWE-200 CWE-200 High Insecure Transportation Security Protocol Supported (SSLv2) CWE-326 CWE-326 High Insecure Transportation Security Protocol Supported (SSLv3) CWE-326 CWE-326 High Insecure Transportation Security Protocol Supported (TLS 1.0) CWE-326 CWE-326 High Oracle JavaServer Faces multiple vulnerabilities CVE-2013-3827 CWE-22 CWE-22 High Padding oracle attack CWE-209 CWE-209 High PrimeFaces 5.x Expression Language injection CVE-2017-1000486 High Telerik.Web.UI.dll Cryptographic Weakness CVE-2017-9248 CWE-338 CWE-338 High The DROWN attack (SSLv2 supported) CVE-2016-0800 CWE-310 CWE-310 High The Heartbleed Bug CVE-2014-0160 CWE-200 CWE-200 High WordPress plugin WPtouch insecure nonce generation CWE-287 CWE-287 High