Search Vulnerability


Vulnerability Name Classifications Severity
Arbitrary File Creation Detected CWE-20; OWASP 2017-A5 High
Arbitrary File Deletion Detected CWE-20; OWASP 2017-A5 High
ASP.NET Tracing Is Enabled CWE-16, 11; OWASP 2013-A5; OWASP 2017-A6 High
Backup Source Code Detected PCI v3.2-6.5.8; CAPEC-87; CWE-530; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP 2013-A7; OWASP 2017-A5 High
Basic Authorization over HTTP PCI v3.2-6.5.4; CAPEC-65; CWE-319; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 High
Blind Cross-site Scripting PCI v3.2-6.5.7; CAPEC-19; CWE-79; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-8; OWASP 2013-A3; OWASP 2017-A7 High
Certificate is Signed Using a Weak Signature Algorithm PCI v3.2-6.5.4; CAPEC-459; ISO27001-A.10; WASC-4; OWASP 2013-A6; OWASP 2017-A3 High
Cross-site Scripting PCI v3.2-6.5.7; CAPEC-19; CWE-79; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-8; OWASP 2013-A3; OWASP 2017-A7 High
Cross-site Scripting (DOM based) PCI v3.2-6.5.7; CAPEC-19; CWE-79; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-8; OWASP 2013-A3; OWASP 2017-A7 High
Cross-site Scripting via Remote File Inclusion PCI v3.2-6.5.7; CAPEC-19; CWE-79; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-8; OWASP 2013-A3; OWASP 2017-A7 High
Database User Has Admin Privileges PCI v3.2-6.5.6; CWE-267; ISO27001-A.9.2.2; WASC-14; OWASP 2013-A5; OWASP 2017-A6 High
Elmah.axd / Errorlog.axd Detected PCI v3.2-6.5.6; CAPEC-347; CWE-16; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-15; OWASP 2013-A5; OWASP 2017-A6 High
Expression Language Injection PCI v3.2-6.5.1; CWE-20; HIPAA-164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 High
F5 Big-IP Local File Inclusion (CVE-2020-5902) PCI v3.2-6.5.8; CAPEC-252; CWE-22; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-33; OWASP 2013-A4; OWASP 2017-A5 High
Insecure Transportation Security Protocol Supported (SSLv2) PCI v3.2-6.5.4; CAPEC-217; CWE-326; HIPAA-164.306; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 High
JWT Forgery via Chaining Jku Parameter with Open Redirect CWE-347; OWASP 2017-A2 High
JWT Forgery via Path Traversal CWE-22; OWASP 2017-A1 High
JWT Forgery via SQL Injection CWE-89; OWASP 2017-A1 High
JWT Forgery via unvalidated jku parameter CWE-22; OWASP 2017-A1 High
JWT Signature Bypass via None Algorithm CWE-347; OWASP 2017-A2 High
JWT Signature is not Verified CWE-347; OWASP 2017-A2 High
Local File Inclusion PCI v3.2-6.5.8; CAPEC-252; CWE-22; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-33; OWASP 2013-A4; OWASP 2017-A5 High
Local File Inclusion (IAST) PCI v3.2-6.5.8; CAPEC-252; CWE-22; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-33; OWASP 2013-A4; OWASP 2017-A5 High
Oracle WebLogic Authentication Bypass (CVE-2020-14883) CWE-288; OWASP 2013-A2; OWASP 2017-A2 High
Out of Band XML External Entity Injection PCI v3.2-6.5.1; CAPEC-376; CWE-611; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-43; OWASP 2013-A1; OWASP 2017-A4 High
Out-of-date Version (Microsoft SQL Server) PCI v3.2-6.2; CAPEC-310; CWE-937, 1035; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP 2013-A9; OWASP 2017-A9 High
Out-of-date Version (MySQL) PCI v3.2-6.2; CAPEC-310; CWE-937, 1035; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP 2013-A9; OWASP 2017-A9 High
Out-of-date Version (Oracle) PCI v3.2-6.2; CAPEC-310; CWE-937, 1035; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP 2013-A9; OWASP 2017-A9 High
Out-of-date Version (PostgreSQL) PCI v3.2-6.2; CAPEC-310; CWE-937, 1035; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP 2013-A9; OWASP 2017-A9 High
Password Transmitted over HTTP PCI v3.2-6.5.4; CAPEC-65; CWE-319; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 High
ROBOT Attack Detected (Strong Oracle) PCI v3.2-6.5.4; CAPEC-217; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 High
ROBOT Attack Detected (Weak Oracle) PCI v3.2-6.5.4; CAPEC-217; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 High
Ruby on Rails File Content Disclosure (CVE-2019-5418) PCI v3.2-6.5.8; CAPEC-252; CWE-98; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-33; OWASP 2013-A4; OWASP 2017-A5 High
Server-Side Request Forgery (Apache Server Status) CWE-918; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 High
Server-Side Request Forgery (AWS) CWE-918; ISO27001-A.14.2.5; OWASP 2017-A5 High
Server-Side Request Forgery (elmah MVC) PCI v3.2-6.5.6; CAPEC-347; CWE-918; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 High
Server-Side Request Forgery (elmah) PCI v3.2-6.5.6; CAPEC-347; CWE-918; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 High
Server-Side Request Forgery (MySQL) CWE-918; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 High
Server-Side Request Forgery (SSH) CWE-918; ISO27001-A.14.2.5; OWASP 2013-A5; OWASP 2017-A6 High
Session Cookie Not Marked as Secure PCI v3.2-6.5.10; CAPEC-102; CWE-614; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A6; OWASP 2017-A3 High
SVN Detected CAPEC-118; CWE-527; ISO27001-A.9.4.1; WASC-13; OWASP 2013-A5; OWASP 2017-A6 High
Trace.axd Detected PCI v3.2-6.5.6; CAPEC-347; CWE-16; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-15; OWASP 2013-A5; OWASP 2017-A6 High
Unrestricted File Upload PCI v3.2-6.5.1; CWE-434; ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 High
Weak Basic Authentication Credentials PCI v3.2-6.5.10; CAPEC-16; CWE-521; ISO27001-A.9.4.3; WASC-15; OWASP 2013-A6; OWASP 2017-A3 High
Weak Secret is Used to Sign JWT CWE-347; OWASP 2017-A2 High
WebDAV Directory Has Write Permissions PCI v3.2-6.5.8; CWE-732; ISO27001-A.9.4.1; WASC-17; OWASP 2017-A6 High
XML External Entity Injection PCI v3.2-6.5.1; CAPEC-376; CWE-611; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-43; OWASP 2013-A1; OWASP 2017-A4 High
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo