Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.3.2229

High Severity Vulnerabilities

Found 12984 vulnerabilities at High severity.

Vulnerability Name
CVE
CWE
Severity
Trace.axd Detected
-
CWE-215
High
Microsoft ASP.NET Forms authentication bypass
CVE-2011-3416
CWE-264
High
[Possible] Backup Source Code Detected
-
CWE-538
High
Cmd hijack vulnerability
-
CWE-94
High
ColdFusion directory traversal
CVE-2010-2861
CWE-22
High
Adobe Coldfusion 8 multiple linked XSS vulnerabilies
CVE-2009-1872
CWE-79
High
Cross-site Scripting (DOM based)
-
CWE-79
High
Directory traversal
-
CWE-22
High
Server directory traversal
-
CWE-22
High
Local File Inclusion
-
CWE-20
High
Hibernate Query Language (HQL) Injection
-
CWE-564
High
IIS extended unicode directory traversal vulnerability
CVE-2000-0884
CWE-22
High
Macromedia Dreamweaver remote database scripts
CVE-2004-1893
CWE-200
High
Plone arbitrary code execution
CVE-2011-3587
CWE-78
High
Cross-site Scripting via Remote File Inclusion
-
CWE-79
High
WebDAV Directory Has Write Permissions
-
CWE-264
High
Code Execution via WebDav
-
CWE-434
High
Configuration file disclosure
-
CWE-538
High
web.xml configuration file disclosure
-
CWE-538
High
Cross-site Scripting
-
CWE-79
High
Cross site scripting via Bootstrap
-
CWE-79
High
Possible cross site scripting via Host header
-
CWE-79
High
Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack
-
CWE-611
High
Cross site scripting in HTTP-01 ACME challenge implementation
-
CWE-79
High
Lotus Notes formula injection
-
CWE-89
High
Configuration file source code disclosure
-
CWE-538
High
PHP code injection (pmwiki)
-
CWE-94
High
Edge Side Include injection
-
CWE-918
High
Expression language injection
-
CWE-917
High
LDAP injection
-
CWE-20
High
Trojan shell script
-
CWE-507
High
User controllable script source
-
CWE-79
High
XPath injection vulnerability
-
CWE-643
High
Apache Axis2 administration console weak password
-
CWE-200
High
ColdFusion User-Agent cross-site scripting
CVE-2007-0817
CWE-79
High
Devise weak password
-
CWE-200
High
GlassFish admin console weak credentials
-
CWE-693
High
IBM WebSphere administration console weak password
-
CWE-200
High
Microsoft IIS WebDAV authentication bypass
CVE-2009-1535
CWE-287
High
Jenkins weak password
-
CWE-200
High
Microsoft IIS5 NTLM and Basic authentication bypass
CVE-2007-2815
CWE-264
High
SAP weak/predictable user credentials
-
CWE-200
High
Weak password
-
CWE-200
High
WebLogic admin console weak credentials
-
CWE-693
High
Webmail weak password
-
CWE-200
High
Web application default/weak credentials
-
CWE-200
High
Adobe Flex 3 DOM-based XSS vulnerability
CVE-2008-2640
CWE-79
High
AjaxControlToolkit directory traversal
CVE-2015-4670
CWE-434
High
Akeeba backup access control bypass
-
CWE-287
High
WordPress plugin All in One SEO Pack privilege escalation vulnerabilities
-
CWE-269
High
AngularJS client-side template injection
-
CWE-79
High
Apache Axis2 xsd local file inclusion
-
CWE-22
High
Apache Roller OGNL injection
CVE-2013-4212
CWE-20
High
Apache Tomcat version older than 6.0.35
CVE-2012-0022
CWE-264
High
Apache Tomcat version older than 6.0.36
CVE-2012-4534
CWE-20
High
Apache Tomcat version older than 7.0.21
CVE-2011-3190
CWE-264
High
Apache Tomcat version older than 7.0.23
CVE-2012-0022
CWE-189
High
Apache Tomcat version older than 7.0.28
CVE-2012-4534
CWE-20
High
Apache Tomcat version older than 7.0.30
CVE-2012-3546
CWE-20
High
File upload XSS (Java applet)
-
CWE-79
High
Arbitrary File Creation
-
CWE-20
High
Arbitrary File Deletion
-
CWE-20
High
PHP magic_quotes_gpc is disabled
-
CWE-150
High
Barracuda networks products multiple directory traversal vulnerabilities
-
CWE-22
High
Basic authentication over HTTP
-
CWE-522
High
Blind XSS
-
CWE-80
High
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability
CVE-2010-4335
CWE-20
High
CodeIgniter session decoding vulnerability
-
CWE-327
High
CodeIgniter 2.1.3 xss_clean() filter bypass
CVE-2013-4891
CWE-80
High
Adobe ColdFusion directory traversal
CVE-2013-3336
CWE-22
High
Adobe ColdFusion 9 administrative login bypass
CVE-2013-0632
CWE-287
High
Security update: Hotfix available for ColdFusion
CVE-2013-0632
CWE-255
High
Vulnerable project dependencies
-
CWE-937
High
Core dump file
-
CWE-200
High
WordPress plugin Custom Contact Forms critical vulnerability
-
CWE-287
High