Web Application Vulnerabilities Index

The web application vulnerabilities index lists vulnerabilities according to its severity and is classified by the compliance standard it falls under.

Severity Calculation

Severity is calculated by combining the likelihood and impact of the particular vulnerability. Likelihood is a measure of how a particular vulnerability can be uncovered or exploited by an attacker. Impact measures the effect a particular vulnerability can have on the application, its data, functions and the business operation.

C

H

M

L

I

Vulnerability Category

Critical
High
Medium
Low
Info
Vulnerability Name
Classification
Severity
Vulnerability Name
vBulletin SQLI
Classification
CVE-2020-12720 CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H SQL Injection OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C3 CAPEC-66 HIPAA-89 ISO27001-A.14.2.5 WASC-19 WSTG-INPV-05
Critical
Vulnerability Name
vBulletin Pre-Auth RCE
Classification
CVE-2020-17496 CVE-2019-16759 CWE-74 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H OWASP API,2019-API7 OWASP,2010-A4, 2013-A4, 2013-A9, 2017-A5, 2017-A9 WASC
Critical
Vulnerability Name
fuelCMS 1.4.1 - Remote Code Execution
Classification
CVE-2018-16763 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-74 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08
Critical
Vulnerability Name
Unauthenticated RCE at Mida eFramework on ‘PDC/ajaxreq.php’
Classification
CVE-2020-15920 CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Critical
Vulnerability Name
Unauthenticated Oracle WebLogic Server RCE
Classification
CVE-2020-2551 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-502 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08
Critical
Vulnerability Name
TerraMaster TOS v4.1.24 RCE
Classification
CVE-2020-15568 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 CWE-94 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Critical
Vulnerability Name
Spring Data Commons Unauthenticated RCE
Classification
CWE ID-20 OWASP 2013-A1 OWASP 2017-A1 CVE-2018-1273 CVSS Score 7.5
Critical
Vulnerability Name
SaltStack Shell Injection
Classification
CVE-2020-16846 OWASP 2013-A1 OWASP 2017-A1 CAPEC-88 CWE-78 WASC- 31
Critical
Vulnerability Name
RCE in MobileIron Core & Connector
Classification
CVE-2020-15505 CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Critical
Vulnerability Name
PhpMyAdmin 4.8.1 Remote File Inclusion
Classification
CVE-2018-12613 CWE-287 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Critical
Vulnerability Name
Oracle WebLogic Server Administration Console Handle RCE
Classification
CVE-2020-14882 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-78 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08
Critical
Vulnerability Name
Netsweeper WebAdmin unixlogin.php Python Code Injection
Classification
CVE-2020-13167 CWE-74 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Critical
Vulnerability Name
Microsoft SharePoint Server-Side Include (SSI) and ViewState RCE
Classification
CVE-2020-16952 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CWE-346 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08
Critical
Vulnerability Name
Micro Focus UCMDB RCE
Classification
CVE-2020-11854 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242, CWE-94, HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Critical
Vulnerability Name
LinuxKI Toolset 6.01 Remote Command Execution
Classification
CVSS Score 7.5 OWASP 2013-A1 OWASP 2017-A1 CVE-2020-7209
Critical
Vulnerability Name
Liferay Portal Unauthenticated RCE
Classification
CVE-2020-7961 CWE-502 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Critical
Vulnerability Name
Klog Server Unauthenticated Command Injection
Classification
CVE-2020-35729 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2020-35749 CWE-22 OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C7 CAPEC-118 ISO27001-A.18.1.4 WASC-13
Critical
Vulnerability Name
Inspur ClusterEngine V4.0 RCE
Classification
CVE-2020-21224 CWE-88 CVSS:AV:N/AC:L/Au:N/C:C/I:C/A:C
Critical
Vulnerability Name
Emby Server SSRF
Classification
CVE-2020-26948 CWE-918 OWASP 2013-A5 OWASP 2017-A6 ISO27001-A.14.2.5 WASC-20
Critical
Vulnerability Name
ElasticSearch v1.1.1/1.2 RCE
Classification
CVE-2014-3120 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CWE-78 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08
Critical
Vulnerability Name
Dell iDRAC7 and iDRAC8 Devices Code Injection/RCE
Classification
CVE-2018-7600 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 CWE-94 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Critical
Vulnerability Name
Create an Administrative User in SAP NetWeaver AS JAVA
Classification
CVE-2020-35338 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-798 OWASP 2013-A2 OWASP 2017-A2
Critical
Vulnerability Name
Create an Administrative User in SAP NetWeaver AS JAVA
Classification
CVE-2020-6287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CWE-287 OWASP 2013-A2 OWASP 2017-A2 OWASP PC-C4
Critical
Vulnerability Name
Cockpit prior to 0.12.0 NoSQL injection in /auth/newpassword
Classification
CWE ID CVSS Score 7.5 OWASP 2013-A1 OWASP 2017-A1 CVE-2020-35476
Critical
Vulnerability Name
Cockpit prior to 0.12.0 NoSQL injection in /auth/check
Classification
CVE-2020-35846 CWE-89 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Critical
Vulnerability Name
Cockpit prior to 0.12.0 NoSQL injection in /auth/resetpassword
Classification
CVE-2020-35847 CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C3 CAPEC-66 HIPAA-89 ISO27001-A.14.2.5 WASC-19 WSTG-INPV-05
Critical
Vulnerability Name
Artica Web Proxy 4.30 Authentication Bypass
Classification
CVE-2020-17506 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-89 OWASP 2013-A2 OWASP 2017-A2
Critical
Vulnerability Name
Apache Struts2 S2-057 RCE
Classification
CVE-2018-11776 CWE-917 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Critical
Vulnerability Name
DrayTek pre-auth RCE
Classification
CVE-2020-8515 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 CWE-94 HIPAA-94 ISO27001-A.14.2.5, WSTG-INPV-08
Critical
Vulnerability Name
Apache Flink Upload Path Traversal
Classification
CVE-2020-17518 CWE-22 OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 HIPAA-22 ISO27001-A.14.2.5 WASC-33
Critical
Vulnerability Name
Alerta Authentication Bypass
Classification
CVE-2020-26214 CWE-287 OWASP 2013-A2 OWASP 2017-A2 Authentication Bypass
Critical
Vulnerability Name
Dell iDRAC7 and iDRAC8 Devices Code Injection/RCE
Classification
CWE ID-74 OWASP 2013-A1 OWASP 2017-A1 CVE-2016-5685 CVSS Score 9.0
Critical
Vulnerability Name
vRealize Operations Manager API SSRF
Classification
CVE-2021-21975 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-918 OWASP 2013-A6 OWASP 2017-A5
Critical
Vulnerability Name
thinkcmf RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 CWE-94 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Critical
Vulnerability Name
YouPHPTube Encoder RCE
Classification
CVE-2019-5127 CWE-78 CVSS:AV:N/AC:L/Au:N/C:P/I:P/A:P
Critical
Vulnerability Name
nostromo 1.9.6 - Remote Code Execution
Classification
CVE-2019-16278 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-22 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08
Critical
Vulnerability Name
eYou E-Mail system RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 CWE-94 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Critical
Vulnerability Name
eMerge E3 1.00-06 - Remote Code Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 CVE-2019-7265 CVSS Score 10.0 CWE ID 798
Critical
Vulnerability Name
Apache tika 1.15-1.17 header command injection
Classification
CVE-2018-1335 CWE-94
Critical
Vulnerability Name
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
Classification
CWE ID-20 OWASP 2013-A1 OWASP 2017-A1 CVE-2013-2251 CVSS Score 9.3
Critical
Vulnerability Name
Zimbra Collaboration XXE
Classification
CVE-2019-9670 OWASP 2013-A1 OWASP 2017-A4 OWASP PC-C3 CAPEC-376 CWE-611 HIPAA-611 ISO27001-A.14.2.5 WASC-43 WSTG-INPV-07
Critical
Vulnerability Name
Zeroshell 3.9.0 Remote Command Execution
Classification
CVE-2019-12725 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 CWE-94 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Critical
Vulnerability Name
Zabbix Authentication Bypass
Classification
CVE-2019-17382 CWE-639
Critical
Vulnerability Name
WeiPHP 5.0 Path Traversal
Classification
Critical
Vulnerability Name
WebDAV 'ScStoragePathFromUrl' Remote Buffer Overflow
Classification
OWASP 2013-A2 OWASP 2017-A2,A4 CAPEC-100 CWE-119 WASC-7 WSTG-INPV-13 CVE-2017-7269
Critical
Vulnerability Name
VMware vCenter Unauthenticated RCE
Classification
CVE-2021-21972 CWE-918 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Critical
Vulnerability Name
VMware View Planner Unauthenticated RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 CWE-94 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08 CVE-2021-21978
Critical
Vulnerability Name
Unauthenticated Multiple D-Link Routers RCE
Classification
CVE-2019-16920 OWASP 2013-A1 OWASP 2017-A1 CAPEC-88 CWE-78 WASC- 31 WSTG-INPV-08
Critical
Vulnerability Name
Trend Micro Threat Discovery Appliance Auth Bypass via Directory Traversal
Classification
CVE-2016-7552 CWE-22
Critical
Vulnerability Name
ThinkPHP 5.0.9 Information Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200 WSTG-CRYP-03
Critical
Vulnerability Name
ThinkPHP 5.0.23 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 CWE-94 ISO27001-A.14.2.5
Critical
Vulnerability Name
ThinkPHP 5.0.22 RCE
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200 WSTG-CRYP-03
Critical
Vulnerability Name
Spring Boot H2 Database RCE
Classification
CVSS score 1.9 HIPAA-94 CWE-94 ISO27001-A.14.2.5 OWASP 2013-A1 PCI v3.2 CAPEC-242 OWASP 2017-A1 CVE-2018-1273
Critical
Vulnerability Name
Simple Employee Records System 1.0 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 CWE-94 ISO27001-A.14.2.5 WSTG-INPV-08
Critical
Vulnerability Name
Simple Employee Records System 1.0 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 CWE-94, HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Critical
Vulnerability Name
Sangfor EDR 3.2.17R1/3.2.21 RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 CWE-94 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Critical
Vulnerability Name
Samsung Wlan AP (WEA453e)RCE
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 CWE-94 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Critical
Vulnerability Name
RocketChat Unauthenticated Read Access
Classification
OWASP 2013-A2 OWASP 2017-A2 CVE-2020-11651 CVSS Score 7.5 CWE ID 20
Critical
Vulnerability Name
RocketChat Unauthenticated Read Access
Classification
Critical
Vulnerability Name
OA TongDa Path Traversal
Classification
CWE-94 OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Critical
Vulnerability Name
Openfire Full Read SSRF
Classification
CVE-2019-2725 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Critical
Vulnerability Name
Oracle WebLogic RCE
Classification
CVE-2018-2894 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H OWASP 2013-A2 OWASP 2017-A2
Critical
Vulnerability Name
Openfire Full Read SSRF
Classification
CVE-2019-18394 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Critical
Vulnerability Name
OA TongDa Path Traversal
Classification
OWASP 2013-A7 OWASP 2017-A5 CWE-22
Critical
Vulnerability Name
Misconfigured Docker on Default Port
Classification
WASC-15
Critical
Vulnerability Name
LARAVEL less than or equal to V8.4.2 DEBUG MODE - REMOTE CODE EXECUTION
Classification
CVE-2021-3129
Critical
Vulnerability Name
Kibana Timelion Arbitrary Code Execution
Classification
CVE-2019-7608 CVE-2019-7609 CVE-2019-7610 CWE-94 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Critical
Vulnerability Name
Kentico CMS Insecure Deserialization RCE
Classification
CVE-2019-10068 CWE-502 OWASP 2017-A8
Critical
Vulnerability Name
Jenkins 2.138 Remote Command Execution
Classification
CVE-2018-1000861 OWASP 2013-A1 OWASP 2017-A1
Critical
Vulnerability Name
Horde Groupware Unauthenticated
Classification
CVSS score 7.5 CWE 284 OWASP 2013-A1 OWASP 2017-A1 CVE-2015-1427
Critical
Vulnerability Name
Harbor Enables Privilege Escalation From Zero to admin
Classification
CVE-2019-16097 CWE-284 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Critical
Vulnerability Name
FortiLogger Unauthenticated Arbitrary File Upload
Classification
CVE-2021-3378
Critical
Vulnerability Name
F5 BIG-IP iControl REST unauthenticated RCE
Classification
CVE-2021-22986 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 CWE-94 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Critical
Vulnerability Name
Exchange Server SSRF Vulnerability
Classification
CVE-2021-26855 CVSS:3.0 9.1 / 8.4
Critical
Vulnerability Name
ElasticSearch 1.4.0/1.4.2 RCE
Classification
CVSS score 7.5 CWE 284 OWASP 2013-A1 OWASP 2017-A1 CVE-2015-1427
Critical
Vulnerability Name
Drupal 8 core RESTful Web Services RCE
Classification
CVE-2019-6340 CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Critical
Vulnerability Name
Comodo Unified Threat Management Web Console 2.7.0 - RCE
Classification
CVE-2018-17431 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Critical
Vulnerability Name
Cisco IOS 12.2(55)SE11 Remote Code Execution
Classification
CVE-2017-3881 CWE-94 OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Critical
Vulnerability Name
Atlassian Jira template injection
Classification
CVE-2019-11581
Critical
Vulnerability Name
Atlassian Crowd & Crowd Data Center - Unauthenticated RCE
Classification
CVE-2019-11580 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CWE-22 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08
Critical
Vulnerability Name
Artifactory Access-Admin Login Bypass
Classification
OWASP 2013-A2 OWASP 2017-A2 CVE-2019-9733 CVSS Score 7.5
Critical
Vulnerability Name
Apache Tomcat RCE
Classification
CWE ID-434 CVSS Score 6.8 OWASP 2013-A1 OWASP 2017-A1 CVE-2017-12615
Critical
Vulnerability Name
Apache Struts2 S2-053 RCE
Classification
CVE-2017-12611 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-94 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08
Critical
Vulnerability Name
Apache Struts2 S2-052 RCE
Classification
CVE-2017-9805 CWE-94 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H OWASP 2017-A8
Critical
Vulnerability Name
Apache Struts2 S2-012 RCE
Classification
CVE-2013-1965 CWE-94 CVSS:3.0/AV:N/AC:M/Au:N/C:C/I:C/A:C OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-242 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Critical
Vulnerability Name
Apache Struts2 S2-008 RCE
Classification
CVE-2012-0392 CWE-264 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94
Critical
Vulnerability Name
Apache Struts2 S2-001 RCE
Classification
CVE-2007-4556 CVSS:2/AV:N/AC:L/Au:N/C:P/I:N/A:N CWE-200 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08M
Critical
Vulnerability Name
Apache Struts2 RCE
Classification
CVE-2017-5638 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N OWASP 2013-A1 OWASP 2017-A1
Critical
Vulnerability Name
Apache Solr 8.3.0 - Remote Code Execution via Velocity Template
Classification
CVE-2019-17558 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CWE-20 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08
Critical
Vulnerability Name
Apache OFBiz RMI deserializes Arbitrary Code Execution
Classification
CVE-2021-26295 CWE-502 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Critical
Vulnerability Name
Apache Flink Unauth RCE
Classification
CVSS score 1.9 HIPAA-94 CWE-94 ISO27001-A.14.2.5 OWASP 2013-A1 PCI v3.2 CAPEC-242 OWASP 2017-A1 CVE-2020-1960
Critical
Vulnerability Name
Apache Druid RCE
Classification
CWE ID-434 CVSS Score 6.8 OWASP 2013-A1 OWASP 2017-A1 CVE-2017-12615
Critical
Vulnerability Name
AEM Groovy console enabled
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 CWE-94 HIPAA-94 ISO27001-A.14.2.5 WSTG-INPV-08
Critical
Vulnerability Name
ILO4 Authentication bypass
Classification
CVE-2017-12542 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H OWASP 2013-A2 OWASP 2017-A2 OWASP PC-C4
Critical
Vulnerability Name
Klog Server Unauthenticated Command Injection
Classification
CVE-2020-35729 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2020-35749 CWE-22 OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C7 CAPEC-118 ISO27001-A.18.1.4 WASC-13
Critical
Vulnerability Name
Artica Web Proxy 4.30 Authentication Bypass
Classification
CVE-2020-17506 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-89 OWASP 2013-A2 OWASP 2017-A2
Critical
Vulnerability Name
Inspur ClusterEngine V4.0 RCE
Classification
CVE-2020-21224 CWE-88 CVSS:AV:N/AC:L/Au:N/C:C/I:C/A:C
Critical
Vulnerability Name
Oracle WebLogic Server Administration Console Handle RCE
Classification
CVE-2020-14882 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-78 OWASP 2013-A1 OWASP 2017-A1 CAPEC-242 ISO27001-A.14.2.5 HIPAA-94 WSTG-INPV-08
Critical
Vulnerability Name
SMBGhost Vulnerability (CVE-2020-0796)
Classification
OWASP 2017-A9 OWASP 2013-A9 CWE-119 WSTG-INPV-08
Critical
Vulnerability Name
PHP-FPM Vulnerability (CVE-2019-11043) with NGINX
Classification
OWASP 2013-A9 OWASP 2017-A9 CWE-787
Critical
Vulnerability Name
Union Query SQL Injection (SQLi)
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C3 PCI v3.2- CAPEC-66 CWE-89 HIPAA-89 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05 WASC-19
Critical
Vulnerability Name
TLS(Transport Layer Security) protocol version outdated
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C1 PCI v3.2- CAPEC-217 CWE-311 HIPAA-311 ISO27001-A.14.1.3 WASC-4 WSTG-CRYP-01
Critical
Vulnerability Name
Stacked Queries SQL Injection (SQLi)
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C3 PCI v3.2- CAPEC-66 CWE-89 HIPAA-89 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05 WASC-19
Critical
Vulnerability Name
SSL(Secure Sockets Layer) protocol version outdated
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C1 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2 OWASP PC-C1 WSTG-CRYP-01
Critical
Vulnerability Name
SQL injection(SQLi)
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C3 PCI v3.2- CAPEC-66 CWE-89 HIPAA-89 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05 WASC-19
Critical
Vulnerability Name
PHP Config contain database IDs and passwords.
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 PC-C7 CAPEC-118 CWE-213 ISO27001-A.18.1.4 WASC-13
Critical
Vulnerability Name
Inline Queries SQL Injection (SQLi)
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C3 PCI v3.2- CAPEC-66 CWE-89 HIPAA-89 ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Critical
Vulnerability Name
Error based SQL Injection (SQLi)
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C3 PCI v3.2- CAPEC-66 CWE-89 HIPAA-89 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N WSTG-INPV-05 WASC-19
Critical
Vulnerability Name
Boolean based Blind SQL Injection (SQLi)
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C3 PCI v3.2- CAPEC-66 CWE-89 HIPAA-89 ISO27001-A.14.2.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N WSTG-INPV-05 WASC-19
Critical
Vulnerability Name
US Social Security Number disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CAPEC-375 CWE-200 WSTG-ATHN-06 WASC-13
Critical
Vulnerability Name
Test for XML-RPC Interface
Classification
OWASP 2013-A2 OWASP 2017-A2 WASC-11 CWE-307
Critical
Vulnerability Name
Test For Oracle Application Server
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C3 WASC-14
Critical
Vulnerability Name
Stored Cross Site Scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP PC-C4 PCI v3.2- CAPEC-19 CWE-79 HIPAA-79 ISO27001-A.14.2.5 WASC-8 WSTG-INPV-02
Critical
Vulnerability Name
Server Vulnerabilities And Misconfiguration For Sensitive Information
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C3 CAPEC-21 CWE-200 WASC-14 WSTG-CONF-03
Critical
Vulnerability Name
Potential Web Backdoor
Classification
OWASP 2017-A10 PCI v3.2- CAPEC-443 CWE-507 HIPAA-507 ISO27001-A.12.2.1 WASC-15 WSTG-INFO-09
Critical
Vulnerability Name
Parameter Tampering
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C5 CAPEC-460 CWE-233 WASC-13 WSTG-INPV-04
Critical
Vulnerability Name
PHP code injection
Classification
OWASP 2013-A1 OWASP 2017-A1 CWE-94 CAPEC-23 HIPAA-94 ISO27001-A.14.2.5 WASC-20 WSTG-INPV-11
Critical
Vulnerability Name
Microsoft RDS Arbitrary Remote Command Execution
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C5 WASC-31 CWE-94
Critical
Vulnerability Name
Meridian Integrated Personal Call Director Password Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200 WASC-13 WSTG-ATHN-03
Critical
Vulnerability Name
Joomla User Registration Process
Classification
OWASP 2017-A6,OWASP 2017- A9 OWASP 2013-A5 WASC-13
Critical
Vulnerability Name
Joomla Core vulnerability
Classification
OWASP 2013-A9 OWASP 2017-A9 CWE-79
Critical
Vulnerability Name
Credit Card number disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C7 PCI v3.2-PC-C7 CAPEC-118 CWE-213 ISO27001-A.18.1.4 WSTG-ATHN-06 WASC-13
Critical
Vulnerability Name
Captcha Image Detected
Classification
OWASP 2013-A2 OWASP 2017-A2 CWE-804
Critical
Vulnerability Name
Bash Command Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C3 PCI v3.2- CAPEC-88 CWE-78 HIPAA-78 ISO27001-A.14.2.5 WSTG-INPV-12 WASC-31
Critical
Vulnerability Name
Administration page exposure
Classification
OWASP 2013-A7 OWASP 2017-A5 PCI v3.2-PC-C6 CAPEC-87 CWE-425 HIPAA-425 ISO27001-A.9.4.1 WASC-34 WSTG-CONF-05
Critical
Vulnerability Name
WordPress Theme 'Elegant' Privilege Escalation
Classification
OWASP 2013-A7 OWASP 2017-A5 OWASP PC-C7 CWE-269 WASC-17 WSTG-ATHZ-03
Critical
Vulnerability Name
WordPress Server Side Request Forgery
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-918 ISO27001-A.14.2.5 WASC-20 WSTG-INPV-19
Critical
Vulnerability Name
WordPress SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C3 PCI v3.2- CAPEC-66 CWE-89 HIPAA-89 ISO27001-A.14.2.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WASC-19 WSTG-INPV-05
Critical
Vulnerability Name
WordPress Plugin Reflected Cross Site Scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP PC-C4 WASC-08 WSTG-INPV-01 CWE-79
Critical
Vulnerability Name
WordPress Authentication Bypass
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP PC-C7 CAPEC-115 CWE-287 WASC-01 WSTG-ATHN-04
Critical
Vulnerability Name
WordPress Authenticated SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C3 PCI v3.2- CAPEC-66 CWE-89 HIPAA-89 ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
Critical
Vulnerability Name
Origin Spoof Access Restriction Bypass
Classification
OWASP 2013-A1 OWASP 2017-A1 CWE-290 WASC-13
Critical
Vulnerability Name
Source code disclosure
Classification
OWASP 2013-A5 OWASP 2017-A3 CAPEC-118 CWE-540 HIPAA-540 ISO27001-A.9.4.5 WASC-13
Critical
Vulnerability Name
Document Object Model Based Cross Site Scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP PC-C4 PCI v3.2- CAPEC-19 CWE-79 HIPAA-79 ISO27001-A.14.2.5 WASC-8 WSTG-CLNT-01
Critical
Vulnerability Name
Directory Traversal
Classification
OWASP 2013-A1 OWASP 2017-A1 CWE-22 WASC-33 CAPEC-213 WSTG-INFO-08
Critical
Vulnerability Name
Common Backdoors
Classification
OWASP 2017-A5 PCI v3.2 CAPEC-443 CWE-507 HIPAA-507 ISO27001-A.12.2.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H WASC-15
Critical
Vulnerability Name
Code Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 WSTG-INPV-11 WASC-19 OWASP PC-C3 WSTG-INPV-11 CWE-94 CAPEC-242
Critical
Vulnerability Name
Blind OS Command Injection Using Timing Attacks
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C3 PCI v3.2- CAPEC-88 CWE-78 HIPAA-78 ISO27001-A.14.2.5 WASC-31 WSTG-INPV-12
Critical
Vulnerability Name
Wordpress Themes Email Spoofing
Classification
CWE-151 OWASP 2013-A9 OWASP 2017-A9 CAPEC-151 WASC-12
Critical
Vulnerability Name
WordPress unsafe redirect for login
Classification
OWASP 2017-A1 OWASP 2017-A1 CWE-601 WASC-38
Critical
Vulnerability Name
WordPress unpatched Denial Of Service (DoS)
Classification
OWASP 2017-A2 OWASP 2013-A9 OWASP PC-C10 CAPEC-469 WASC-10 CWE-400
Critical
Vulnerability Name
WordPress arbitrary file upload and download
Classification
OWASP 2013-A9 OWASP 2017-A9 CWE-434 WASC-31
Critical
Vulnerability Name
WordPress WPDB SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C3 CWE-89 WASC-19
Critical
Vulnerability Name
WordPress VideoJS plugins Cross-site Scripting (XSS)
Classification
OWASP 2013-A3 OWASP 2017-A7 PCI v3.2- CAPEC-19 CWE-79 HIPAA-79 ISO27001-A.14.2.5 WASC-8 WSTG-INPV-05
Critical
Vulnerability Name
WordPress Themes Information Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200 WASC-08
Critical
Vulnerability Name
WordPress Slider Revolution Shell Upload
Classification
OWASP 2013-A9 OWASP 2017-A9 CWE-434 WASC-31
Critical
Vulnerability Name
WordPress Slider Revolution Local File Disclosure
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.2.5 WASC-33
Critical
Vulnerability Name
WordPress Refraction Theme Multiple Vulnerabilities
Classification
OWASP 2013-A9 OWASP 2017-A9
Critical
Vulnerability Name
WordPress RSS and Atom Feed Escaping
Classification
OWASP 2013-A3 OWASP 2017-A7 CWE-79 WASC-08
Critical
Vulnerability Name
WordPress Plugin VideoJS and Cross Site Scripting
Classification
OWASP 2017-A3 OWASP 2017-A7 CWE-79 WASC-08 OWASP PC-C4
Critical
Vulnerability Name
WordPress Open Redirect
Classification
OWASP 2013-A10 OWASP 2017-A9 CWE-601 WASC-38 WSTG-CLNT-04
Critical
Vulnerability Name
WordPress Multiple Themes Privilege Escalation
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C6 CWE-269 WASC-17 WSTG-ATHZ-03
Critical
Vulnerability Name
WordPress MediaElement Cross-Site Scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP PC-C4 PCI v3.2- CAPEC-19 CWE-79 HIPAA-79 ISO27001-A.14.2.5 WASC-8
Critical
Vulnerability Name
WordPress Key Weak Hashing
Classification
OWASP 2013-A9 OWASP 2017-A9 WSTG-CRYP-04 WASC-04 CWE-330
Critical
Vulnerability Name
WordPress HTML Language Attribute Escaping
Classification
OWASP 2013-A9 OWASP 2017-A9 CWE-79 WSTG-INFO-08
Critical
Vulnerability Name
WordPress Escape Version in Generator Tag
Classification
OWASP 2013-A3 OWASP 2017-A7 CWE-79 WSTG-INFO-08
Critical
Vulnerability Name
WordPress Directory traversal
Classification
OWASP 2013-A5 OWASP 2017-A6 CAPEC-213 CWE-22 WASC-33 WSTG-INFO-08
Critical
Vulnerability Name
WordPress Default localhost vulnerability
Classification
OWASP 2013-A5 OWASP 2017-A6 WSTG-INFO-08 CWE-601
Critical
Vulnerability Name
WordPress Cross-Site Scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 PCI v3.2- CAPEC-19 CWE-79 HIPAA-79 WSTG-INFO-08 ISO27001-A.14.2.5 WASC-8 OWASP PC-C4
Critical
Vulnerability Name
Ghostcat Vulnerability (CVE-2020–1938)
Classification
OWASP 2013-A9 OWASP 2017-A9 CWE-434 WASC-13
Critical
Vulnerability Name
Format string vulnerability
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-135 CWE-134 WASC-06
Critical
Vulnerability Name
Document Object Model Cross Site Scripting on WordPress
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP PC-C4 PCI v3.2- CAPEC-19 CWE-79 HIPAA-79 ISO27001-A.14.2.5 WASC-8 WSTG-CLNT-01
Critical
Vulnerability Name
Authentication Bypass and Stored Cross Site Scripting
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP PC-C4 CWE-79 WASC-08 WSTG-INPV-02
Critical
Vulnerability Name
phpMyExplorer Directory traversal
Classification
OWASP 2013-A7 OWASP 2017-A5 CAPEC-213 CWE-22 WASC-33 WSTG-ATHZ-01
Critical
Vulnerability Name
XPath Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 CWE-643 WSTG-INPV-09 CAPEC-83 WASC-39
Critical
Vulnerability Name
Unvalidated Redirects and Forwards
Classification
OWASP 2013-A10 OWASP 2017-A6 CWE-601 ISO27001-A.14.2.5 WASC-38
Critical
Vulnerability Name
Shellshock vulnerability
Classification
OWASP 2013-A1 OWASP 2017-A8 PCI v3.2- CAPEC-88 CWE-78 HIPAA-78 ISO27001-A.14.2.5 WASC-31
Critical
Vulnerability Name
Remote OS Command Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-88 CWE-78 WASC-31
Critical
Vulnerability Name
Regular expression Denial of Service vulnerability
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C9 PC-C9 CAPEC-492 CWE-400 ISO27001-A.14.1.2 WASC-10
Critical
Vulnerability Name
Reflected File Download vulnerability
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-375 CWE-840 ISO27001-A.14.2.5 WASC-42
Critical
Vulnerability Name
Lightweight Directory Access Protocol (LDAP) injection
Classification
OWASP 2013-A1 OWASP 2017-A1 CWE-20 WASC-29 CAPEC-136 WSTG-INPV-06
Critical
Vulnerability Name
IMAP/SMTP Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C4 CAPEC-183 CWE-77 WSTG-INPV-10
Critical
Vulnerability Name
Database can be read without authentication
Classification
OWASP 2013-A2 OWASP 2017-A2 WASC-01 CWE-306 OWASP PC-C3
Critical
Vulnerability Name
Cross Site Scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP PC-C4 PCI v3.2- CAPEC-19 CWE-79 HIPAA-79 ISO27001-A.14.2.5 WASC-8 WSTG-INPV-02
Critical
Vulnerability Name
Common Gateway Interface Vulnerability
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-200
Critical
Vulnerability Name
Clickjacking
Classification
OWASP 2013-A5 OWASP 2017-A6 CAPEC-103 CWE-1021 WSTG-CLNT-09 WASC-15
Critical
Vulnerability Name
Website contains Mercurial metadata directory
Classification
OWASP 2013-A5 OWASP 2017-A6 WSTG-INFO-05 WASC-13 CWE-1230
Critical
Vulnerability Name
Website contains SVN metadata directory
Classification
OWASP 2013-A5 OWASP 2017-A6 WSTG-INFO-05
Critical
Vulnerability Name
Website contains Git metadata directory
Classification
OWASP 2013-A5 OWASP 2017-A6 WSTG-INFO-05
Critical
Vulnerability Name
The DROWN attack
Classification
OWASP 2013-A9 OWASP 2017-A9 CWE-310 WASC-14
Critical
Vulnerability Name
Heartbleed vulnerability
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C1 WSTG-CRYP-01 WASC-04 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2
Critical
Vulnerability Name
Cross-Origin Resource Sharing implemented with universal access
Classification
OWASP 2013-A5 OWASP 2017-A6 WSTG-CLNT-07 WASC-14 CWE-942
Critical
Vulnerability Name
Time based Blind SQL Injection (SQLi)
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C3 PCI v3.2- CAPEC-88 CWE-78 HIPAA-78 ISO27001-A.14.2.5 WASC-31 WSTG-INPV-05
Critical
Vulnerability Name
IBM DB Boolean based blind sql injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C3 PCI v3.2- CAPEC-88 CWE-78 HIPAA-78 ISO27001-A.14.2.5 WASC-31 WSTG-INPV-05
Critical
Vulnerability Name
WordPress Improper handling of post metadata check
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C1 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 WSTG-INFO-03 ISO27001-A.14.1.2
High
Vulnerability Name
Upload Temp Directory is Everyone
Classification
OWASP 2013-A1 OWASP 2017-A1
High
Vulnerability Name
Reflected Cross Site Scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP PC-C4 PCI v3.2- CAPEC-19 CWE-79 HIPAA-79 ISO27001-A.14.2.5 WASC-8 WSTG-INPV-01
High
Vulnerability Name
Microsoft Site Server Information Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200 WASC-14 WSTG-INFO-09
High
Vulnerability Name
Memcache injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C4 CWE-502 WASC-07
High
Vulnerability Name
Joomla common log files
Classification
OWASP 2013-A9 OWASP 2017-A10,OWASP 2017-A9 CWE-532 WASC-20
High
Vulnerability Name
WordPress Stored Cross-Site Scripting (XSS)
Classification
OWASP 2013-A3 OWASP 2017-A7 OWASP PC-C4 PCI v3.2- CAPEC-19 CWE-79 HIPAA-79 ISO27001-A.14.2.5 WASC-8 WSTG-INPV-02
High
Vulnerability Name
WordPress PHP Object Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C3 CWE-502 WASC-20
High
Vulnerability Name
WordPress Blind SQL Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C3 PCI v3.2- CAPEC-88 CWE-78 HIPAA-78 ISO27001-A.14.2.5 WASC-31 WSTG-INPV-05
High
Vulnerability Name
Unvalidated Document Object Model redirection
Classification
OWASP 2013-A10 OWASP 2017-A6 OWASP PC-C1 CWE-601 WASC-38
High
Vulnerability Name
Session Fixation Attack
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP PC-C6 CWE-384 WASC-37
High
Vulnerability Name
Insecure RIA cross domain policy
Classification
OWASP 2013-A3 OWASP 2017-A6 CWE-942 WASC-13 WSTG-CONF-08
High
Vulnerability Name
Common Administration Interfaces
Classification
OWASP 2013-A7 OWASP 2017-A5 OWASP PC-C7 CAPEC-1 WASC-15
High
Vulnerability Name
WordPress Reflected Cross-Site Scripting
Classification
OWASP 2013-A3 OWASP 2017-A7 PCI v3.2- CAPEC-19 CWE-79 HIPAA-79 ISO27001-A.14.2.5 WASC-8 WSTG-INPV-01
High
Vulnerability Name
WordPress Filesystem Credentials Dialog CSRF
Classification
OWASP 2013-A8 OWASP 2017-A2 CWE-352 WSTG-INFO-08 WASC-9
High
Vulnerability Name
WordPress Authenticated JavaScript File Upload
Classification
OWASP 2013-A9 OWASP 2017-A9 WSTG-INFO-08 CWE-434
High
Vulnerability Name
Eval Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 CWE-95 WASC-20 WSTG-INPV-11
High
Vulnerability Name
Server-Side Includes (SSI) Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-101 CWE-97 WASC- 31 WSTG-INPV-08
High
Vulnerability Name
Potentially dangerous file
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-17 CWE-434
