Vulnerability Index
Vulnerability Name Classifications Severity
Bash Command Injection Vulnerability (Shellshock Bug) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-88, WASC-31, OWASP 2013-A1 Critical
Blind Command Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-88, WASC-31, OWASP 2013-A1 Critical
Blind SQL Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-66, WASC-19, OWASP 2013-A1 Critical
Boolean Based SQL Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-66, WASC-19, OWASP 2013-A1 Critical
Code Evaluation (ASP) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-23, OWASP 2013-A1 Critical
Code Evaluation (Perl) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-23, OWASP 2013-A1 Critical
Code Evaluation (PHP) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-23, OWASP 2013-A1 Critical
Code Evaluation (RoR - JSON) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-356, WASC-23, OWASP 2013-A1 Critical
Code Evaluation (RoR) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-356, WASC-23, OWASP 2013-A1 Critical
Code Evaluation via Local File Inclusion (PHP) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-170, WASC-33, OWASP 2013-A1 Critical
Code Execution via File Upload PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-210, WASC-42, OWASP 2013-A1 Critical
Code Execution via Local File Inclusion PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP 2013-A4 Critical
Code Execution via WebDAV PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-17, WASC-17 Critical
Command Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-88, WASC-31, OWASP 2013-A1 Critical
OpenSSL Heartbleed PCI v3.1-6.5.2, PCI v3.2-6.5.2, CAPEC-216, OWASP 2013-A6 Critical
Out of Band Code Evaluation (ASP) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-23, OWASP 2013-A1 Critical
Out of Band Code Evaluation (Perl) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-23, OWASP 2013-A1 Critical
Out of Band Code Evaluation (PHP) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-23, OWASP 2013-A1 Critical
Out of Band Code Evaluation (RoR - JSON) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-356, WASC-23, OWASP 2013-A1 Critical
Out of Band Code Evaluation (RoR) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-356, WASC-23, OWASP 2013-A1 Critical
Out of Band Command Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-88, WASC-31, OWASP 2013-A1 Critical
Out of Band Remote File Inclusion PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-193, WASC-5, OWASP 2013-A1 Critical
Out of Band SQL Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-66, WASC-19, OWASP 2013-A1 Critical
Remote Code Execution and DoS in HTTP.sys (IIS) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-340, WASC-7, OWASP 2013-A1 Critical
Remote File Inclusion PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-193, WASC-5, OWASP 2013-A1 Critical
Server-Side Request Forgery (trace.axd) PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC-347, WASC-15, OWASP 2013-A5 Critical
SQL Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-66, WASC-19, OWASP 2013-A1 Critical
Web Backdoor Detected PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC-443 Critical
Backup Source Code Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP 2013-A7 Important
Basic Authorization over HTTP PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-65, WASC-4, OWASP 2013-A6 Important
Blind Cross-site Scripting PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC-19, WASC-8, OWASP 2013-A3 Important
Cookie Not Marked as Secure PCI v3.1-6.5.10, PCI v3.2-6.5.10, CAPEC-102, WASC-15, OWASP 2013-A6 Important
Cross-site Scripting PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC-19, WASC-8, OWASP 2013-A3 Important
Cross-site Scripting (DOM based) Important
Cross-site Scripting via Remote File Inclusion PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC-19, WASC-8, OWASP 2013-A3 Important
Database User Has Admin Privileges PCI v3.1-6.5.6, PCI v3.2-6.5.6, WASC-14, OWASP 2013-A5 Important
Elmah.axd Detected PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC-347, WASC-15, OWASP 2013-A5 Important
Expression Language Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP 2013-A1 Important
Insecure Transportation Security Protocol Supported (SSLv2) PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-217, WASC-4, OWASP 2013-A6 Important
Local File Inclusion PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-251, WASC-33, OWASP 2013-A4 Important
Out of Band XML External Entity Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-376, WASC-43, OWASP 2013-A1 Important
Out-of-date Version (Microsoft SQL Server) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP 2013-A9 Important
Out-of-date Version (MySQL) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP 2013-A9 Important
Password Transmitted over HTTP PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-65, WASC-4, OWASP 2013-A6 Important
Server-Side Request Forgery (AWS) Important
Server-Side Request Forgery (elmah MVC) PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC-347, WASC-15, OWASP 2013-A5 Important
Server-Side Request Forgery (elmah) PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC-347, WASC-15, OWASP 2013-A5 Important
Stored Cross-site Scripting PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC-19, WASC-8, OWASP 2013-A3 Important
SVN Detected CAPEC-118, WASC-13, OWASP 2013-A5 Important
Trace.axd Detected PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC-347, WASC-15, OWASP 2013-A5 Important
Unrestricted File Upload PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP 2013-A1 Important
Weak Basic Authentication Credentials PCI v3.1-6.5.10, PCI v3.2-6.5.10, CAPEC-16, WASC-15, OWASP 2013-A6 Important
WebDAV Directory Has Write Permissions PCI v3.1-6.5.8, PCI v3.2-6.5.8, WASC-17 Important
XML External Entity Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-376, WASC-43, OWASP 2013-A1 Important
Anonymous Ciphers Supported PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-117, WASC-4, OWASP 2013-A6 Medium
Apache Server-Info Detected CAPEC-347, WASC-14, OWASP 2013-A5 Medium
Apache Server-Status Detected CAPEC-347, WASC-14, OWASP 2013-A5 Medium
Base Tag Hijacking PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC-19, WASC-8, OWASP 2013-A3 Medium
Critical Form Send to HTTP PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-65, WASC-4, OWASP 2013-A6 Medium
Critical Form Served over HTTP PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-65, WASC-4, OWASP 2013-A6 Medium
CVS Detected CAPEC-118, WASC-13, OWASP 2013-A5 Medium
Frame Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, WASC-38, OWASP 2013-A10 Medium
GIT Detected CAPEC-118, WASC-13, OWASP 2013-A5 Medium
HTTP Header Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-105, WASC-24, OWASP 2013-A1 Medium
Insecure HTTP Usage WASC-4 Medium
Insecure Transportation Security Protocol Supported (SSLv3) PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-217, WASC-4, OWASP 2013-A6 Medium
Invalid SSL Certificate PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-459, WASC-4, OWASP 2013-A6 Medium
Microsoft Access Database File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, WASC-2, OWASP 2013-A7 Medium
Open Policy Crossdomain.xml Detected WASC-15, OWASP 2013-A5 Medium
Open Redirection WASC-38, OWASP 2013-A10 Medium
Open Redirection (DOM based) WASC-38, OWASP 2013-A10 Medium
Open Silverlight Client Access Policy WASC-15, OWASP 2013-A5 Medium
Password Transmitted over Query String PCI v3.1-6.5.4, PCI v3.2-6.5.4, WASC-13, OWASP 2013-A6 Medium
RSA Private Key Detected CAPEC-118, WASC-13, OWASP 2013-A6 Medium
Source Code Disclosure (ASP.NET) CAPEC-118, WASC-13, OWASP 2013-A5 Medium
Source Code Disclosure (ColdFusion) CAPEC-118, WASC-13, OWASP 2013-A5 Medium
Source Code Disclosure (Generic) CAPEC-118, WASC-13, OWASP 2013-A5 Medium
Source Code Disclosure (Java) CAPEC-118, WASC-13, OWASP 2013-A5 Medium
Source Code Disclosure (Perl) CAPEC-118, WASC-13, OWASP 2013-A5 Medium
Source Code Disclosure (PHP) CAPEC-118, WASC-13, OWASP 2013-A5 Medium
Source Code Disclosure (Python) CAPEC-118, WASC-13, OWASP 2013-A5 Medium
Source Code Disclosure (Ruby) CAPEC-118, WASC-13, OWASP 2013-A5 Medium
Source Code Disclosure (Tomcat) CAPEC-118, WASC-13, OWASP 2013-A5 Medium
SQLite Database File Found PCI v3.1-6.5.8, PCI v3.2-6.5.8, WASC-2, OWASP 2013-A7 Medium
Stack Trace Disclosure (ColdFusion) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Medium
Stack Trace Disclosure (Django) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Medium
Stack Trace Disclosure (Java) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Medium
Stack Trace Disclosure (Laravel) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Medium
Stack Trace Disclosure (Python) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Medium
Stack Trace Disclosure (RoR) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Medium
Stack Trace Disclosure (Ruby-Sinatra Framework) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Medium
Sublime SFTP Config File Detected WASC-15, OWASP 2013-A5 Medium
ViewState MAC Disabled WASC-15 Medium
Weak Ciphers Enabled PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-217, WASC-4, OWASP 2013-A6 Medium
.DS_Store File Found PCI v3.1-6.5.8, PCI v3.2-6.5.8, WASC-2, OWASP 2013-A7 Low
Apache MultiViews Enabled WASC-14, OWASP 2013-A5 Low
Autocomplete Enabled WASC-15, OWASP 2013-A5 Low
Backup File Disclosure PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP 2013-A7 Low
Cookie Header Contains Multiple Cookies Low
Cookie Not Marked as HttpOnly CAPEC-107, WASC-15, OWASP 2013-A5 Low
Cookie Values Used in Anti-CSRF Token OWASP 2013-A5 Low
Cross-site Request Forgery PCI v3.1-6.5.9, PCI v3.2-6.5.9, CAPEC-62, WASC-9, OWASP 2013-A8 Low
Cross-site Request Forgery in Login Form PCI v3.1-6.5.9, PCI v3.2-6.5.9, CAPEC-62, WASC-9, OWASP 2013-A8 Low
Database Error Message Disclosure PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-118, WASC-13, OWASP 2013-A5 Low
Django Debug Mode Enabled PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Low
Exception Report Disclosure (Tomcat) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Low
Form Hijacking Low
Information Disclosure (Microsoft Office) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-118, WASC-13 Low
Information Disclosure (phpinfo()) CAPEC-346, WASC-13, OWASP 2013-A5 Low
Insecure Frame (External) Low
Insecure JSONP Endpoint WASC-15, OWASP 2013-A5 Low
Insecure Reflected Content WASC-15, OWASP 2013-A5 Low
Insecure Transportation Security Protocol Supported (TLS 1.0) PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-217, WASC-4, OWASP 2013-A6 Low
Internal IP Address Disclosure Low
Internal Server Error Low
Laravel Debug Mode Enabled PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Low
Laravel Environment Configuration File Detected WASC-15, OWASP 2013-A5 Low
Microsoft IIS Log File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP 2013-A7 Low
Microsoft Outlook Personal Folders File (.pst) Found PCI v3.1-6.5.8, PCI v3.2-6.5.8, WASC-2, OWASP 2013-A7 Low
Misconfigured Access-Control-Allow-Origin Header WASC-15, OWASP 2013-A5 Low
Misconfigured Frame Low
Missing Content-Type Header OWASP 2013-A5 Low
Missing X-Frame-Options Header CAPEC-103, OWASP 2013-A5 Low
Mixed Content over HTTPS Low
Open Redirection in POST method WASC-38, OWASP 2013-A10 Low
Passive Web Backdoor Detected PCI v3.1-6.5.6, PCI v3.2-6.5.6 Low
Phishing by Navigating Browser Tabs Low
Programming Error Message PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-118, WASC-13, OWASP 2013-A5 Low
Reflected File Download PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-375, WASC-42, OWASP 2013-A1 Low
RoR Database Configuration File Detected WASC-15, OWASP 2013-A5 Low
RoR Development Mode Enabled PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Low
Server-Side Request Forgery OWASP 2013-A1 Low
Social Security Number Disclosure PCI v3.1-6.5.3, PCI v3.2-6.5.3, CAPEC-118, WASC-13, OWASP 2013-A6 Low
Stack Trace Disclosure (Apache MyFaces) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Low
Stack Trace Disclosure (ASP.NET) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Low
Stack Trace Disclosure (Grails) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Low
Struts2 Development Mode Enabled PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-214, WASC-14, OWASP 2013-A5 Low
Subresource Integrity (SRI) Hash Invalid Low
TRACE/TRACK Method Detected CAPEC-107, WASC-14, OWASP 2013-A5 Low
Unexpected Redirect Response Body (Two Responses) Low
Username Disclosure (Microsoft SQL Server) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-118, WASC-13, OWASP 2013-A5 Low
Username Disclosure (MySQL) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-118, WASC-13, OWASP 2013-A5 Low
Version Disclosure (Apache Coyote) CAPEC-170, WASC-45 Low
Version Disclosure (Apache Module) CAPEC-170, WASC-45 Low
Version Disclosure (Apache) CAPEC-170, WASC-45 Low
Version Disclosure (ASP.NET MVC) CAPEC-170, WASC-45 Low
Version Disclosure (ASP.NET) CAPEC-170, WASC-45 Low
Version Disclosure (Django) CAPEC-170, WASC-45 Low
Version Disclosure (Frontpage) CAPEC-170, WASC-45 Low
Version Disclosure (Java Servlet) CAPEC-170, WASC-45 Low
Version Disclosure (LightTPD) CAPEC-170, WASC-45 Low
Version Disclosure (mod_ssl) CAPEC-170, WASC-45 Low
Version Disclosure (Mongrel Web Server) CAPEC-170, WASC-45 Low
Version Disclosure (Nginx) CAPEC-170, WASC-45 Low
Version Disclosure (NuSOAP) CAPEC-170, WASC-45 Low
Version Disclosure (OpenSSL) CAPEC-170, WASC-45 Low
Version Disclosure (Oracle) CAPEC-170, WASC-45 Low
Version Disclosure (Perl) CAPEC-170, WASC-45 Low
Version Disclosure (PHP) CAPEC-170, WASC-45 Low
Version Disclosure (Python) CAPEC-170, WASC-45 Low
Version Disclosure (RoR) CAPEC-170, WASC-45 Low
Version Disclosure (Ruby) CAPEC-170, WASC-45 Low
Version Disclosure (RubyGems) CAPEC-170, WASC-45 Low
Version Disclosure (SharePoint) CAPEC-170, WASC-45 Low
Version Disclosure (Tomcat) CAPEC-170, WASC-45 Low
Version Disclosure (Web Logic) CAPEC-170, WASC-45 Low
Version Disclosure (WEBrick) CAPEC-170, WASC-45 Low
ViewState is not Encrypted WASC-15 Low
Windows Short Filename PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP 2013-A7 Low
Windows Username Disclosure PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-118, WASC-13 Low
Adminer Detected OWASP PC-C6 Information
Administration Page Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP PC-C6, OWASP 2013-A7 Information
An Unsafe Content Security Policy (CSP) Directive In Use OWASP PC-C9 Information
Apache Web Server Identified OWASP PC-C7 Information
ASP.NET Debugging Enabled WASC-14, OWASP PC-C7, OWASP 2013-A5 Information
ASP.NET Identified OWASP PC-C7 Information
Autocomplete Enabled (Password Field) WASC-15, OWASP 2013-A5 Information
AWStats Detected CAPEC-224, WASC-45, OWASP PC-C6 Information
Basic Authorization Required Information
Configuration File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP 2013-A7 Information
Content Security Policy (CSP) Contains Out of Scope report-uri Domain OWASP 2013-A6 Information
Content Security Policy (CSP) Keywords Not Used within Single Quotes OWASP 2013-A5 Information
Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes OWASP 2013-A5 Information
Content Security Policy (CSP) Nonce without Matching Script Block OWASP 2013-A5 Information
Content Security Policy (CSP) Not Implemented OWASP PC-C9 Information
Content Security Policy (CSP) report-uri Uses HTTP OWASP 2013-A6 Information
Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags OWASP 2013-A5 Information
Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive OWASP 2013-A5 Information
Credit Card Disclosure PCI v3.1-6.5.3, PCI v3.2-6.5.3, CAPEC-118, WASC-13, OWASP PC-C7, OWASP 2013-A6 Information
Crossdomain.xml Detected OWASP PC-C6 Information
Cross-site Scripting Protection Disabled OWASP PC-C9 Information
data: Used in a Content Security Policy (CSP) Directive OWASP PC-C9 Information
Database Connection String Detected WASC-15, OWASP PC-C7, OWASP 2013-A5 Information
Database Detected (Microsoft Access) Information
Database Detected (Microsoft SQL Server) Information
Database Detected (MySQL) Information
Database Detected (Oracle) Information
Database Detected (PostgreSQL) Information
DbNinja Detected OWASP PC-C6 Information
Default Page Detected (Apache) OWASP PC-C7 Information
Default Page Detected (IIS 6) OWASP PC-C7 Information
Default Page Detected (IIS 7) OWASP PC-C7 Information
Default Page Detected (IIS 8) OWASP PC-C7 Information
Default Page Detected (Tomcat) OWASP PC-C7 Information
default-src Used in Content Security Policy (CSP) OWASP PC-C9 Information
Denial of Service (MySQL) OWASP PC-C9 Information
Deprecated Header Instruction Used to Implement Content Security Policy (CSP) OWASP PC-C9 Information
Digest Authorization Required Information
Directory Listing (Apache) CAPEC-127, WASC-16, OWASP PC-C6, OWASP 2013-A5 Information
Directory Listing (ASP.NET Server) CAPEC-127, WASC-16, OWASP PC-C6, OWASP 2013-A5 Information
Directory Listing (IIS) CAPEC-127, WASC-16, OWASP PC-C6, OWASP 2013-A5 Information
Directory Listing (LigHTTPD) CAPEC-127, WASC-16, OWASP PC-C6, OWASP 2013-A5 Information
Directory Listing (LiteSpeed) CAPEC-127, WASC-16, OWASP PC-C6, OWASP 2013-A5 Information
Directory Listing (Nginx) CAPEC-127, WASC-16, OWASP PC-C6, OWASP 2013-A5 Information
Directory Listing (Tomcat) CAPEC-127, WASC-16, OWASP PC-C6, OWASP 2013-A5 Information
Directory Listing (WebDAV) CAPEC-127, WASC-16, OWASP PC-C6, OWASP 2013-A5 Information
Drupal Detected OWASP PC-C7 Information
Email Address Disclosure CAPEC-118, WASC-13, OWASP PC-C7 Information
File Upload Functionality Detected OWASP PC-C4 Information
Forbidden Resource OWASP PC-C8 Information
Generic Email Address Disclosure CAPEC-118, WASC-13, OWASP PC-C7 Information
HTTP Strict Transport Security (HSTS) Errors and Warnings OWASP PC-C10 Information
HTTP Strict Transport Security (HSTS) Max-Age Value Too Low OWASP PC-C1 Information
HTTP Strict Transport Security (HSTS) Policy Not Enabled OWASP PC-C8 Information
HTTP Strict Transport Security (HSTS) via HTTP OWASP PC-C1 Information
Incorrect Content Security Policy (CSP) Implementation OWASP 2013-A5 Information
Installation File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP 2013-A7 Information
Internal Path Disclosure (*nix) CAPEC-118, WASC-13, OWASP PC-C7 Information
Internal Path Disclosure (Windows) CAPEC-118, WASC-13, OWASP PC-C7 Information
Invalid Content Security Policy (CSP) Directive Identified in meta Elements OWASP 2013-A5 Information
Joomla Detected OWASP PC-C7 Information
Log File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP PC-C6, OWASP 2013-A7 Information
MediaWiki Detected OWASP PC-C7 Information
Mint Detected CAPEC-224, WASC-45, OWASP PC-C7 Information
Missing object-src in CSP Declaration OWASP PC-C9 Information
Missing X-XSS Protection Header OWASP PC-C9 Information
Movable Type Detected Information
Multiple Content Security Policy (CSP) Implementation Detected OWASP PC-C9 Information
Nginx Web Server Identified OWASP PC-C7 Information
No Script Block Detected With The Hash Value Declared in Content Security Policy (CSP) OWASP 2013-A5 Information
Nonce Usage Detected In Content Security Policy (CSP) Directive OWASP PC-C9 Information
NTLM Authorization Required OWASP PC-C6 Information
OpenCart Identified CAPEC-224, WASC-45, OWASP PC-C7 Information
OPTIONS Method Enabled CAPEC-107, WASC-14, OWASP 2013-A5 Information
osCommerce Detected OWASP PC-C7 Information
Out-of-date Version (AngularJS) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Apache) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Backbone.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Django) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Dojo) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (DOMPurify) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Drupal) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (DWR) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (easyXDM) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Ember.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Handlebars.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Joomla) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (jPlayer) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (jQuery Migrate) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (jQuery Mobile) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (jQuery UI Autocomplete) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (jQuery UI Dialog) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (jQuery UI Tooltip) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (jQuery) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (MediaWiki) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Movable Type) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (mustache.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Nginx) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (NuSOAP) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (OpenCart) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (OpenSSL) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (osCommerce) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Perl) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (PHP) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (phpBB) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Plupload) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (prettyPhoto) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Prototype JS) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Python) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (RoR) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Ruby) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (RubyGems) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Tomcat) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (TWiki) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (Video.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (WordPress) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
Out-of-date Version (YUI) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, OWASP PC-C1, OWASP 2013-A9 Information
phpBB Detected OWASP PC-C7 Information
phpLiteAdmin Detected OWASP PC-C6 Information
phpMoAdmin Detected OWASP PC-C6 Information
phpMyAdmin Detected OWASP PC-C6 Information
Piwik Detected CAPEC-224, WASC-45, OWASP PC-C7 Information
Readme/Help File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP PC-C7, OWASP 2013-A7 Information
Robots.txt Detected OWASP PC-C7 Information
SameSite Cookie Not Implemented OWASP PC-C9 Information
Shell Script Detected OWASP PC-C6 Information
Silverlight Client Access Policy Detected OWASP PC-C6 Information
Sitemap Detected OWASP PC-C7 Information
SQL File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP PC-C7, OWASP 2013-A7 Information
Static Content Security Policy (CSP) Nonce Identified OWASP 2013-A5 Information
Subresource Integrity (SRI) Not Implemented Information
Test File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-87, WASC-34, OWASP PC-C7, OWASP 2013-A7 Information
TWiki Detected OWASP PC-C7 Information
UNC Server and Share Disclosure WASC-15, OWASP PC-C7, OWASP 2013-A5 Information
Unexpected Redirect Response Body (Too Large) OWASP PC-C6 Information
Unsupported Hash Detected In Content Security Policy (CSP) OWASP 2013-A5 Information
Version Disclosure (IIS) CAPEC-170, WASC-45, OWASP PC-C7 Information
Weak Nonce Detected in Content Security Policy (CSP) Declaration OWASP 2013-A5 Information
Weak Signature Algorithm Supported PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC-459, WASC-4, OWASP PC-C7, OWASP 2013-A6 Information
Web.config File Detected CAPEC-87, WASC-34, OWASP PC-C6, OWASP 2013-A7 Information
Webalizer Detected CAPEC-224, WASC-45, OWASP PC-C6 Information
WebDAV Enabled OWASP PC-C6 Information
Wildcard Detected In Domain Portion of Content Security Policy (CSP) Directive OWASP PC-C9 Information
Wildcard Detected In Port Portion of Content Security Policy (CSP) Directive OWASP PC-C9 Information
Wildcard Detected In Scheme Portion of Content Security Policy (CSP) Directive OWASP 2013-A5 Information
WordPress Detected OWASP PC-C7 Information
WS_FTP Log File Detected CAPEC-118, WASC-13, OWASP PC-C6 Information