Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
83 views41 pages

Vulnerability Classification

The document lists various types of vulnerabilities along with their classifications and severity levels. It contains over 50 vulnerabilities ranging from critical issues like SQL injection and code execution to high risks like cross-site scripting and weak encryption. The vulnerabilities span many platforms and languages.

Uploaded by

0xt3st
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
83 views41 pages

Vulnerability Classification

The document lists various types of vulnerabilities along with their classifications and severity levels. It contains over 50 vulnerabilities ranging from critical issues like SQL injection and code execution to high risks like cross-site scripting and weak encryption. The vulnerabilities span many platforms and languages.

Uploaded by

0xt3st
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 41

Vulnerability Name Classifications Severity

Bash Command Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical


Vulnerability (Shellshock Bug) 88, WASC-31, OWASP 2013-A1

Blind Command Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical


88, WASC-31, OWASP 2013-A1

Blind SQL Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical


66, WASC-19, OWASP 2013-A1

Boolean Based SQL Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
66, WASC-19, OWASP 2013-A1

Code Evaluation (Apache Struts S02- PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
53) 23, OWASP 2013-A1

Code Evaluation (Apache Struts) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
23, OWASP 2013-A1

Code Evaluation (Apache Struts) S2- PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
045 23, OWASP 2013-A1

Code Evaluation (Apache Struts) S2- PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
046 23, OWASP 2013-A1

Code Evaluation (ASP) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical


23, OWASP 2013-A1

Code Evaluation (Node.js) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical


23, OWASP 2013-A1

Code Evaluation (Perl) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical


23, OWASP 2013-A1

Code Evaluation (PHP) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical


23, OWASP 2013-A1
Vulnerability Name Classifications Severity

Code Evaluation (RoR - JSON) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
356, WASC-23, OWASP 2013-A1

Code Evaluation (RoR) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical


356, WASC-23, OWASP 2013-A1

Code Evaluation via Local File PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Inclusion (PHP) 251, WASC-33, OWASP 2013-A1

Code Execution via File Upload PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
210, WASC-42, OWASP 2013-A1

Code Execution via Local File PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Inclusion 170, WASC-33, OWASP 2013-A1

Code Execution via Server-Side PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Template Injection 23, OWASP 2013-A1

Code Execution via Server-Side PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Template Injection (Java FreeMarker) 23, OWASP 2013-A1

Code Execution via Server-Side PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Template Injection (Java Velocity) 23, OWASP 2013-A1

Code Execution via Server-Side PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Template Injection (Node.js Dot) 23, OWASP 2013-A1

Code Execution via Server-Side PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Template Injection (Node.js EJS) 23, OWASP 2013-A1

Code Execution via Server-Side PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Template Injection (Node.js Marko) 23, OWASP 2013-A1

Code Execution via Server-Side PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Template Injection (Node.js 23, OWASP 2013-A1
Nunjucks)
Vulnerability Name Classifications Severity

Code Execution via Server-Side PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Template Injection (Node.js Pug 23, OWASP 2013-A1
(Jade))

Code Execution via Server-Side PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Template Injection (PHP Smarty) 23, OWASP 2013-A1

Code Execution via Server-Side PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Template Injection (PHP Twig) 23, OWASP 2013-A1

Code Execution via Server-Side PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Template Injection (Python Jinja) 23, OWASP 2013-A1

Code Execution via Server-Side PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Template Injection (Python Mako) 23, OWASP 2013-A1

Code Execution via Server-Side PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Template Injection (Python Tornado) 23, OWASP 2013-A1

Code Execution via Server-Side PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Template Injection (Ruby ERB) 23, OWASP 2013-A1

Code Execution via Server-Side PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Template Injection (Ruby Slim) 23, OWASP 2013-A1

Code Execution via WebDAV PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Critical
17, WASC-17

Command Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical


88, WASC-31, OWASP 2013-A1

OpenSSL Heartbleed PCI v3.1-6.5.2, PCI v3.2-6.5.2, CAPEC- Critical


216, OWASP 2013-A6

Out of Band Code Evaluation (Apache PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP Critical
Struts 2) 2013-A1
Vulnerability Name Classifications Severity

Out of Band Code Evaluation (Apache PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
Struts 2) S2-053 23, OWASP 2013-A1

Out of Band Code Evaluation (ASP) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
23, OWASP 2013-A1

Out of Band Code Evaluation (Perl) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
23, OWASP 2013-A1

Out of Band Code Evaluation (PHP) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
23, OWASP 2013-A1

Out of Band Code Evaluation (RoR - PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
JSON) 356, WASC-23, OWASP 2013-A1

Out of Band Code Evaluation (RoR) PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
356, WASC-23, OWASP 2013-A1

Out of Band Command Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
88, WASC-31, OWASP 2013-A1

Out of Band Remote File Inclusion PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
193, WASC-5, OWASP 2013-A1

Out of Band SQL Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
66, WASC-19, OWASP 2013-A1

Remote Code Execution and DoS in PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical
HTTP.sys (IIS) 340, WASC-7, OWASP 2013-A1

Remote File Inclusion PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical


193, WASC-5, OWASP 2013-A1

Server-Side Request Forgery PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC- Critical


(trace.axd) 347, WASC-15, OWASP 2013-A5
Vulnerability Name Classifications Severity

Server-Side Template Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP Critical


2013-A1

Server-Side Template Injection (Java PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP Critical
FreeMarker) 2013-A1

Server-Side Template Injection (Java PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP Critical
Velocity) 2013-A1

Server-Side Template Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP Critical


(Node.js Dot) 2013-A1

Server-Side Template Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP Critical


(Node.js EJS) 2013-A1

Server-Side Template Injection (Ruby PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP Critical
ERB) 2013-A1

SQL Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Critical


66, WASC-19, OWASP 2013-A1

Web Backdoor Detected PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC- Critical


443

Backup Source Code Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- High
87, WASC-34, OWASP 2013-A7

Basic Authorization over HTTP PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- High
65, WASC-4, OWASP 2013-A6

Blind Cross-site Scripting PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC- High


19, WASC-8, OWASP 2013-A3

Certificate is Signed Using a Weak PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- High
Signature Algorithm 459, WASC-4, OWASP PC-C7, OWASP
2013-A6
Vulnerability Name Classifications Severity

Cookie Not Marked as Secure PCI v3.1-6.5.10, PCI v3.2-6.5.10, High


CAPEC-102, WASC-15, OWASP 2013-
A6

Cross-site Scripting PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC- High


19, WASC-8, OWASP 2013-A3

Cross-site Scripting (DOM based) PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC- High
19, WASC-8, OWASP 2013-A3

Cross-site Scripting via Remote File PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC- High
Inclusion 19, WASC-8, OWASP 2013-A3

Database User Has Admin Privileges PCI v3.1-6.5.6, PCI v3.2-6.5.6, WASC- High
14, OWASP 2013-A5

Elmah.axd Detected PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC- High


347, WASC-15, OWASP 2013-A5

Expression Language Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP High


2013-A1

Insecure Transportation Security PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- High


Protocol Supported (SSLv2) 217, WASC-4, OWASP 2013-A6

Local File Inclusion PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- High


252, WASC-33, OWASP 2013-A4

Out of Band XML External Entity PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- High
Injection 376, WASC-43, OWASP 2013-A1

Out-of-date Version (Microsoft SQL PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- High
Server) 310, OWASP 2013-A9

Out-of-date Version (MySQL) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- High


310, OWASP 2013-A9
Vulnerability Name Classifications Severity

Out-of-date Version (PostgreSQL) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- High


310, OWASP 2013-A9

Password Transmitted over HTTP PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- High
65, WASC-4, OWASP 2013-A6

ROBOT Attack Detected (Strong PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- High
Oracle) 217, WASC-4, OWASP 2013-A6

ROBOT Attack Detected (Weak PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- High
Oracle) 217, WASC-4, OWASP 2013-A6

Server-Side Request Forgery (Apache High


Server Status)

Server-Side Request Forgery (AWS) High

Server-Side Request Forgery (elmah PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC- High
MVC) 347, WASC-15, OWASP 2013-A5

Server-Side Request Forgery (elmah) PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC- High
347, WASC-15, OWASP 2013-A5

Server-Side Request Forgery (MySQL) High

Server-Side Request Forgery (SSH) High

Stored Cross-site Scripting PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC- High


19, WASC-8, OWASP 2013-A3

SVN Detected CAPEC-118, WASC-13, OWASP 2013- High


A5

Trace.axd Detected PCI v3.1-6.5.6, PCI v3.2-6.5.6, CAPEC- High


347, WASC-15, OWASP 2013-A5
Vulnerability Name Classifications Severity

Unrestricted File Upload PCI v3.1-6.5.1, PCI v3.2-6.5.1, OWASP High


2013-A1

Weak Basic Authentication PCI v3.1-6.5.10, PCI v3.2-6.5.10, High


Credentials CAPEC-16, WASC-15, OWASP 2013-
A6

WebDAV Directory Has Write PCI v3.1-6.5.8, PCI v3.2-6.5.8, WASC- High
Permissions 17

XML External Entity Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- High
376, WASC-43, OWASP 2013-A1

Active Mixed Content over HTTPS OWASP 2013-A6 Medium

Anonymous Ciphers Supported PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- Medium


117, WASC-4, OWASP 2013-A6

Apache Server-Info Detected CAPEC-347, WASC-14, OWASP 2013- Medium


A5

Apache Server-Status Detected CAPEC-347, WASC-14, OWASP 2013- Medium


A5

Base Tag Hijacking PCI v3.1-6.5.7, PCI v3.2-6.5.7, CAPEC- Medium


19, WASC-8, OWASP 2013-A3

Critical Form Send to HTTP PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- Medium
65, WASC-4, OWASP 2013-A6

Critical Form Served over HTTP PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- Medium
65, WASC-4, OWASP 2013-A6

CVS Detected CAPEC-118, WASC-13, OWASP 2013- Medium


A5
Vulnerability Name Classifications Severity

Frame Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, WASC- Medium


38, OWASP 2013-A10

GIT Detected CAPEC-118, WASC-13, OWASP 2013- Medium


A5

HTTP Header Injection PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Medium


105, WASC-24, OWASP 2013-A1

Insecure HTTP Usage WASC-4, OWASP 2013-A5 Medium

Insecure Transportation Security PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- Medium


Protocol Supported (SSLv3) 217, WASC-4, OWASP 2013-A6

Invalid SSL Certificate PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- Medium


459, WASC-4, OWASP 2013-A6

Microsoft Access Database File PCI v3.1-6.5.8, PCI v3.2-6.5.8, WASC- Medium
Detected 2, OWASP 2013-A7

Open Policy Crossdomain.xml WASC-15, OWASP 2013-A5 Medium


Detected

Open Redirection WASC-38, OWASP 2013-A10 Medium

Open Redirection (DOM based) WASC-38, OWASP 2013-A10 Medium

Open Silverlight Client Access Policy WASC-15, OWASP 2013-A5 Medium

Password Transmitted over Query PCI v3.1-6.5.4, PCI v3.2-6.5.4, WASC- Medium
String 13, OWASP 2013-A6

RSA Private Key Detected CAPEC-118, WASC-13, OWASP 2013- Medium


A6
Vulnerability Name Classifications Severity

Server-Side Request Forgery (Time OWASP 2013-A1 Medium


Based)

Source Code Disclosure (ASP.NET) CAPEC-118, WASC-13, OWASP 2013- Medium


A5

Source Code Disclosure (ColdFusion) CAPEC-118, WASC-13, OWASP 2013- Medium


A5

Source Code Disclosure (Generic) CAPEC-118, WASC-13, OWASP 2013- Medium


A5

Source Code Disclosure (Java) CAPEC-118, WASC-13, OWASP 2013- Medium


A5

Source Code Disclosure (Perl) CAPEC-118, WASC-13, OWASP 2013- Medium


A5

Source Code Disclosure (PHP) CAPEC-118, WASC-13, OWASP 2013- Medium


A5

Source Code Disclosure (Python) CAPEC-118, WASC-13, OWASP 2013- Medium


A5

Source Code Disclosure (Ruby) CAPEC-118, WASC-13, OWASP 2013- Medium


A5

Source Code Disclosure (Tomcat) CAPEC-118, WASC-13, OWASP 2013- Medium


A5

SQLite Database File Found PCI v3.1-6.5.8, PCI v3.2-6.5.8, WASC- Medium
2, OWASP 2013-A7

Stack Trace Disclosure (ColdFusion) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Medium
214, WASC-14, OWASP 2013-A5
Vulnerability Name Classifications Severity

Stack Trace Disclosure (Django) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Medium
214, WASC-14, OWASP 2013-A5

Stack Trace Disclosure (Java) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Medium
214, WASC-14, OWASP 2013-A5

Stack Trace Disclosure (Laravel) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Medium
214, WASC-14, OWASP 2013-A5

Stack Trace Disclosure (Python) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Medium
214, WASC-14, OWASP 2013-A5

Stack Trace Disclosure (RoR) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Medium
214, WASC-14, OWASP 2013-A5

Stack Trace Disclosure (Ruby-Sinatra PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Medium
Framework) 214, WASC-14, OWASP 2013-A5

Sublime SFTP Config File Detected WASC-15, OWASP 2013-A5 Medium

ViewState MAC Disabled WASC-15 Medium

Weak Ciphers Enabled PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- Medium


217, WASC-4, OWASP 2013-A6

WordPress Setup Configuration File PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Medium
212, WASC-14, OWASP 2013-A5

.DS_Store File Found PCI v3.1-6.5.8, PCI v3.2-6.5.8, WASC- Low


2, OWASP 2013-A7

Apache Multiple Choices Enabled WASC-14, OWASP 2013-A5 Low

Apache MultiViews Enabled WASC-14, OWASP 2013-A5 Low


Vulnerability Name Classifications Severity

Autocomplete Enabled WASC-15, OWASP 2013-A5 Low

Backup File Disclosure PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Low


87, WASC-34, OWASP 2013-A7

Cookie Not Marked as HttpOnly CAPEC-107, WASC-15, OWASP 2013- Low


A5

Cookie Values Used in Anti-CSRF OWASP 2013-A5 Low


Token

Cross-site Request Forgery PCI v3.1-6.5.9, PCI v3.2-6.5.9, CAPEC- Low


62, WASC-9, OWASP 2013-A8

Cross-site Request Forgery in Login PCI v3.1-6.5.9, PCI v3.2-6.5.9, CAPEC- Low
Form 62, WASC-9, OWASP 2013-A8

Database Error Message Disclosure PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
118, WASC-13, OWASP 2013-A5

Database Name Disclosure PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low


(Microsoft SQL Server) 118, WASC-13, OWASP 2013-A5

Database Name Disclosure (MySQL) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
118, WASC-13, OWASP 2013-A5

Django Debug Mode Enabled PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
214, WASC-14, OWASP 2013-A5

Exception Report Disclosure (Tomcat) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
214, WASC-14, OWASP 2013-A5

Form Hijacking Low

Information Disclosure (Microsoft PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low


Office) 118, WASC-13
Vulnerability Name Classifications Severity

Information Disclosure (phpinfo()) CAPEC-346, WASC-13, OWASP 2013- Low


A5

Insecure Frame (External) Low

Insecure JSONP Endpoint WASC-15, OWASP 2013-A5 Low

Insecure Reflected Content WASC-15, OWASP 2013-A5 Low

Insecure Transportation Security PCI v3.1-6.5.4, PCI v3.2-6.5.4, CAPEC- Low


Protocol Supported (TLS 1.0) 217, WASC-4, OWASP 2013-A6

Internal IP Address Disclosure Low

Internal Server Error Low

Laravel Debug Mode Enabled PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
214, WASC-14, OWASP 2013-A5

Laravel Environment Configuration WASC-15, OWASP 2013-A5 Low


File Detected

Microsoft IIS Log File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Low
87, WASC-34, OWASP 2013-A7

Microsoft Outlook Personal Folders PCI v3.1-6.5.8, PCI v3.2-6.5.8, WASC- Low
File (.pst) Found 2, OWASP 2013-A7

Misconfigured Access-Control-Allow- WASC-15, OWASP 2013-A5 Low


Origin Header

Misconfigured Frame Low

Missing Content-Type Header OWASP 2013-A5 Low


Vulnerability Name Classifications Severity

Missing X-Frame-Options Header CAPEC-103, OWASP 2013-A5 Low

Open Redirection in POST method WASC-38, OWASP 2013-A10 Low

Passive Mixed Content over HTTPS OWASP 2013-A6 Low

Passive Web Backdoor Detected PCI v3.1-6.5.6, PCI v3.2-6.5.6 Low

Phishing by Navigating Browser Tabs OWASP 2013-A5 Low

Programming Error Message PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low


118, WASC-13, OWASP 2013-A5

Reflected File Download PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC- Low


375, WASC-42, OWASP 2013-A1

RoR Database Configuration File WASC-15, OWASP 2013-A5 Low


Detected

RoR Development Mode Enabled PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
214, WASC-14, OWASP 2013-A5

Server-Side Request Forgery OWASP 2013-A1 Low

Social Security Number Disclosure PCI v3.1-6.5.3, PCI v3.2-6.5.3, CAPEC- Low
118, WASC-13, OWASP 2013-A6

Stack Trace Disclosure (Apache PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
MyFaces) 214, WASC-14, OWASP 2013-A5

Stack Trace Disclosure (ASP.NET) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
214, WASC-14, OWASP 2013-A5

Stack Trace Disclosure (Grails) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
214, WASC-14, OWASP 2013-A5
Vulnerability Name Classifications Severity

Struts2 Development Mode Enabled PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
214, WASC-14, OWASP 2013-A5

Subresource Integrity (SRI) Hash Low


Invalid

TRACE/TRACK Method Detected CAPEC-107, WASC-14, OWASP 2013- Low


A5

Unexpected Redirect Response Body Low


(Two Responses)

User Controllable Cookie Low

Username Disclosure (Microsoft SQL PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low
Server) 118, WASC-13, OWASP 2013-A5

Username Disclosure (MySQL) PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low


118, WASC-13, OWASP 2013-A5

Version Disclosure (Apache Coyote) CAPEC-170, WASC-45 Low

Version Disclosure (Apache Module) CAPEC-170, WASC-45 Low

Version Disclosure (Apache) CAPEC-170, WASC-45 Low

Version Disclosure (ASP.NET MVC) CAPEC-170, WASC-45 Low

Version Disclosure (ASP.NET) CAPEC-170, WASC-45 Low

Version Disclosure (Django) CAPEC-170, WASC-45 Low

Version Disclosure (Frontpage) CAPEC-170, WASC-45 Low


Vulnerability Name Classifications Severity

Version Disclosure (Java Servlet) CAPEC-170, WASC-45 Low

Version Disclosure (Lighttpd) CAPEC-170, WASC-45 Low

Version Disclosure (mod_ssl) CAPEC-170, WASC-45 Low

Version Disclosure (Mongrel Web CAPEC-170, WASC-45 Low


Server)

Version Disclosure (Nginx) CAPEC-170, WASC-45 Low

Version Disclosure (NuSOAP) CAPEC-170, WASC-45 Low

Version Disclosure (OpenSSL) CAPEC-170, WASC-45 Low

Version Disclosure (Oracle) CAPEC-170, WASC-45 Low

Version Disclosure (Perl) CAPEC-170, WASC-45 Low

Version Disclosure (PHP) CAPEC-170, WASC-45 Low

Version Disclosure (Python) CAPEC-170, WASC-45 Low

Version Disclosure (RoR) CAPEC-170, WASC-45 Low

Version Disclosure (Ruby) CAPEC-170, WASC-45 Low

Version Disclosure (RubyGems) CAPEC-170, WASC-45 Low

Version Disclosure (SharePoint) CAPEC-170, WASC-45 Low

Version Disclosure (Tomcat) CAPEC-170, WASC-45 Low


Vulnerability Name Classifications Severity

Version Disclosure (Web Logic) CAPEC-170, WASC-45 Low

Version Disclosure (WEBrick) CAPEC-170, WASC-45 Low

ViewState is not Encrypted WASC-15 Low

Windows Short Filename PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Low


87, WASC-34, OWASP 2013-A7

Windows Username Disclosure PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC- Low


118, WASC-13

AbanteCart Detected OWASP PC-C7 Information

Adminer Detected OWASP PC-C6 Information

Administration Page Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Information


87, WASC-34, OWASP PC-C6, OWASP
2013-A7

Ampache Detected OWASP PC-C7 Information

An Unsafe Content Security Policy Information


(CSP) Directive In Use

Apache Web Server Identified OWASP PC-C7 Information

ASP.NET Debugging Enabled WASC-14, OWASP PC-C7, OWASP Information


2013-A5

ASP.NET Identified OWASP PC-C7 Information

ATutor Detected OWASP PC-C7 Information


Vulnerability Name Classifications Severity

Autocomplete Enabled (Password WASC-15, OWASP 2013-A5 Information


Field)

AWStats Detected CAPEC-224, WASC-45, OWASP PC-C6 Information

Basic Authorization Required Information

Chamilo Detected OWASP PC-C7 Information

Claroline Detected OWASP PC-C7 Information

Collabtive Detected OWASP PC-C7 Information

Concrete5 Detected OWASP PC-C7 Information

Configuration File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Information


87, WASC-34, OWASP 2013-A7

Content Security Policy (CSP) OWASP 2013-A6 Information


Contains Out of Scope report-uri
Domain

Content Security Policy (CSP) OWASP 2013-A5 Information


Keywords Not Used within Single
Quotes

Content Security Policy (CSP) Nonce OWASP 2013-A5 Information


Value Not Used Within Single Quotes

Content Security Policy (CSP) Nonce OWASP 2013-A5 Information


without Matching Script Block

Content Security Policy (CSP) Not OWASP PC-C9 Information


Implemented
Vulnerability Name Classifications Severity

Content Security Policy (CSP) report- OWASP 2013-A6 Information


uri Uses HTTP

Content-Security-Policy-Report-Only OWASP 2013-A5 Information


Cannot Be Declared Between META
Tags

Content-Security-Policy-Report-Only OWASP 2013-A5 Information


Cannot Be Declared Without report-
uri Directive

Cookie Header Contains Multiple OWASP 2013-A5 Information


Cookies

Coppermine Detected OWASP PC-C7 Information

Credit Card Disclosure PCI v3.1-6.5.3, PCI v3.2-6.5.3, CAPEC- Information


118, WASC-13, OWASP PC-C7,
OWASP 2013-A6

Crossdomain.xml Detected OWASP PC-C6 Information

Cross-site Referrer Leakage through OWASP PC-C9, OWASP 2013-A6 Information


Permissive Referrer-Policy

Cross-site Referrer Leakage through OWASP PC-C9, OWASP 2013-A6 Information


Referrer-Policy

Cross-site Referrer Leakage through OWASP PC-C9, OWASP 2013-A6 Information


Referrer-Policy

CubeCart Detected OWASP PC-C7 Information

data: Used in a Content Security Information


Policy (CSP) Directive
Vulnerability Name Classifications Severity

Database Connection String Detected WASC-15, OWASP PC-C7, OWASP Information


2013-A5

Database Detected (Microsoft Information


Access)

Database Detected (Microsoft SQL Information


Server)

Database Detected (MySQL) Information

Database Detected (Oracle) Information

Database Detected (PostgreSQL) Information

DbNinja Detected OWASP PC-C6 Information

Default Page Detected (Apache) OWASP PC-C7 Information

Default Page Detected (IIS 10.0) OWASP PC-C7 Information

Default Page Detected (IIS 6) OWASP PC-C7 Information

Default Page Detected (IIS 7) OWASP PC-C7 Information

Default Page Detected (IIS 7.5) OWASP PC-C7 Information

Default Page Detected (IIS 7.X) OWASP PC-C7 Information

Default Page Detected (IIS 8) OWASP PC-C7 Information

Default Page Detected (IIS 8.5) OWASP PC-C7 Information


Vulnerability Name Classifications Severity

Default Page Detected (Tomcat) OWASP PC-C7 Information

default-src Used in Content Security OWASP PC-C9 Information


Policy (CSP)

Denial of Service (MySQL) OWASP PC-C9 Information

Deprecated Header Instruction Used OWASP PC-C9 Information


to Implement Content Security Policy
(CSP)

Digest Authorization Required Information

Directory Listing (Apache) CAPEC-127, WASC-16, OWASP PC-C6, Information


OWASP 2013-A5

Directory Listing (ASP.NET Server) CAPEC-127, WASC-16, OWASP PC-C6, Information


OWASP 2013-A5

Directory Listing (IIS) CAPEC-127, WASC-16, OWASP PC-C6, Information


OWASP 2013-A5

Directory Listing (Lighttpd) CAPEC-127, WASC-16, OWASP PC-C6, Information


OWASP 2013-A5

Directory Listing (LiteSpeed) CAPEC-127, WASC-16, OWASP PC-C6, Information


OWASP 2013-A5

Directory Listing (Nginx) CAPEC-127, WASC-16, OWASP PC-C6, Information


OWASP 2013-A5

Directory Listing (Tomcat) CAPEC-127, WASC-16, OWASP PC-C6, Information


OWASP 2013-A5

Directory Listing (WebDAV) CAPEC-127, WASC-16, OWASP PC-C6, Information


OWASP 2013-A5
Vulnerability Name Classifications Severity

Disabled X-XSS-Protection Header OWASP PC-C9 Information

DokuWiki Detected OWASP PC-C7 Information

DotClear Detected OWASP PC-C7 Information

Drupal Detected OWASP PC-C7 Information

e107 Detected OWASP PC-C7 Information

Elgg Detected OWASP PC-C7 Information

Email Address Disclosure CAPEC-118, WASC-13, OWASP PC-C7 Information

EspoCRM Detected OWASP PC-C7 Information

Expect-CT Header via HTTP OWASP PC-C10 Information

Expect-CT in Report Only Mode OWASP PC-C9 Information

Expect-CT Not Enabled OWASP PC-C9 Information

Expect-CT Security Header Errors and OWASP PC-C10 Information


Warnings

ExpressJS Identified OWASP PC-C7 Information

Family Connections Detected OWASP PC-C7 Information

File Upload Functionality Detected OWASP PC-C4 Information

FluxBB Detected OWASP PC-C7 Information


Vulnerability Name Classifications Severity

Forbidden Resource OWASP PC-C8 Information

Form Tools Detected OWASP PC-C7 Information

Front Accounting Detected OWASP PC-C7 Information

Generic Email Address Disclosure CAPEC-118, WASC-13, OWASP PC-C7 Information

GibbonEdu Detected OWASP PC-C7 Information

Hesk Detected OWASP PC-C7 Information

HTTP Strict Transport Security (HSTS) OWASP PC-C10 Information


Errors and Warnings

HTTP Strict Transport Security (HSTS) OWASP PC-C1 Information


Max-Age Value Too Low

HTTP Strict Transport Security (HSTS) OWASP PC-C8 Information


Policy Not Enabled

HTTP Strict Transport Security (HSTS) OWASP PC-C10 Information


via HTTP

Incorrect Content Security Policy OWASP 2013-A5 Information


(CSP) Implementation

Insecure Target Detected In Secure Information


Site CSP

Installation File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Information


87, WASC-34, OWASP 2013-A7

Intermediate Certificate is Signed CAPEC-459, WASC-4, OWASP 2013- Information


Using a Weak Signature Algorithm A6
Vulnerability Name Classifications Severity

Internal Path Disclosure (*nix) CAPEC-118, WASC-13, OWASP PC-C7 Information

Internal Path Disclosure (Windows) CAPEC-118, WASC-13, OWASP PC-C7 Information

Invalid Content Security Policy (CSP) OWASP 2013-A5 Information


Directive Identified in meta Elements

Joomla Detected OWASP PC-C7 Information

LimeSurvey Detected OWASP PC-C7 Information

Log File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Information


87, WASC-34, OWASP PC-C6, OWASP
2013-A7

MediaWiki Detected OWASP PC-C7 Information

Mibew Messenger Detected OWASP PC-C7 Information

Mint Detected CAPEC-224, WASC-45, OWASP PC-C7 Information

Missing object-src in CSP Declaration OWASP PC-C9 Information

Missing X-XSS-Protection Header OWASP PC-C9 Information

MODX Detected OWASP PC-C7 Information

Moodle Detected OWASP PC-C7 Information

Movable Type Detected Information

Multiple Content Security Policy OWASP PC-C9 Information


(CSP) Implementation Detected
Vulnerability Name Classifications Severity

MyBB Detected OWASP PC-C7 Information

Nginx Web Server Identified OWASP PC-C7 Information

No Script Block Detected With The OWASP 2013-A5 Information


Hash Value Declared in Content
Security Policy (CSP)

Nonce Usage Detected In Content OWASP PC-C9 Information


Security Policy (CSP) Directive

NTLM Authorization Required OWASP PC-C6 Information

Omeka Detected OWASP PC-C7 Information

OpenCart Detected OWASP PC-C7 Information

OPTIONS Method Enabled CAPEC-107, WASC-14, OWASP 2013- Information


A5

osClass Detected OWASP PC-C7 Information

osCommerce Detected OWASP PC-C7 Information

osTicket Detected OWASP PC-C7 Information

Out-of-date Version (AbanteCart) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Ampache) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (AngularJS) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9
Vulnerability Name Classifications Severity

Out-of-date Version (Apache) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (ASP.NET PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


SignalR) 310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (ATutor) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Backbone.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Bootbox.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Bootstrap 3 PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


Date/Time Picker) 310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Bootstrap PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


Toggle) 310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Bootstrap) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Chamilo) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Chart.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (CKEditor) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Claroline) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9
Vulnerability Name Classifications Severity

Out-of-date Version (Collabtive) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Concerte5) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Coppermine) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (CubeCart) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Django) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Dojo) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (DokuWiki) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (DOMPurify) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (DotClear) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Drupal) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (DWR) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (e107) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9
Vulnerability Name Classifications Severity

Out-of-date Version (easyXDM) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Elgg) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Ember.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (EspoCRM) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Fabric.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Family PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


Connections) 310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (FluxBB) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (FooTable) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Form Tools) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Foundation) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Front PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


Accounting) 310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Fuel UX) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
310, OWASP PC-C1, OWASP 2013-A9
Vulnerability Name Classifications Severity

Out-of-date Version (GibbonEdu) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Hammer.JS) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Handlebars.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Hesk) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (HTML5 Shiv) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (ImagePicker) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Ion.RangeSlider) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (JavaScript PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


Cookie) 310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Joomla) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (jPlayer) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (jQuery Mask) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (jQuery Migrate) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
310, OWASP PC-C1, OWASP 2013-A9
Vulnerability Name Classifications Severity

Out-of-date Version (jQuery Mobile) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (jQuery UI PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


Autocomplete) 310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (jQuery UI PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


Dialog) 310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (jQuery UI PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


Tooltip) 310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (jQuery PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


Validation) 310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (jQuery) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (jsTree) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Knockout PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


Mapping) 310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Knockout) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Leaflet) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Lighttpd) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (LimeSurvey) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9
Vulnerability Name Classifications Severity

Out-of-date Version (MediaWiki) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Mibew PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


Messenger) 310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Modernizr) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (MODX) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Moment.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Moodle) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Movable Type) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (mustache.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (MyBB) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Nginx) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (NuSOAP) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Omeka) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9
Vulnerability Name Classifications Severity

Out-of-date Version (OpenCart) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (OpenSSL) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (osClass) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (osCommerce) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (osTicket) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (ownCloud) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (pdf.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Perl) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Phaser) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Phorum) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Php Address PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
Book) 310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (PHP) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9
Vulnerability Name Classifications Severity

Out-of-date Version (phpBB) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (PhpFusion) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (phpList) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (PhpMyFAQ) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Piwigo) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Pixi.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Plupload) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (PmWiki) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Podcast PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


Generator) 310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (PrestaShop) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (prettyPhoto) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (ProjectSend) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9
Vulnerability Name Classifications Severity

Out-of-date Version (Prototype JS) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Python) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


(Question2Answer) 310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Ramda) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (React) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Respond.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Reveal.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (RoR) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Roundcube) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Ruby) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (RubyGems) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Rukovoditel) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9
Vulnerability Name Classifications Severity

Out-of-date Version (Select2) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Semantic UI) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (SeoPanel) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Serendipity) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Sortable) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (TCExam) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Three.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Tomcat) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (typeahead.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Vanilla Forums) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Video.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Vue.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9
Vulnerability Name Classifications Severity

Out-of-date Version (webERP) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (WeBid) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (WordPress) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (XOOPS) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (YetiForce CRM) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (YOURLS) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (YUI) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Zen Cart) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information
310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (ZenPhoto) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Zepto.js) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Zikula) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9

Out-of-date Version (Zurmo) PCI v3.1-6.2, PCI v3.2-6.2, CAPEC- Information


310, OWASP PC-C1, OWASP 2013-A9
Vulnerability Name Classifications Severity

ownCloud Detected OWASP PC-C7 Information

Phorum Detected OWASP PC-C7 Information

Php Address Book Detected OWASP PC-C7 Information

phpBB Detected OWASP PC-C7 Information

PhpFusion Detected OWASP PC-C7 Information

phpList Detected OWASP PC-C7 Information

phpLiteAdmin Detected OWASP PC-C6 Information

phpMoAdmin Detected OWASP PC-C6 Information

phpMyAdmin Detected OWASP PC-C6 Information

PhpMyFAQ Detected OWASP PC-C7 Information

Piwigo Detected OWASP PC-C7 Information

Piwik Detected CAPEC-224, WASC-45, OWASP PC-C7 Information

PmWiki Detected OWASP PC-C7 Information

Podcast Generator Detected OWASP PC-C7 Information

PrestaShop Detected OWASP PC-C7 Information

ProjectSend Detected OWASP PC-C7 Information


Vulnerability Name Classifications Severity

Question2Answer Detected OWASP PC-C7 Information

Readme/Help File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Information


87, WASC-34, OWASP PC-C7, OWASP
2013-A7

Referrer-Policy Needs Proper OWASP PC-C9, OWASP 2013-A6 Information


Fallback

Referrer-Policy Not Implemented OWASP PC-C9, OWASP 2013-A6 Information

Robots.txt Detected OWASP PC-C7 Information

Roundcube Detected OWASP PC-C7 Information

Rukovoditel Detected OWASP PC-C7 Information

SameSite Cookie Not Implemented OWASP PC-C9 Information

Scheme URI Detected In Content Information


Security Policy (CSP) Directive

SeoPanel Detected OWASP PC-C7 Information

Serendipity Detected OWASP PC-C7 Information

Shell Script Detected OWASP PC-C6 Information

Silverlight Client Access Policy OWASP PC-C6 Information


Detected

Sitemap Detected OWASP PC-C7 Information


Vulnerability Name Classifications Severity

SQL File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Information


87, WASC-34, OWASP PC-C7, OWASP
2013-A7

Static Content Security Policy (CSP) OWASP 2013-A5 Information


Nonce Identified

Subresource Integrity (SRI) Not Information


Implemented

TCExam Detected OWASP PC-C7 Information

Test File Detected PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC- Information


87, WASC-34, OWASP PC-C7, OWASP
2013-A7

UNC Server and Share Disclosure WASC-15, OWASP PC-C7, OWASP Information
2013-A5

Unexpected Redirect Response Body OWASP PC-C6 Information


(Too Large)

Unknown Option Used In Referrer- OWASP PC-C9, OWASP 2013-A6 Information


Policy

Unsupported Hash Detected In OWASP 2013-A5 Information


Content Security Policy (CSP)

Vanilla Forums Detected OWASP PC-C7 Information

Version Disclosure (IIS) CAPEC-170, WASC-45, OWASP PC-C7 Information

Weak Nonce Detected in Content OWASP 2013-A5 Information


Security Policy (CSP) Declaration
Vulnerability Name Classifications Severity

Web.config File Detected CAPEC-87, WASC-34, OWASP PC-C6, Information


OWASP 2013-A7

Webalizer Detected CAPEC-224, WASC-45, OWASP PC-C6 Information

WebDAV Enabled OWASP PC-C6 Information

webERP Detected OWASP PC-C7 Information

WeBid Detected OWASP PC-C7 Information

Wildcard Detected In Domain Portion Information


of Content Security Policy (CSP)
Directive

Wildcard Detected In Port Portion of Information


Content Security Policy (CSP)
Directive

Wildcard Detected In Scheme Portion Information


of Content Security Policy (CSP)
Directive

WordPress Detected OWASP PC-C7 Information

WS_FTP Log File Detected CAPEC-118, WASC-13, OWASP PC-C6 Information

XOOPS Detected OWASP PC-C7 Information

YetiForce CRM Detected OWASP PC-C7 Information

YOURLS Detected OWASP PC-C7 Information

Zen Cart Detected OWASP PC-C7 Information


Vulnerability Name Classifications Severity

ZenPhoto Detected OWASP PC-C7 Information

Zikula Detected OWASP PC-C7 Information

Zurmo Detected OWASP PC-C7 Information

You might also like