Search Vulnerability


Vulnerability Name Classifications Severity
.DS_Store File Found PCI v3.2-, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A5 Low
Apache Multiple Choices Enabled CWE-16, ISO27001-A.9.4.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Apache MultiViews Enabled CWE-16, ISO27001-A.9.4.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Autocomplete is Enabled CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Low
Backup File Disclosure PCI v3.2-, CAPEC-87, CWE-530, HIPAA-530, ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5 Low
Cookie Not Marked as HttpOnly CAPEC-107, CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Low
Cookie Not Marked as Secure PCI v3.2-, CAPEC-102, CWE-614, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A6, OWASP 2017-A3 Low
Cookie Values Used in Anti-CSRF Token CWE-352, HIPAA-352, ISO27001-A.14.1.2, OWASP 2013-A5, OWASP 2017-A6 Low
Cross-site Request Forgery PCI v3.2-, CAPEC-62, CWE-352, HIPAA-352, ISO27001-A.14.2.5, WASC-9, OWASP 2013-A8, OWASP 2017-A5 Low
Cross-site Request Forgery in Login Form PCI v3.2-, CAPEC-62, CWE-352, HIPAA-352, ISO27001-A.14.2.5, WASC-9, OWASP 2013-A8, OWASP 2017-A5 Low
Database Error Message Disclosure PCI v3.2-, CAPEC-118, CWE-210, HIPAA-210, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 Low
Database Name Disclosure (Microsoft SQL Server) PCI v3.2-, CAPEC-118, CWE-201, HIPAA-201, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 Low
Database Name Disclosure (MySQL) PCI v3.2-, CAPEC-118, CWE-201, HIPAA-201, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 Low
Django Debug Mode Enabled PCI v3.2-, CAPEC-214, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Exception Report Disclosure (Tomcat) PCI v3.2-, CAPEC-214, CWE-248, HIPAA-248, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Form Hijacking CWE-20, ISO27001-A.14.2.5, WASC-20, OWASP 2013-A1, OWASP 2017-A1 Low
Information Disclosure (Microsoft Office) PCI v3.2-, CAPEC-118, CWE-200, ISO27001-A.18.1.3, WASC-13 Low
Information Disclosure (phpinfo()) CAPEC-346, CWE-213, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3 Low
Insecure Frame (External) CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2017-A6 Low
Insecure JSONP Endpoint CWE-20, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A1 Low
Insecure Reflected Content CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A1 Low
Insecure Transportation Security Protocol Supported (TLS 1.0) PCI v3.2-, CAPEC-217, CWE-326, HIPAA-326, ISO27001-A.14.1.3, WASC-4, OWASP 2013-A6, OWASP 2017-A3 Low
Internal IP Address Disclosure CWE-200, ISO27001-A.18.1.4, OWASP 2013-A6, OWASP 2017-A3 Low
Internal Server Error CWE-550, ISO27001-A.14.1.2, WASC-13 Low
Laravel Debug Mode Enabled PCI v3.2-, CAPEC-214, CWE-16, ISO27001-A.14.1.2, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Laravel Environment Configuration File Detected CWE-16, ISO27001-A.9.4.1, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Low
Microsoft IIS Log File Detected PCI v3.2-, CAPEC-87, CWE-425, HIPAA-425, ISO27001-A.18.1.3, WASC-34, OWASP 2013-A7, OWASP 2017-A5 Low
Microsoft Outlook Personal Folders File (.pst) Found PCI v3.2-, CWE-284, ISO27001-A.18.1.3, WASC-2, OWASP 2013-A7, OWASP 2017-A5 Low
Misconfigured Access-Control-Allow-Origin Header CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Low
Misconfigured Frame CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2017-A6 Low
Misconfigured X-Frame-Options Header CAPEC-103, CWE-693, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6 Low
Missing Content-Type Header CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Low
Missing X-Frame-Options Header CAPEC-103, CWE-693, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6 Low
Multiple Declarations in X-Frame-Options Header CAPEC-103, CWE-693, ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6 Low
Open Redirection in POST method CWE-601, ISO27001-A.14.2.5, WASC-38, OWASP 2013-A10, OWASP 2017-A5 Low
Passive Mixed Content over HTTPS CWE-319, ISO27001-A.14.1.3, OWASP 2013-A6, OWASP 2017-A3 Low
Passive Web Backdoor Detected PCI v3.2-, CWE-507, HIPAA-507, ISO27001-A.12.2.1, OWASP 2017-A10 Low
Phishing by Navigating Browser Tabs CWE-16, ISO27001-A.14.1.2, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Low
Programming Error Message PCI v3.2-, CAPEC-118, CWE-210, HIPAA-210, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 Low
Programming Error Message (Ruby) PCI v3.2-, CAPEC-118, CWE-210, HIPAA-210, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6 Low
Reflected File Download PCI v3.2-, CAPEC-375, CWE-840, ISO27001-A.14.2.5, WASC-42, OWASP 2013-A1, OWASP 2017-A1 Low
RoR Database Configuration File Detected CWE-16, ISO27001-A.9.4.1, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Low
RoR Development Mode Enabled PCI v3.2-, CAPEC-214, CWE-16, ISO27001-A.14.1.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Social Security Number Disclosure PCI v3.2-, CAPEC-118, CWE-213, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3 Low
Stack Trace Disclosure (Apache MyFaces) PCI v3.2-, CAPEC-214, CWE-248, HIPAA-248, ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Stack Trace Disclosure (ASP.NET) PCI v3.2-, CAPEC-214, CWE-248, HIPAA-248, ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Stack Trace Disclosure (CakePHP Framework) PCI v3.2-, CAPEC-214, CWE-248, HIPAA-248, ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Stack Trace Disclosure (CherryPy) PCI v3.2-, CAPEC-214, CWE-248, HIPAA-248, ISO27001-A.9.2.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Stack Trace Disclosure (Grails) PCI v3.2-, CAPEC-214, CWE-248, HIPAA-248, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Struts2 Development Mode Enabled PCI v3.2-, CAPEC-214, CWE-16, ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Subresource Integrity (SRI) Hash Invalid CWE-16, ISO27001-A.14.2.5, WASC-15 Low
TRACE/TRACK Method Detected CAPEC-107, CWE-16, ISO27001-A.14.1.2, WASC-14, OWASP 2013-A5, OWASP 2017-A6 Low
Unexpected Redirect Response Body (Two Responses) CWE-698, ISO27001-A.14.2.5, WASC-25 Low
User Controllable Cookie CWE-20, ISO27001-A.14.2.5, WASC-20 Low
Username Disclosure (Microsoft SQL Server) PCI v3.2-, CAPEC-118, CWE-201, HIPAA-201, ISO27001-A.18.1.4, WASC-13, OWASP 2013-A5, OWASP 2017-A3 Low
Username Disclosure (MySQL) PCI v3.2-, CAPEC-118, CWE-201, HIPAA-201, ISO27001-A.18.1.4, WASC-13, OWASP 2013-A5, OWASP 2017-A3 Low
Version Disclosure (Apache Coyote) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Apache Module) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Apache) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (ASP.NET MVC) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (ASP.NET) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (CakePHP Framework) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Cherokee) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (CherryPy) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Django) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Frontpage) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (GlassFish) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Hiawatha) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Java Servlet) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Java) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (JBoss) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Lighttpd) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (mod_ssl) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Mongrel Web Server) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Nginx) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (NuSOAP) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (OpenSSL) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Oracle) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Perl) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (PHP) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Python) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (RoR) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Ruby) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (RubyGems) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (SharePoint) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (Tomcat) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (WebLogic) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
Version Disclosure (WEBrick) CAPEC-170, CWE-205, HIPAA-205, ISO27001-A.18.1.3, WASC-45, OWASP 2013-A5, OWASP 2017-A6 Low
ViewState is not Encrypted CWE-16, HIPAA-16, ISO27001-A.14.2.5, WASC-15, OWASP 2017-A6 Low
Windows Short Filename PCI v3.2-, CAPEC-87, CWE-538, HIPAA-538, ISO27001-A.8.2.3, WASC-34, OWASP 2013-A7, OWASP 2017-A6 Low
Windows Username Disclosure PCI v3.2-, CAPEC-118, CWE-200, ISO27001-A.18.1.3, WASC-13, OWASP 2013-A6, OWASP 2017-A3 Low
WP Engine Configuration File Detected CWE-16, ISO27001-A.9.4.1, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Low
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO