Search Vulnerability


Vulnerability Name Classifications Severity
Active Mixed Content over HTTPS CWE-319; ISO27001-A.14.1.3; OWASP 2013-A6; OWASP 2017-A3 Medium
Anonymous Ciphers Supported PCI v3.2-6.5.4; CAPEC-117; CWE-311; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 Medium
Apache Server-Info Detected CAPEC-347; CWE-16; ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 Medium
Apache Server-Status Detected CAPEC-347; CWE-16; ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 Medium
ASP.NET Cookieless Authentication Is Enabled CWE-16; OWASP 2013-A5; OWASP 2017-A6 Medium
ASP.NET Cookieless Session State Is Enabled CWE-16; OWASP 2013-A5; OWASP 2017-A6 Medium
ASP.NET CustomErrors Is Disabled CWE-16; OWASP 2013-A6; OWASP 2017-A3 Medium
ASP.NET Login Credentials Stored In Plain Text CWE-312; OWASP 2013-A6; OWASP 2017-A3 Medium
ASP.NET ValidateRequest Is Globally Disabled CWE-16; OWASP 2013-A5; OWASP 2017-A6 Medium
ASP.NET: Failure To Require SSL For Authentication Cookies CWE-16; OWASP 2017-A6 Medium
Base Tag Hijacking PCI v3.2-6.5.7; CAPEC-19; CWE-20; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-8; OWASP 2013-A3; OWASP 2017-A7 Medium
BREACH Attack Detected CWE-310; OWASP 2013-A9; OWASP 2017-A9 Medium
Critical Form Send to HTTP PCI v3.2-6.5.4; CAPEC-65; CWE-319; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 Medium
Critical Form Served over HTTP PCI v3.2-6.5.4; CAPEC-65; CWE-319; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 Medium
CVS Detected CAPEC-118; CWE-527; ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A6 Medium
Expired SSL Certificate CWE-295; OWASP 2017-A3 Medium
Frame Injection PCI v3.2-6.5.1; CWE-601; HIPAA-164.308(a); ISO27001-A.14.2.5; WASC-38; OWASP 2013-A1; OWASP 2017-A1 Medium
GIT Detected CAPEC-118; CWE-527; ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A6 Medium
HTTP Header Injection PCI v3.2-6.5.1; CAPEC-105; CWE-93; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-24; OWASP 2013-A1; OWASP 2017-A1 Medium
HTTP Header Injection (IAST) PCI v3.2-6.5.1; CAPEC-105; CWE-93; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-24; OWASP 2013-A1; OWASP 2017-A1 Medium
HTTP Strict Transport Security (HSTS) Errors and Warnings CWE-16; ISO27001-A.14.1.2; WASC-15; OWASP 2013-A5; OWASP 2017-A6 Medium
HTTP Strict Transport Security (HSTS) Policy Not Enabled CAPEC-217; CWE-523; ISO27001-A.14.1.2; WASC-4; OWASP 2013-A6; OWASP 2017-A3 Medium
Insecure HTTP Usage ISO27001-A.14.1.3; WASC-4; OWASP 2013-A5; OWASP 2017-A3 Medium
Insecure Transportation Security Protocol Supported (SSLv3) PCI v3.2-6.5.4; CAPEC-217; CWE-326; HIPAA-164.306; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 Medium
Invalid SSL Certificate PCI v3.2-6.5.4; CAPEC-459; CWE-295; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 Medium
Microsoft Access Database File Detected PCI v3.2-6.5.8; CWE-284; ISO27001-A.18.1.3; WASC-2; OWASP 2013-A7; OWASP 2017-A3 Medium
Open Policy Crossdomain.xml Detected CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 Medium
Open Redirection CWE-601; ISO27001-A.14.2.5; WASC-38; OWASP 2013-A10 Medium
Open Redirection (DOM based) CWE-601; ISO27001-A.14.2.5; WASC-38; OWASP 2013-A10 Medium
Open Silverlight Client Access Policy CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 Medium
Password Transmitted over Query String PCI v3.2-6.5.4; CWE-598; ISO27001-A.14.2.5; WASC-13; OWASP 2013-A6; OWASP 2017-A3 Medium
PHP enable_dl Is Enabled CWE-16; OWASP 2013-A5; OWASP 2017-A6 Medium
PHP register_globals Is Enabled CWE-473; OWASP 2013-A5; OWASP 2017-A6 Medium
PHP session.use_only_cookies Is Disabled CWE-598; OWASP 2013-A5; OWASP 2017-A6 Medium
PHP session.use_trans_sid Is Enabled CWE-598; OWASP 2013-A5; OWASP 2017-A6 Medium
Revoked SSL Certificate CWE-295; OWASP 2017-A3 Medium
RSA Private Key Detected CAPEC-118; CWE-200; ISO27001-A.18.1.3; WASC-13; OWASP 2013-A6; OWASP 2017-A3 Medium
Server-Side Request Forgery CWE-918; ISO27001-A.14.2.5; WASC-20; OWASP 2013-A1; OWASP 2017-A1 Medium
Server-Side Request Forgery (Time Based) CWE-918; ISO27001-A.14.2.5; WASC-20; OWASP 2013-A1; OWASP 2017-A1 Medium
Source Code Disclosure (ASP.NET) CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A3 Medium
Source Code Disclosure (ColdFusion) CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A3 Medium
Source Code Disclosure (Generic) CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 Medium
Source Code Disclosure (Java Servlet) CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 Medium
Source Code Disclosure (Java) CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 Medium
Source Code Disclosure (JSP) CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 Medium
Source Code Disclosure (Perl) CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 Medium
Source Code Disclosure (PHP) CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 Medium
Source Code Disclosure (Python) CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 Medium
Source Code Disclosure (Ruby) CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 Medium
Source Code Disclosure (Tomcat) CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 Medium
SQLite Database File Found PCI v3.2-6.5.8; CWE-284; ISO27001-A.18.1.3; WASC-2; OWASP 2013-A7; OWASP 2017-A3 Medium
SSL Certificate Is About To Expire CWE-295; OWASP 2017-A3 Medium
SSL Certificate Name Hostname Mismatch CWE-295; OWASP 2017-A3 Medium
SSL Untrusted Root Certificate CWE-295; OWASP 2017-A3 Medium
SSL/TLS Not Implemented PCI v3.2-6.5.4; CAPEC-217; CWE-311; HIPAA-164.306; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 Medium
Stack Trace Disclosure (ColdFusion) PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 Medium
Stack Trace Disclosure (Django) PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 Medium
Stack Trace Disclosure (Java) PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 Medium
Stack Trace Disclosure (Laravel) PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 Medium
Stack Trace Disclosure (Python) PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 Medium
Stack Trace Disclosure (RoR) PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 Medium
Stack Trace Disclosure (Ruby-Sinatra Framework) PCI v3.2-6.5.5; CAPEC-214; CWE-248; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 Medium
Sublime SFTP Config File Detected CWE-16; ISO27001-A.18.1.3; WASC-15; OWASP 2013-A5; OWASP 2017-A6 Medium
Unicode Transformation (Best-Fit Mapping) CWE-20 Medium
ViewState MAC Disabled CWE-16; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-15; OWASP 2017-A6 Medium
Weak Ciphers Enabled PCI v3.2-6.5.4; CAPEC-217; CWE-327; ISO27001-A.14.1.3; WASC-4; OWASP 2013-A6; OWASP 2017-A3 Medium
WordPress Setup Configuration File PCI v3.2-6.5.8; CAPEC-212; CWE-665; HIPAA-164.312(a)(1); ISO27001-A.18.1.3; WASC-14; OWASP 2013-A5; OWASP 2017-A6 Medium
ZSH History File Detected PCI v3.2-6.5.8; CWE-284; ISO27001-A.18.1.3; WASC-2; OWASP 2013-A7; OWASP 2017-A3 Medium
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo