Complimentary 90-day, on-prem license available for entities involved in Covid19 response.

Search Vulnerability


Vulnerability Name Classifications Severity
Backup Source Code Detected PCI v3.2-, CAPEC-87, CWE-530, HIPAA-530, ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5 High
Basic Authorization over HTTP PCI v3.2-, CAPEC-65, CWE-319, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3 High
Blind Cross-site Scripting PCI v3.2-, CAPEC-19, CWE-79, HIPAA-79, ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7 High
Certificate is Signed Using a Weak Signature Algorithm PCI v3.2-, CAPEC-459, ISO27001-A.10, WASC-4, OWASP 2013-A6, OWASP 2017-A3 High
Cross-site Scripting via Remote File Inclusion PCI v3.2-, CAPEC-19, CWE-79, HIPAA-79, ISO27001-A.14.2.5, WASC-8, OWASP 2013-A3, OWASP 2017-A7 High
Database User Has Admin Privileges PCI v3.2-, CWE-267, ISO27001-A.9.2.2, WASC-14, OWASP 2013-A5, OWASP 2017-A6 High
Elmah.axd / Errorlog.axd Detected PCI v3.2-, CAPEC-347, CWE-16, HIPAA-16, ISO27001-A.18.1.3, WASC-15, OWASP 2013-A5, OWASP 2017-A6 High
Expression Language Injection PCI v3.2-, CWE-20, HIPAA-20, ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1 High
Insecure Transportation Security Protocol Supported (SSLv2) PCI v3.2-, CAPEC-217, CWE-326, HIPAA-326, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3 High
Local File Inclusion PCI v3.2-, CAPEC-252, CWE-22, HIPAA-22, ISO27001-A.14.2.5, WASC-33, OWASP 2013-A4, OWASP 2017-A5 High
Out of Band XML External Entity Injection PCI v3.2-, CAPEC-376, CWE-611, HIPAA-611, ISO27001-A.14.2.5, WASC-43, OWASP 2013-A1, OWASP 2017-A4 High
Out-of-date Version (Microsoft SQL Server) PCI v3.2-, CAPEC-310, CWE-829, HIPAA-829, ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9 High
Out-of-date Version (MySQL) PCI v3.2-, CAPEC-310, CWE-829, HIPAA-829, ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9 High
Out-of-date Version (Oracle) PCI v3.2-, CAPEC-310, CWE-829, HIPAA-829, ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9 High
Out-of-date Version (PostgreSQL) PCI v3.2-, CAPEC-310, CWE-829, HIPAA-829, ISO27001-A.14.1.2, OWASP 2013-A9, OWASP 2017-A9 High
Password Transmitted over HTTP PCI v3.2-, CAPEC-65, CWE-319, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3 High
ROBOT Attack Detected (Strong Oracle) PCI v3.2-, CAPEC-217, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3 High
ROBOT Attack Detected (Weak Oracle) PCI v3.2-, CAPEC-217, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3 High
Ruby on Rails File Content Disclosure (CVE-2019-5418) PCI v3.2-, CAPEC-252, CWE-98, HIPAA-98, ISO27001-A.14.2.5, WASC-33, OWASP 2013-A4, OWASP 2017-A5 High
Server-Side Request Forgery (Apache Server Status) CWE-918, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6 High
Server-Side Request Forgery (AWS) CWE-918, ISO27001-A.14.2.5, OWASP 2017-A5 High
Server-Side Request Forgery (elmah MVC) PCI v3.2-, CAPEC-347, CWE-918, HIPAA-918, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 High
Server-Side Request Forgery (elmah) PCI v3.2-, CAPEC-347, CWE-918, HIPAA-918, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 High
Server-Side Request Forgery (MySQL) CWE-918, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6 High
Server-Side Request Forgery (SSH) CWE-918, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6 High
Session Cookie Not Marked as Secure PCI v3.2-, CAPEC-102, CWE-614, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A6, OWASP 2017-A3 High
SVN Detected CAPEC-118, CWE-527, ISO27001-A.9.4.1, WASC-13, OWASP 2013-A5, OWASP 2017-A6 High
Trace.axd Detected PCI v3.2-, CAPEC-347, CWE-16, HIPAA-16, ISO27001-A.18.1.3, WASC-15, OWASP 2013-A5, OWASP 2017-A6 High
Unrestricted File Upload PCI v3.2-, CWE-434, ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1 High
Weak Basic Authentication Credentials PCI v3.2-, CAPEC-16, CWE-521, ISO27001-A.9.4.3, WASC-15, OWASP 2013-A6, OWASP 2017-A3 High
WebDAV Directory Has Write Permissions PCI v3.2-, CWE-732, ISO27001-A.9.4.1, WASC-17, OWASP 2017-A6 High
XML External Entity Injection PCI v3.2-, CAPEC-376, CWE-611, HIPAA-611, ISO27001-A.14.2.5, WASC-43, OWASP 2013-A1, OWASP 2017-A4 High
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO