Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ High Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
High Severity Vulnerabilities
Found
12791 vulnerabilities
at
High
severity.
Vulnerability Name
CVE
CWE
Severity
Possible database backup
-
CWE-538
High
DotNetNuke multiple vulnerabilities
CVE-2012-1030
CWE-79
High
The DROWN attack (SSLv2 supported)
CVE-2016-0800
CWE-310
High
Ektron CMS Account Hijack
-
CWE-264
High
EktronCMS Saxon XSLT parser remote code execution
CVE-2015-0931
CWE-78
High
Email Header Injection
-
CWE-20
High
Email injection
-
CWE-20
High
FCKeditor spellchecker.php cross site scripting vulnerability
CVE-2012-4000
CWE-79
High
Arbitrary local file read via file upload
-
CWE-200
High
Flask debug mode
-
CWE-489
High
The GHOST Vulnerability
CVE-2015-0235
CWE-119
High
Cross-site scripting vulnerability in Google Web Toolkit
CVE-2012-4563
CWE-80
High
Cross-site scripting vulnerability in Google Web Toolkit (CVE-2012-5920)
CVE-2012-5920
CWE-80
High
Multiple XSS vulnerabilities in Google Web Toolkit
CVE-2013-4204
CWE-80
High
Genericons DOM-based XSS vulnerability
-
CWE-80
High
Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability
CVE-2011-0807
CWE-287
High
Method Tampering
-
CWE-285
High
HTTP verb tampering via POST
-
CWE-285
High
The Heartbleed Bug
CVE-2014-0160
CWE-200
High
Horde remote code execution
CVE-2014-1691
CWE-94
High
IBM Web Content Manager XPath injection
CVE-2013-6735
CWE-264
High
ImageMagick remote code execution
CVE-2016-3714
CWE-78
High
Multiple vulnerabilities in Ioncube loader-wizard.php
-
CWE-552
High
JAAS authentication bypass
-
CWE-693
High
JBoss Seam framework remote code execution
CVE-2010-1871
CWE-94
High
JBoss Seam remoting vulnerabilities
CVE-2013-6448
CWE-611
High
HipChat for JIRA plugin - Velocity template injection
CVE-2015-5603
CWE-94
High
JIRA Security Advisory 2012-08-28
-
CWE-79
High
JIRA Security Advisory 2013-02-21
-
CWE-22
High
JIRA Security Advisory 2014-02-26
-
CWE-22
High
JSP authentication bypass
-
CWE-287
High
Java Debug Wire Protocol remote code execution
-
CWE-94
High
JetLeak vulnerability
CVE-2015-2080
CWE-200
High
Jetpack 2.9.3: Critical Security Update
CVE-2014-0173
CWE-287
High
Joomla 1.5 end of life
-
CWE-1104
High
Joomla! core remote file inclusion
CVE-2014-7228.xml
CWE-98
High
Joomla! remote code execution vulnerability
CVE-2015-8562
CWE-94
High
Joomla! JCE arbitrary file upload
-
CWE-20
High
Joomla! JomSocial remote code execution
-
CWE-94
High
Joomla! component Kunena Forum multiple vulnerabilities
CVE-2014-9103
CWE-89
High
Joomla! 3.2.1 sql injection
-
CWE-89
High
Joomla! v3.2.2 SQL injection
-
CWE-89
High
Joomla! SQL injection vulnerability
CVE-2015-7858
CWE-89
High
Long password denial of service
-
CWE-400
High
HTTP.sys remote code execution vulnerability
CVE-2015-1635
CWE-119
High
Security vulnerability in MySQL/MariaDB sql/password.c
CVE-2012-2122
CWE-287
High
Magento Cacheleak
-
CWE-200
High
Magento remote code execution
CVE-2015-1399
CWE-94
High
MantisBT multiple security issues
CVE-2015-1042
CWE-200
High
MediaWiki remote code execution
CVE-2014-1610
CWE-20
High
MediaWiki SVG cross-site scripting vulnerability
-
CWE-79
High
MediaWiki chunked uploads security issue
CVE-2013-2114
CWE-434
High
Minify arbitrary file disclosure
CVE-2013-6619
CWE-538
High
Misfortune Cookie vulnerability
CVE-2014-9222
CWE-119
High
MongoDB injection
-
CWE-943
High
Moveable Type 4.x unauthenticated remote command execution
CVE-2013-0209
CWE-287
High
MovableType remote code execution
CVE-2015-1592
CWE-94
High
MySQL connection credentials
-
CWE-538
High
Nagios core config manager SQL injection vulnerability
CVE-2013-6875
CWE-89
High
Server-side JavaScript injection
-
CWE-20
High
OpenX xajaxargs SQL injection vulnerability
-
CWE-89
High
Oracle JavaServer Faces multiple vulnerabilities
CVE-2013-3827
CWE-22
High
Oracle Reports rwservlet vulnerabilities
CVE-2012-3153
CWE-20
High
PHP-CGI remote code execution
CVE-2012-2311
CWE-20
High
Multiple vulnerabilities reported in Parallels Plesk Sitebuilder
-
CWE-94
High
Path Traversal in Oracle GlassFish server open source edition
-
CWE-22
High
Parallels Plesk SQL injection vulnerability
CVE-2012-1557
CWE-89
High
Parallels Plesk SSO XML External Entity and Cross-site scripting
-
CWE-611
High
PrimeFaces 5.x Expression Language injection
CVE-2017-1000486
-
High
Railo administration panel cross-site scripting
-
CWE-80
High
Rails Devise authentication password reset
CVE-2013-0233
CWE-287
High
Rails mass assignment
-
CWE-915
High
Ruby on Rails SQL injection
CVE-2012-2695
CWE-89
High
RoR Database Configuration File Detected
-
CWE-538
High
Rails remote code execution using render :inline
CVE-2016-2098
CWE-94
High
« Previous
1
2
3
4
5
6
7
8
9
...
171
Next »