High
Vulnerability Name
Local File Inclusion
Classification
OWASP 2013-A4 OWASP 2017-A5 PCI v3.2- CAPEC-252 CWE-22 HIPAA-22 ISO27001-A.14.1.2 WASC-33 WSTG-INPV-11
High
Vulnerability Name
Buffer overflow vulnerability
Classification
CAPEC-100 OWASP 2017-A9 OWASP 2013-A9 CWE-119 WASC-7 WSTG-INPV-13
High
Vulnerability Name
SWEET32 attack
Classification
OWASP 2013-A9 OWASP 2017-A9 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2 WASC-13 OWASP PC-C1 WSTG-CRYP-01
High
Vulnerability Name
POODLE (Padding Oracle On Downgraded Legacy Encyption) Attack
Classification
OWASP 2013-A9 OWASP 2017-A9 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2 OWASP PC-C1 WSTG-CRYP-01
High
Vulnerability Name
Htaccess Bypass
Classification
OWASP 2017-A5 OWASP 2017-A6 CWE-16 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Vulnerability Name
Transport Layer Security
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C1 PCI v3.2- CAPEC-217 CWE-311 HIPAA-311 ISO27001-A.14.1.3 WASC-4 WSTG-CRYP-01
Medium
Vulnerability Name
phpinfo() Upload Max Filesize
Classification
OWASP 2013-A6 OWASP 2017-A3 CAPEC-346 CWE-213 ISO27001-A.18.1.3 WASC-13
Medium
Vulnerability Name
phpinfo() PHP Magic Quotes Gpc is On
Classification
OWASP 2013-A6 OWASP 2017-A3 CAPEC-346 CWE-213 ISO27001-A.18.1.3 WASC-13
Medium
Vulnerability Name
phpinfo() Open Base Directory Is Disabled
Classification
OWASP 2013-A6 OWASP 2017-A3 CAPEC-346 CWE-213 ISO27001-A.18.1.3 WASC-13
Medium
Vulnerability Name
phpinfo() Memory Limit
Classification
OWASP 2013-A6 OWASP 2017-A3 CAPEC-346 CWE-213 ISO27001-A.18.1.3 WASC-13
Medium
Vulnerability Name
User Information Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CAPEC-375 WSTG-CRYP-03 WASC-13 CWE-200
Medium
Vulnerability Name
Ultimate PHP Board Data Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CAPEC-37 CWE-200 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N WASC-13
Medium
Vulnerability Name
Test For Checking Magic Quotes Gpc is On
Classification
OWASP 2013-A1 OWASP 2017-A1 WASC-13
Medium
Vulnerability Name
Test For Checking File Uploads
Classification
OWASP 2013-A1 OWASP 2017-A1 CAPEC-17 CWE-434 WASC-13
Medium
Vulnerability Name
SSL Compression Methods
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C1 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2 WSTG-CRYP-01
Medium
Vulnerability Name
Remote administrative access
Classification
OWASP 2013-A7 OWASP 2017-A5 WASC-13
Medium
Vulnerability Name
PHP session.use_trans_sid Session Hijacking
Classification
OWASP 2013-A2 OWASP 2017-A2 WASC-15 CWE-472 CAPEC-594 WSTG-SESS-09
Medium
Vulnerability Name
Missing Fallback Signaling Cipher Suite Value
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-757 WASC-13
Medium
Vulnerability Name
Joomla Debug Mode status
Classification
OWASP 2017-A6 OWASP 2013-A5 WASC-13
Medium
Vulnerability Name
HTML Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C4 CAPEC-242 WASC-08 WSTG-CLNT-03 CWE-80
Medium
Vulnerability Name
Dl PHP cgi.force_redirect disabled
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-305 WASC-13 WSTG-INPV-08
Medium
Vulnerability Name
Application Error Disclosure
Classification
OWASP 2017-A3
Medium
Vulnerability Name
.htaccess LIMIT misconfiguration
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-416 WASC-13
Medium
Vulnerability Name
XML EXternal Entity injection
Classification
OWASP 2013-A1 OWASP 2017-A4 PCI v3.2- CAPEC-376 CWE-611 HIPAA-611 ISO27001-A.14.2.5 WASC-43 WSTG-INPV-07
Medium
Vulnerability Name
Remote File Inclusion
Classification
OWASP 2013-A1 OWASP 2017-A1 OWASP PC-C4 PCI v3.2- CAPEC-193 CWE-98 HIPAA-98 ISO27001-A.14.2.5 WASC-5 WSTG-INPV-11
Medium
Vulnerability Name
Publicly Writable Directory
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C7 CAPEC-155 CWE-379 WASC-13
Medium
Vulnerability Name
Old Backup and Unreferenced files
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-530 WASC-13
Medium
Vulnerability Name
WordPress Insufficient redirect validation
Classification
OWASP 2013-A10 OWASP 2017-A9 WSTG-CLNT-04 WASC-38 CWE-918
Medium
Vulnerability Name
WordPress Host header attack
Classification
OWASP 2013-A9 OWASP 2017-A9 WASC-24 CWE-20 WSTG-INFO-08
Medium
Vulnerability Name
Unsecured HTTP cookies
Classification
OWASP 2013-A5 OWASP 2017-A6 PCI v3.2- CWE-614 WSTG-SESS-02 WASC-13
Medium
Vulnerability Name
Unsafe preg_replace usage
Classification
OWASP 2013-A9 OWASP 2017-A9 CWE-661 WASC-13
Medium
Vulnerability Name
Unhandled error in web application
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-209 WSTG-ERRH-01 WASC-13
Medium
Vulnerability Name
Revealing phpinfo()
Classification
OWASP 2013-A6 OWASP 2017-A3 CAPEC-346 CWE-213 ISO27001-A.18.1.3 WASC-13
Medium
Vulnerability Name
Open WebSocket
Classification
OWASP 2013-A5 OWASP 2017-A6 WASC-13 CWE-352
Medium
Vulnerability Name
Insecure Redirection
Classification
OWASP 2013-A10 OWASP 2017-A5 WASC-38 CWE-601
Medium
Vulnerability Name
HTTP response header injection
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-105 CWE-93 HIPAA-93 ISO27001-A.14.2.5 WASC-24 WSTG-INFO-08
Medium
Vulnerability Name
HTTP Response Splitting Vulnerability
Classification
OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- CAPEC-34 CWE-113 WSTG-INPV-15 WASC-25
Medium
Vulnerability Name
HTTP Method Vulnerability Found
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-650 WSTG-CONF-06
Medium
Vulnerability Name
Full Path Disclosure vulnerability
Classification
OWASP 2013-A5 OWASP 2017-A6 CAPEC-126 WSTG-INFO-09 WASC-​13
Medium
Vulnerability Name
Cross-site request forgery attack
Classification
OWASP 2013-A8 OWASP 2017-A5 PCI v3.2- CAPEC-62 CWE-352 HIPAA-352 ISO27001-A.14.2.5 WASC-9 WSTG-SESS-05
Medium
Vulnerability Name
Auto complete not disabled
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-200 WASC-15
Medium
Vulnerability Name
ROBOT attack (Bleichenbacher RSA)
Classification
OWASP 2013-A9 OWASP 2017-A9 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2 OWASP PC-C1 WSTG-CRYP-01
Medium
Vulnerability Name
Cross-Origin Resource Sharing XML cannot be parsed
Classification
OWASP 2013-A5 OWASP 2017-A6 WSTG-CLNT-07 WASC-14 CWE-94
Medium
Vulnerability Name
Content Security Policy (CSP) header not implemented
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-16 ISO27001-A.14.2.5 WASC-15 WSTG-CONF-12
Medium
Vulnerability Name
X-Frame-Options header not implemented
Classification
OWASP 2013-A5 OWASP 2017-A6 CAPEC-103 CWE-693 WASC-14 ISO27001-A.14.2.5 WSTG-CLNT-09
Medium
Vulnerability Name
X-Frame-Options header cannot be recognized
Classification
OWASP 2013-A5 OWASP 2017-A6 CAPEC-103 CWE-693 ISO27001-A.14.2.5 WSTG-CLNT-09
Medium
Vulnerability Name
Referrer-Policy header unsafely
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-200
Medium
Vulnerability Name
Redirects to HTTPS eventually, but initial redirection is to another HTTP URL
Classification
OWASP 2013-A10 OWASP 2017-A6 CWE-601 WSTG-CLNT-04
Medium
Vulnerability Name
Redirection from HTTP to HTTPS to a different host preventing HSTS
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CLNT-04
Medium
Vulnerability Name
Vignette Content Management Vulnerabilty
Classification
OWASP 2013-A9 OWASP 2017-A9 CWE-1035 WASC-45
Low
Vulnerability Name
Joomla admin page
Classification
OWASP 2013-A7 OWASP 2017-A5,OWASP 2017-A2 OWASP PC-C6 PCI v3.2- CAPEC-87 CWE-425 HIPAA-425 ISO27001-A.9.4.1 WASC-34
Low
Vulnerability Name
Content Type Header Missing
Classification
OWASP 2013-A5 OWASP 2017-A6 WASC-13 CWE-16
Low
Vulnerability Name
Insecure FrontPage extension configuration
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-16 WASC-13
Low
Vulnerability Name
X-XSS-Protection Not Implemented
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-16 HIPAA-16 ISO27001-A.14.2.5 WASC-15
Low
Vulnerability Name
Tickets option leak uninitialised memory
Classification
OWASP 2013-A8 OWASP 2017-A6, OWASP 2017-A9 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2 WSTG-CRYP-01 OWASP PC-C1
Low
Vulnerability Name
Session Cookie set without 'Secure' Flag but protected by HSTS
Classification
OWASP 2013-A5 OWASP 2017-A6 WASC-14 CWE-614
Low
Vulnerability Name
HTTP Strict Transport Security (HSTS) header not implemented
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-523 ISO27001-A.14.1.2 WASC-4 CAPEC-217 WSTG-CONF-07
Low
Vulnerability Name
HTTP Strict Transport Security header not available over HTTPS
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CONF-07 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Low
Vulnerability Name
HTTP Strict Transport Security (HSTS) header cannot be recognised
Classification
OWASP 2013-A5 OWASP 2017-A6 WASC-15 WSTG-CONF-07 CWE-523
Low
Vulnerability Name
File Handling
Classification
OWASP 2013-A5 OWASP 2017-A6 CAPEC-165 CWE-1219 OWASP PC-C10 WSTG-CONF-03
Low
Vulnerability Name
Cookie without 'Secure' flag but protect by HSTS
Classification
OWASP 2013-A5 OWASP 2017-A6 WSTG-CONF-07 CWE-614 WASC-15
Low
Vulnerability Name
Cookie set without 'Secure' flag
Classification
OWASP 2013-A5 OWASP 2017-A6 PCI v3.2- CAPEC-102 CWE-614 ISO27001-A.14.1.2 WASC-15 WSTG-SESS-02
Low
Vulnerability Name
Content Security Policy implemented with unsafe inline
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-79 ISO27001-A.14.2.5 WASC-15 WSTG-CONF-12
Low
Vulnerability Name
Content Security Policy (CSP) implemented with insecure scheme
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-319 ISO27001-A.14.2.5 WSTG-CONF-12 WASC-15
Low
Vulnerability Name
CRLF Injection
Classification
OWASP 2013-A1 OWASP 2017-A1 CWE-113 OWASP PC-C4 WASC-24 WSTG-INPV-15
Low
Vulnerability Name
X-XSS-Protection header disabled
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-693 ISO27001-A.14.1.2 WASC-15 WSTG-INPV-01
Low
Vulnerability Name
Referrer-Policy header cannot be recognized
Classification
OWASP 2013-A5 OWASP 2017-A6 WASC-20 CWE-200 ISO27001-A.14.2.5
Low
Vulnerability Name
Invalid certificate chain encountered during redirection
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-297 WSTG-CLNT-04
Low
Vulnerability Name
Cross Domain JavaScript Source File Inclusion
Classification
OWASP 2013-A5 OWASP 2017-A6 WASC-13 CWE-829
Info
Vulnerability Name
Insecure File Upload
Classification
OWASP 2013-A5 OWASP 2017-A6 CAPEC-17 CWE-434 WASC-42
Info
Vulnerability Name
WordPress Versions
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C2 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 WSTG-INFO-09 ISO27001-A.14.1.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Info
Vulnerability Name
WordPress Themes
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C2 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2 WSTG-INFO-09
Info
Vulnerability Name
WordPress Plugin Vulnerabilities
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C2 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2 WSTG-INFO-09
Info
Vulnerability Name
The unseen Drupal
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C1 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2
Info
Vulnerability Name
SRI HTML not parsable
Classification
OWASP 2017 A6 OWASP 2013-A5 WASC-13
Info
Vulnerability Name
Fingerprinting Web Server
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C7 PC-C7 CWE-200 ISO27001-A.18.1.3 WASC-13 WSTG-INFO-02
Info
Vulnerability Name
TLS Safari compatibility
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C10 PCI v3.2- CAPEC-217 CWE-311 HIPAA-311 ISO27001-A.14.1.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01 WASC-4
Info
Vulnerability Name
TLS OpenSSL compatibility
Classification
OWASP 2013-A3 OWASP 2017-A3 OWASP PC-C10 PCI v3.2- CAPEC-217 CWE-311 HIPAA-311 ISO27001-A.14.1.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WASC-4
Info
Vulnerability Name
TLS Internet Explorer compatibility
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C10 PCI v3.2- CAPEC-217 CWE-311 HIPAA-311 ISO27001-A.14.1.3 WASC-4 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
Info
Vulnerability Name
TLS Firefox compatibility
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C10 PCI v3.2- CAPEC-217 CWE-311 HIPAA-311 ISO27001-A.14.1.3 WASC-4 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
Info
Vulnerability Name
TLS Edge compatibility
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C10 PCI v3.2- CAPEC-217 CWE-311 HIPAA-311 ISO27001-A.14.1.3 WASC-4 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
Info
Vulnerability Name
TLS Android compatibility
Classification
OWASP 2013-A3 OWASP 2017-A6 OWASP PC-C10 PCI v3.2- CAPEC-217 CWE-311 HIPAA-311 ISO27001-A.14.1.3 WASC-4 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
Info
Vulnerability Name
Symantec SSL/TLS check
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C10 PCI v3.2- CAPEC-217 CWE-311 HIPAA-311 ISO27001-A.14.1.3 WSTG-INPV-02 WASC-4 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
Info
Vulnerability Name
Server Certificate Validation Through OCSP Stapling
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-299 WASC-13
Info
Vulnerability Name
Private IP Address Disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C8 CWE-200 WSTG-CRYP-03 WASC-13 ISO27001-A.18.1.4
Info
Vulnerability Name
Password Autocomplete in Browser
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C1 CAPEC-464 CWE-16 ISO27001-A.14.1.2 WASC-15
Info
Vulnerability Name
PHP post_max_size show phpinfo()
Classification
OWASP 2013-A6 OWASP 2017-A3 CAPEC-346 CWE-213 HIPAA-829 ISO27001-A.18.1.3 WASC-13
Info
Vulnerability Name
Old TLS backward compatibility
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C10 PCI v3.2- CAPEC-217 CWE-311 HIPAA-311 ISO27001-A.14.1.3 WASC-4 WSTG-CRYP-01
Info
Vulnerability Name
Modern TLS compatibility
Classification
OWASP 2013-A5 OWASP 2017-A3 OWASP PC-C10 WSTG-CRYP-01 PCI v3.2- CAPEC-217 CWE-311 HIPAA-311 ISO27001-A.14.1.3 WASC-4
Info
Vulnerability Name
Intermediate TLS compatibility
Classification
OWASP 2013-A6 OWASP 2017-A3 PCI v3.2- CAPEC-217 CWE-311 HIPAA-311 ISO27001-A.14.1.3 WASC-4
Info
Vulnerability Name
External redirection
Classification
OWASP 2013-A10 OWASP 2017-A1 CWE-601 WASC-38 WSTG-CLNT-04
Info
Vulnerability Name
Email address disclosure
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C7 CAPEC-118 CWE-200 ISO27001-A.9.4.1 WASC-13 WSTG-IDNT-04
Info
Vulnerability Name
Cross origin Resource Sharing Implemented With Public Access
Classification
OWASP 2013-A5 OWASP 2017-A6 WSTG-CLNT-07 WASC-13 CWE-346
Info
Vulnerability Name
Cross Origin Resource Sharing Not Implemented
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-346
Info
Vulnerability Name
Cross Origin Resource Sharing Implemented With Restricted Access
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-346
Info
Vulnerability Name
Brute Force In IIS (Internet Information Services)
Classification
OWASP 2013-A2 OWASP 2017-A2 CWE-307 WASC-11
Info
Vulnerability Name
WebDAV Detection
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C6 CWE-16 ISO27001-A.9.4.4 WASC-15
Info
Vulnerability Name
Rosetta flash vulnerability
Classification
OWASP 2013-A5 OWASP 2017-A1 CWE-352 WASC-15 WSTG-CLNT-08
Info
Vulnerability Name
Lack of wildcard DNS entry found
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-155
Info
Vulnerability Name
Information leakage using meta tag
Classification
OWASP 2013-A6 OWASP 2017-A3 CWE-200 WSTG-INFO-05 WASC-13
Info
Vulnerability Name
Guessable credentials found
Classification
OWASP 2013-A2 OWASP 2017-A2 OWASP PC-C8 WASC-18 CAPEC-560 CWE-287 WSTG-ATHN-02
Info
Vulnerability Name
Cross-Site Tracing (XST) vulnerability
Classification
CAPEC-107 OWASP 2013-A1 OWASP 2017-A1 WSTG-CONF-06 WASC-14 CWE-200 CAPEC-107
Info
Vulnerability Name
X-XSS-Protection header invalid
Classification
OWASP 2013-A5 OWASP 2017-A6 WASC-15 CWE-16
Info
Vulnerability Name
Subresource Integrity (SRI) implemented, but external scripts are loaded over http
Classification
OWASP 2013-A9 OWASP 2017-A9 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2 OWASP PC-C1 WSTG-CRYP-01
Info
Vulnerability Name
Sub resource Integrity (SRI) not implemented but all external scripts are loaded securely
Classification
OWASP 2013-A5 OWASP 2017-A6 WSTG-INFO-05 CWE-345
Info
Vulnerability Name
Subresource Integrity (SRI) is not implemented, and external scripts are not loaded securely
Classification
OWASP 2013-A5 OWASP 2017-A6 WASC-15 ISO27001-A.14.2.5 CWE-16
Info
Vulnerability Name
Site did not return a status code of 200
Classification
OWASP 2013-A5 OWASP 2017-A6 WSTG-IDNT-04 CWE-393
Info
Vulnerability Name
Renegotiation allowing to insert data into HTTPS sessions
Classification
OWASP 2013-A9 OWASP 2017-A9 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2 OWASP PC-C1 WSTG-CRYP-01
Info
Vulnerability Name
Processing of Change Cipher Spec
Classification
OWASP 2013-A9 OWASP 2017-A9 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2 OWASP PC-C1 WSTG-CRYP-01
Info
Vulnerability Name
Obtain plaintext by observing length differences
Classification
OWASP 2013-A9 OWASP 2017-A9 WSTG-CRYP-01 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2 OWASP PC-C1
Info
Vulnerability Name
Logjam common primes
Classification
OWASP 2013-A9 OWASP 2017-A9 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2 OWASP PC-C1 WSTG-CRYP-01
Info
Vulnerability Name
Logjam attack against the TLS protocol
Classification
OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C1 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 ISO27001-A.14.1.2 OWASP PC-C1 WSTG-CRYP-01
Info
Vulnerability Name
Information leakage in EXIF data of images
Classification
OWASP 2013-A6 OWASP 2017-A3 OWASP PC-C10 CWE-200 WASC-13 WSTG-INFO-05
Info
Vulnerability Name
HTTP Strict Transport Security (HSTS) header set to less than six months
Classification
OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C1 CWE-16 ISO27001-A.14.1.2 WASC-15 PC-C1 WSTG-CONF-07
Info
Vulnerability Name
HTTP Strict Transport Security (HSTS) header on the invalid certificate chain
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-16 ISO27001-A.14.1.2 WASC-15 WSTG-CONF-07
Info
Vulnerability Name
HTTP Public Key Pinning (HPKP) header cannot be recognised
Classification
OWASP 2013-A5 OWASP 2017-A6
Info
Vulnerability Name
Fingerprinting Web Application Framework using HTTP headers
Classification
OWASP 2013-A5 OWASP 2017-A6 CAPEC-170
Info
Vulnerability Name
Content Security Policy (CSP) implemented with unsafe-eval
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-79 ISO27001-A.14.2.5 WASC-15 WSTG-CONF-12
Info
Vulnerability Name
Content Security Policy (CSP) header cannot be parsed successfully
Classification
OWASP 2013-A5 OWASP 2017-A6 WSTG-CONF-12 WASC-15 CWE-16
Info
Vulnerability Name
Content Security Policy (CSP) implemented with the insecure scheme in passive content only
Classification
OWASP 2013-A5 OWASP 2017-A6 WSTG-CONF-12 WASC-15 CWE-319
Info
Vulnerability Name
Browser Exploit Against SSL/TLS
Classification
OWASP 2013-A6 OWASP 2017-A6 OWASP PC-C1 PCI v3.2- CAPEC-217 CWE-311 HIPAA-311 ISO27001-A.14.1.3 WASC-4 WSTG-CRYP-01
Info
Vulnerability Name
WordPress User enumeration
Classification
OWASP 2013-A5 OWASP 2017-A6 PCI v3.2- CAPEC-310 CWE-200 ISO27001-A.14.1.2 HIPAA-829 OWASP PC-C1 WSTG-INFO-09
Info
Vulnerability Name
Cookie session without 'HttpOnly' flag
Classification
OWASP 2013-A5 OWASP 2017-A6 WSTG-SESS-02 CWE-104 WASC-14
Info
Vulnerability Name
X-Content-Type-Options header not implemented
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-16 ISO27001-A.14.1.2 WASC-15
Info
Vulnerability Name
X-Content-Type-Options header cannot be recognized
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-16
Info
Vulnerability Name
Redirects, but final destination is not an HTTPS URL.
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-601 WSTG-CLNT-04
Info
Vulnerability Name
Does not redirect to a HTTPS site from HTTP port
Classification
OWASP 2013-A5 OWASP 2017-A6 CWE-818 WSTG-CLNT-04
Info