Vulnerability Index
Vulnerability Name Classifications Severity
Bash Command Injection Vulnerability (Shellshock Bug) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-88, WASC-31, OWASP 2013-A1 Critical
Blind Command Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-88, WASC-31, OWASP 2013-A1 Critical
Blind SQL Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-66, WASC-19, OWASP 2013-A1 Critical
Boolean Based SQL Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-66, WASC-19, OWASP 2013-A1 Critical
Code Evaluation (Apache Struts) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-23, OWASP 2013-A1 Critical
Code Evaluation (ASP) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-23, OWASP 2013-A1 Critical
Code Evaluation (Node.js) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-23, OWASP 2013-A1 Critical
Code Evaluation (Perl) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-23, OWASP 2013-A1 Critical
Code Evaluation (PHP) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-23, OWASP 2013-A1 Critical
Code Evaluation (RoR - JSON) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-356, WASC-23, OWASP 2013-A1 Critical
Code Evaluation (RoR) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-356, WASC-23, OWASP 2013-A1 Critical
Code Evaluation via Local File Inclusion (PHP) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-251, WASC-33, OWASP 2013-A1 Critical
Code Execution via File Upload PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-210, WASC-42, OWASP 2013-A1 Critical
Code Execution via Local File Inclusion PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-170, WASC-33, OWASP 2013-A1 Critical
Code Execution via WebDAV PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-17, WASC-17 Critical
Command Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-88, WASC-31, OWASP 2013-A1 Critical
OpenSSL Heartbleed PCI v3.1-6.5.2, PCI v3.2-6.5.2, CAPEC-216, OWASP 2013-A6 Critical
Out of Band Code Evaluation (ASP) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-23, OWASP 2013-A1 Critical
Out of Band Code Evaluation (Perl) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-23, OWASP 2013-A1 Critical
Out of Band Code Evaluation (PHP) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-23, OWASP 2013-A1 Critical
Out of Band Code Evaluation (RoR - JSON) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-356, WASC-23, OWASP 2013-A1 Critical
Out of Band Code Evaluation (RoR) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-356, WASC-23, OWASP 2013-A1 Critical
Out of Band Command Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-88, WASC-31, OWASP 2013-A1 Critical
Out of Band Remote File Inclusion PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-193, WASC-5, OWASP 2013-A1 Critical
Out of Band SQL Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-66, WASC-19, OWASP 2013-A1 Critical
Remote Code Execution and DoS in HTTP.sys (IIS) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-340, WASC-7, OWASP 2013-A1 Critical
Remote File Inclusion PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-193, WASC-5, OWASP 2013-A1 Critical
Server-Side Request Forgery (trace.axd) PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC-347, WASC-15, OWASP 2013-A5 Critical
SQL Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-66, WASC-19, OWASP 2013-A1 Critical
Web Backdoor Detected PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC-443 Critical
Backup Source Code Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP 2013-A7 Important
Basic Authorization over HTTP PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-65, WASC-4, OWASP 2013-A6 Important
Blind Cross-site Scripting PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC-19, WASC-8, OWASP 2013-A3 Important
Certificate is Signed Using a Weak Signature Algorithm PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-459, WASC-4, OWASP PC-C7, OWASP 2013-A6 Important
Cookie Not Marked as Secure PCI v3.1-6.5.10, PCI v3.2-6.5.10, CAPEC-102, WASC-15, OWASP 2013-A6 Important
Cross-site Scripting PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC-19, WASC-8, OWASP 2013-A3 Important
Cross-site Scripting (DOM based) PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC-19, WASC-8, OWASP 2013-A3 Important
Cross-site Scripting via Remote File Inclusion PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC-19, WASC-8, OWASP 2013-A3 Important
Database User Has Admin Privileges PCI v3.1-6.5.6, PCI v3.2-6.5.6, WASC-14, OWASP 2013-A5 Important
Elmah.axd Detected PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC-347, WASC-15, OWASP 2013-A5 Important
Expression Language Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP 2013-A1 Important
Insecure Transportation Security Protocol Supported (SSLv2) PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-217, WASC-4, OWASP 2013-A6 Important
Local File Inclusion PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-252, WASC-33, OWASP 2013-A4 Important
Out of Band XML External Entity Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-376, WASC-43, OWASP 2013-A1 Important
Out-of-date Version (Microsoft SQL Server) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP 2013-A9 Important
Out-of-date Version (MySQL) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP 2013-A9 Important
Password Transmitted over HTTP PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-65, WASC-4, OWASP 2013-A6 Important
Server-Side Request Forgery (Apache Server Status) Important
Server-Side Request Forgery (AWS) Important
Server-Side Request Forgery (elmah MVC) PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC-347, WASC-15, OWASP 2013-A5 Important
Server-Side Request Forgery (elmah) PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC-347, WASC-15, OWASP 2013-A5 Important
Server-Side Request Forgery (MySQL) Important
Server-Side Request Forgery (SSH) Important
Stored Cross-site Scripting PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC-19, WASC-8, OWASP 2013-A3 Important
SVN Detected CAPEC-118, WASC-13, OWASP 2013-A5 Important
Trace.axd Detected PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC-347, WASC-15, OWASP 2013-A5 Important
Unrestricted File Upload PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP 2013-A1 Important
Weak Basic Authentication Credentials PCI v3.1-6.5.10, PCI v3.2-6.5.10, CAPEC-16, WASC-15, OWASP 2013-A6 Important
WebDAV Directory Has Write Permissions PCI v3.1-6.5.8, PCI v3.2-6.5.8, WASC-17 Important
XML External Entity Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-376, WASC-43, OWASP 2013-A1 Important
Active Mixed Content (Font) over HTTPS OWASP 2013-A6 Medium
Active Mixed Content (Resource) over HTTPS OWASP 2013-A6 Medium
Active Mixed Content (Script) over HTTPS OWASP 2013-A6 Medium
Active Mixed Content (Stylesheet) over HTTPS OWASP 2013-A6 Medium
Active Mixed Content (XMLHttpRequest Endpoint) over HTTPS OWASP 2013-A6 Medium
Anonymous Ciphers Supported PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-117, WASC-4, OWASP 2013-A6 Medium
Apache Server-Info Detected CAPEC-347, WASC-14, OWASP 2013-A5 Medium
Apache Server-Status Detected CAPEC-347, WASC-14, OWASP 2013-A5 Medium
Base Tag Hijacking PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC-19, WASC-8, OWASP 2013-A3 Medium
Critical Form Send to HTTP PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-65, WASC-4, OWASP 2013-A6 Medium
Critical Form Served over HTTP PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-65, WASC-4, OWASP 2013-A6 Medium
CVS Detected CAPEC-118, WASC-13, OWASP 2013-A5 Medium
Frame Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, WASC-38, OWASP 2013-A10 Medium
GIT Detected CAPEC-118, WASC-13, OWASP 2013-A5 Medium
HTTP Header Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-105, WASC-24, OWASP 2013-A1 Medium
Insecure HTTP Usage WASC-4, OWASP 2013-A5 Medium
Insecure Transportation Security Protocol Supported (SSLv3) PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-217, WASC-4, OWASP 2013-A6 Medium
Invalid SSL Certificate PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-459, WASC-4, OWASP 2013-A6 Medium
Microsoft Access Database File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, WASC-2, OWASP 2013-A7 Medium
Open Policy Crossdomain.xml Detected WASC-15, OWASP 2013-A5 Medium
Open Redirection WASC-38, OWASP 2013-A10 Medium
Open Redirection (DOM based) WASC-38, OWASP 2013-A10 Medium
Open Silverlight Client Access Policy WASC-15, OWASP 2013-A5 Medium
Password Transmitted over Query String PCI v3.1-6.5.4, PCI v3.2-6.5.4, WASC-13, OWASP 2013-A6 Medium
RSA Private Key Detected CAPEC-118, WASC-13, OWASP 2013-A6 Medium
Server-Side Request Forgery (Time Based) OWASP 2013-A1 Medium
Source Code Disclosure (ASP.NET) CAPEC-118, WASC-13, OWASP 2013-A5 Medium
Source Code Disclosure (ColdFusion) CAPEC-118, WASC-13, OWASP 2013-A5 Medium
Source Code Disclosure (Generic) CAPEC-118, WASC-13, OWASP 2013-A5 Medium
Source Code Disclosure (Java) CAPEC-118, WASC-13, OWASP 2013-A5 Medium
Source Code Disclosure (Perl) CAPEC-118, WASC-13, OWASP 2013-A5 Medium
Source Code Disclosure (PHP) CAPEC-118, WASC-13, OWASP 2013-A5 Medium
Source Code Disclosure (Python) CAPEC-118, WASC-13, OWASP 2013-A5 Medium
Source Code Disclosure (Ruby) CAPEC-118, WASC-13, OWASP 2013-A5 Medium
Source Code Disclosure (Tomcat) CAPEC-118, WASC-13, OWASP 2013-A5 Medium
SQLite Database File Found PCI v3.1-6.5.8, PCI v3.2-6.5.8, WASC-2, OWASP 2013-A7 Medium
Stack Trace Disclosure (ColdFusion) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Medium
Stack Trace Disclosure (Django) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Medium
Stack Trace Disclosure (Java) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Medium
Stack Trace Disclosure (Laravel) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Medium
Stack Trace Disclosure (Python) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Medium
Stack Trace Disclosure (RoR) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Medium
Stack Trace Disclosure (Ruby-Sinatra Framework) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Medium
Sublime SFTP Config File Detected WASC-15, OWASP 2013-A5 Medium
ViewState MAC Disabled WASC-15 Medium
Weak Ciphers Enabled PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-217, WASC-4, OWASP 2013-A6 Medium
.DS_Store File Found PCI v3.1-6.5.8, PCI v3.2-6.5.8, WASC-2, OWASP 2013-A7 Low
Apache Multiple Choices Enabled WASC-14, OWASP 2013-A5 Low
Apache MultiViews Enabled WASC-14, OWASP 2013-A5 Low
Autocomplete Enabled WASC-15, OWASP 2013-A5 Low
Backup File Disclosure PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP 2013-A7 Low
Cookie Not Marked as HttpOnly CAPEC-107, WASC-15, OWASP 2013-A5 Low
Cookie Values Used in Anti-CSRF Token OWASP 2013-A5 Low
Cross-site Request Forgery PCI v3.1-6.5.9, PCI v3.2-6.5.9, CAPEC-62, WASC-9, OWASP 2013-A8 Low
Cross-site Request Forgery in Login Form PCI v3.1-6.5.9, PCI v3.2-6.5.9, CAPEC-62, WASC-9, OWASP 2013-A8 Low
Database Error Message Disclosure PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-118, WASC-13, OWASP 2013-A5 Low
Database Name Disclosure (Microsoft SQL Server) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-118, WASC-13, OWASP 2013-A5 Low
Database Name Disclosure (MySQL) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-118, WASC-13, OWASP 2013-A5 Low
Django Debug Mode Enabled PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Low
Exception Report Disclosure (Tomcat) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Low
Form Hijacking Low
Information Disclosure (Microsoft Office) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-118, WASC-13 Low
Information Disclosure (phpinfo()) CAPEC-346, WASC-13, OWASP 2013-A5 Low
Insecure Frame (External) Low
Insecure JSONP Endpoint WASC-15, OWASP 2013-A5 Low
Insecure Reflected Content WASC-15, OWASP 2013-A5 Low
Insecure Transportation Security Protocol Supported (TLS 1.0) PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-217, WASC-4, OWASP 2013-A6 Low
Internal IP Address Disclosure Low
Internal Server Error Low
Laravel Debug Mode Enabled PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Low
Laravel Environment Configuration File Detected WASC-15, OWASP 2013-A5 Low
Microsoft IIS Log File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP 2013-A7 Low
Microsoft Outlook Personal Folders File (.pst) Found PCI v3.1-6.5.8, PCI v3.2-6.5.8, WASC-2, OWASP 2013-A7 Low
Misconfigured Access-Control-Allow-Origin Header WASC-15, OWASP 2013-A5 Low
Misconfigured Frame Low
Missing Content-Type Header OWASP 2013-A5 Low
Missing X-Frame-Options Header CAPEC-103, OWASP 2013-A5 Low
Mixed Content over HTTPS OWASP 2013-A6 Low
Open Redirection in POST method WASC-38, OWASP 2013-A10 Low
Passive Web Backdoor Detected PCI v3.1-6.5.6, PCI v3.2-6.5.6 Low
Phishing by Navigating Browser Tabs OWASP 2013-A5 Low
Programming Error Message PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-118, WASC-13, OWASP 2013-A5 Low
Reflected File Download PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-375, WASC-42, OWASP 2013-A1 Low
RoR Database Configuration File Detected WASC-15, OWASP 2013-A5 Low
RoR Development Mode Enabled PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Low
Server-Side Request Forgery OWASP 2013-A1 Low
Social Security Number Disclosure PCI v3.1-6.5.3, PCI v3.2-6.5.3, CAPEC-118, WASC-13, OWASP 2013-A6 Low
Stack Trace Disclosure (Apache MyFaces) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Low
Stack Trace Disclosure (ASP.NET) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Low
Stack Trace Disclosure (Grails) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Low
Struts2 Development Mode Enabled PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Low
Subresource Integrity (SRI) Hash Invalid Low
TRACE/TRACK Method Detected CAPEC-107, WASC-14, OWASP 2013-A5 Low
Unexpected Redirect Response Body (Two Responses) Low
User Controllable Cookie Low
Username Disclosure (Microsoft SQL Server) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-118, WASC-13, OWASP 2013-A5 Low
Username Disclosure (MySQL) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-118, WASC-13, OWASP 2013-A5 Low
Version Disclosure (Apache Coyote) CAPEC-170, WASC-45 Low
Version Disclosure (Apache Module) CAPEC-170, WASC-45 Low
Version Disclosure (Apache) CAPEC-170, WASC-45 Low
Version Disclosure (ASP.NET MVC) CAPEC-170, WASC-45 Low
Version Disclosure (ASP.NET) CAPEC-170, WASC-45 Low
Version Disclosure (Django) CAPEC-170, WASC-45 Low
Version Disclosure (Frontpage) CAPEC-170, WASC-45 Low
Version Disclosure (Java Servlet) CAPEC-170, WASC-45 Low
Version Disclosure (Lighttpd) CAPEC-170, WASC-45 Low
Version Disclosure (mod_ssl) CAPEC-170, WASC-45 Low
Version Disclosure (Mongrel Web Server) CAPEC-170, WASC-45 Low
Version Disclosure (Nginx) CAPEC-170, WASC-45 Low
Version Disclosure (NuSOAP) CAPEC-170, WASC-45 Low
Version Disclosure (OpenSSL) CAPEC-170, WASC-45 Low
Version Disclosure (Oracle) CAPEC-170, WASC-45 Low
Version Disclosure (Perl) CAPEC-170, WASC-45 Low
Version Disclosure (PHP) CAPEC-170, WASC-45 Low
Version Disclosure (Python) CAPEC-170, WASC-45 Low
Version Disclosure (RoR) CAPEC-170, WASC-45 Low
Version Disclosure (Ruby) CAPEC-170, WASC-45 Low
Version Disclosure (RubyGems) CAPEC-170, WASC-45 Low
Version Disclosure (SharePoint) CAPEC-170, WASC-45 Low
Version Disclosure (Tomcat) CAPEC-170, WASC-45 Low
Version Disclosure (Web Logic) CAPEC-170, WASC-45 Low
Version Disclosure (WEBrick) CAPEC-170, WASC-45 Low
ViewState is not Encrypted WASC-15 Low
Windows Short Filename PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP 2013-A7 Low
Windows Username Disclosure PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-118, WASC-13 Low
Adminer Detected OWASP PC-C6 Information
Administration Page Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP PC-C6, OWASP 2013-A7 Information
An Unsafe Content Security Policy (CSP) Directive In Use Information
Apache Web Server Identified OWASP PC-C7 Information
ASP.NET Debugging Enabled WASC-14, OWASP PC-C7, OWASP 2013-A5 Information
ASP.NET Identified OWASP PC-C7 Information
Autocomplete Enabled (Password Field) WASC-15, OWASP 2013-A5 Information
AWStats Detected CAPEC-224, WASC-45, OWASP PC-C6 Information
Basic Authorization Required Information
Configuration File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP 2013-A7 Information
Content Security Policy (CSP) Contains Out of Scope report-uri Domain OWASP 2013-A6 Information
Content Security Policy (CSP) Keywords Not Used within Single Quotes OWASP 2013-A5 Information
Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes OWASP 2013-A5 Information
Content Security Policy (CSP) Nonce without Matching Script Block OWASP 2013-A5 Information
Content Security Policy (CSP) Not Implemented OWASP PC-C9 Information
Content Security Policy (CSP) report-uri Uses HTTP OWASP 2013-A6 Information
Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags OWASP 2013-A5 Information
Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive OWASP 2013-A5 Information
Cookie Header Contains Multiple Cookies OWASP 2013-A5 Information
Credit Card Disclosure PCI v3.1-6.5.3, PCI v3.2-6.5.3, CAPEC-118, WASC-13, OWASP PC-C7, OWASP 2013-A6 Information
Crossdomain.xml Detected OWASP PC-C6 Information
Cross-site Referrer Leakage through Permissive Referrer-Policy OWASP PC-C9, OWASP 2013-A6 Information
Cross-site Referrer Leakage through Referrer-Policy OWASP PC-C9, OWASP 2013-A6 Information
Cross-site Referrer Leakage through Referrer-Policy OWASP PC-C9, OWASP 2013-A6 Information
Cross-site Scripting Protection Disabled OWASP PC-C9 Information
data: Used in a Content Security Policy (CSP) Directive Information
Database Connection String Detected WASC-15, OWASP PC-C7, OWASP 2013-A5 Information
Database Detected (Microsoft Access) Information
Database Detected (Microsoft SQL Server) Information
Database Detected (MySQL) Information
Database Detected (Oracle) Information
Database Detected (PostgreSQL) Information
DbNinja Detected OWASP PC-C6 Information
Default Page Detected (Apache) OWASP PC-C7 Information
Default Page Detected (IIS 6) OWASP PC-C7 Information
Default Page Detected (IIS 7) OWASP PC-C7 Information
Default Page Detected (IIS 8) OWASP PC-C7 Information
Default Page Detected (Tomcat) OWASP PC-C7 Information
default-src Used in Content Security Policy (CSP) OWASP PC-C9 Information
Denial of Service (MySQL) OWASP PC-C9 Information
Deprecated Header Instruction Used to Implement Content Security Policy (CSP) OWASP PC-C9 Information
Digest Authorization Required Information
Directory Listing (Apache) CAPEC-127, WASC-16, OWASP PC-C6, OWASP 2013-A5 Information
Directory Listing (ASP.NET Server) CAPEC-127, WASC-16, OWASP PC-C6, OWASP 2013-A5 Information
Directory Listing (IIS) CAPEC-127, WASC-16, OWASP PC-C6, OWASP 2013-A5 Information
Directory Listing (Lighttpd) CAPEC-127, WASC-16, OWASP PC-C6, OWASP 2013-A5 Information
Directory Listing (LiteSpeed) CAPEC-127, WASC-16, OWASP PC-C6, OWASP 2013-A5 Information
Directory Listing (Nginx) CAPEC-127, WASC-16, OWASP PC-C6, OWASP 2013-A5 Information
Directory Listing (Tomcat) CAPEC-127, WASC-16, OWASP PC-C6, OWASP 2013-A5 Information
Directory Listing (WebDAV) CAPEC-127, WASC-16, OWASP PC-C6, OWASP 2013-A5 Information
Drupal Detected OWASP PC-C7 Information
Email Address Disclosure CAPEC-118, WASC-13, OWASP PC-C7 Information
File Upload Functionality Detected OWASP PC-C4 Information
Forbidden Resource OWASP PC-C8 Information
Generic Email Address Disclosure CAPEC-118, WASC-13, OWASP PC-C7 Information
HTTP Strict Transport Security (HSTS) Errors and Warnings OWASP PC-C10 Information
HTTP Strict Transport Security (HSTS) Max-Age Value Too Low OWASP PC-C1 Information
HTTP Strict Transport Security (HSTS) Policy Not Enabled OWASP PC-C8 Information
HTTP Strict Transport Security (HSTS) via HTTP OWASP PC-C1 Information
Incorrect Content Security Policy (CSP) Implementation OWASP 2013-A5 Information
Insecure Target Detected In Secure Site CSP Information
Installation File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP 2013-A7 Information
Intermediate Certificate is Signed Using a Weak Signature Algorithm CAPEC-459, WASC-4, OWASP 2013-A6 Information
Internal Path Disclosure (*nix) CAPEC-118, WASC-13, OWASP PC-C7 Information
Internal Path Disclosure (Windows) CAPEC-118, WASC-13, OWASP PC-C7 Information
Invalid Content Security Policy (CSP) Directive Identified in meta Elements OWASP 2013-A5 Information
Joomla Detected OWASP PC-C7 Information
Log File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP PC-C6, OWASP 2013-A7 Information
MediaWiki Detected OWASP PC-C7 Information
Mint Detected CAPEC-224, WASC-45, OWASP PC-C7 Information
Missing object-src in CSP Declaration OWASP PC-C9 Information
Missing X-XSS-Protection Header OWASP PC-C9 Information
Movable Type Detected Information
Multiple Content Security Policy (CSP) Implementation Detected OWASP PC-C9 Information
Nginx Web Server Identified OWASP PC-C7 Information
No Script Block Detected With The Hash Value Declared in Content Security Policy (CSP) OWASP 2013-A5 Information
Nonce Usage Detected In Content Security Policy (CSP) Directive OWASP PC-C9 Information
NTLM Authorization Required OWASP PC-C6 Information
OpenCart Identified CAPEC-224, WASC-45, OWASP PC-C7 Information
OPTIONS Method Enabled CAPEC-107, WASC-14, OWASP 2013-A5 Information
osCommerce Detected OWASP PC-C7 Information
Out-of-date Version (AngularJS) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Apache) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (ASP.NET SignalR) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Backbone.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Bootbox.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Bootstrap 3 Date/Time Picker) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Bootstrap Toggle) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Bootstrap) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Django) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Dojo) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (DOMPurify) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Drupal) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (DWR) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (easyXDM) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Ember.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (FooTable) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Fuel UX) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Handlebars.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (HTML5 Shiv) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (ImagePicker) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Ion.RangeSlider) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (JavaScript Cookie) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Joomla) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (jPlayer) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (jQuery Mask) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (jQuery Migrate) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (jQuery Mobile) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (jQuery UI Autocomplete) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (jQuery UI Dialog) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (jQuery UI Tooltip) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (jQuery Validation) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (jQuery) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (jsTree) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Knockout Mapping) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Knockout) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (MediaWiki) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Modernizr) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Moment.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Movable Type) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (mustache.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Nginx) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (NuSOAP) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (OpenCart) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (OpenSSL) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (osCommerce) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Perl) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (PHP) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (phpBB) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Plupload) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (prettyPhoto) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Prototype JS) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Python) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (React) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Respond.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (RoR) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Ruby) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (RubyGems) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Select2) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Sortable) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Tomcat) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (TWiki) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (typeahead.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Video.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (WordPress) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (YUI) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
phpBB Detected OWASP PC-C7 Information
phpLiteAdmin Detected OWASP PC-C6 Information
phpMoAdmin Detected OWASP PC-C6 Information
phpMyAdmin Detected OWASP PC-C6 Information
Piwik Detected CAPEC-224, WASC-45, OWASP PC-C7 Information
Readme/Help File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP PC-C7, OWASP 2013-A7 Information
Referrer-Policy Needs Proper Fallback OWASP PC-C9, OWASP 2013-A6 Information
Referrer-Policy Not Implemented OWASP PC-C9, OWASP 2013-A6 Information
Robots.txt Detected OWASP PC-C7 Information
SameSite Cookie Not Implemented OWASP PC-C9 Information
Scheme URI Detected In Content Security Policy (CSP) Directive Information
Shell Script Detected OWASP PC-C6 Information
Silverlight Client Access Policy Detected OWASP PC-C6 Information
Sitemap Detected OWASP PC-C7 Information
SQL File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP PC-C7, OWASP 2013-A7 Information
Static Content Security Policy (CSP) Nonce Identified OWASP 2013-A5 Information
Subresource Integrity (SRI) Not Implemented Information
Test File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP PC-C7, OWASP 2013-A7 Information
TWiki Detected OWASP PC-C7 Information
UNC Server and Share Disclosure WASC-15, OWASP PC-C7, OWASP 2013-A5 Information
Unexpected Redirect Response Body (Too Large) OWASP PC-C6 Information
Unknown Option Used In Referrer-Policy OWASP PC-C9, OWASP 2013-A6 Information
Unsupported Hash Detected In Content Security Policy (CSP) OWASP 2013-A5 Information
Version Disclosure (IIS) CAPEC-170, WASC-45, OWASP PC-C7 Information
Weak Nonce Detected in Content Security Policy (CSP) Declaration OWASP 2013-A5 Information
Web.config File Detected CAPEC-87, WASC-34, OWASP PC-C6, OWASP 2013-A7 Information
Webalizer Detected CAPEC-224, WASC-45, OWASP PC-C6 Information
WebDAV Enabled OWASP PC-C6 Information
Wildcard Detected In Domain Portion of Content Security Policy (CSP) Directive Information
Wildcard Detected In Port Portion of Content Security Policy (CSP) Directive Information
Wildcard Detected In Scheme Portion of Content Security Policy (CSP) Directive Information
WordPress Detected OWASP PC-C7 Information
WS_FTP Log File Detected CAPEC-118, WASC-13, OWASP PC-C6 Information