Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ High Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
High Severity Vulnerabilities
Found
12791 vulnerabilities
at
High
severity.
Vulnerability Name
CVE
CWE
Severity
Http redirect security bypass
-
CWE-20
High
Ruby on Rails directory traversal vulnerability
CVE-2014-0130
CWE-22
High
[Possible] Sublime SFTP Config File Detected
-
CWE-200
High
Insecure Transportation Security Protocol Supported (SSLv2)
-
CWE-326
High
Insecure Transportation Security Protocol Supported (SSLv3)
-
CWE-326
High
Session fixation
-
CWE-384
High
Microsoft SharePoint XSS spoofing vulnerability
CVE-2015-2522
CWE-80
High
Reachable SharePoint interface
-
CWE-200
High
SharePoint user enumeration
-
CWE-200
High
Apache Struts 2 ClassLoader manipulation and denial of service (S2-020)
CVE-2014-0050
CWE-701
High
Apache Struts 2 ClassLoader manipulation and denial of service
CVE-2014-0114
CWE-701
High
Multiple critical vulnerabilities in Apache Struts2
CVE-2012-0393
CWE-264
High
Struts2/XWork remote command execution (S2-014)
CVE-2013-2115
CWE-94
High
Struts 2 development mode
-
CWE-489
High
TCPDF arbitrary file read
-
CWE-98
High
timthumb.php remote code execution
CVE-2011-4106
CWE-20
High
TimThumb WebShot remote code execution
-
CWE-94
High
Apache Tomcat JK connector security bypass
CVE-2007-1860
CWE-200
High
ToolsPack malware plugin
-
CWE-95
High
Umbraco CMS local file inclusion
-
CWE-98
High
Umbraco CMS TemplateService remote code execution
CVE-2013-4793
CWE-94
High
Umbraco CMS remote code execution
-
CWE-94
High
Uncontrolled format string
-
CWE-134
High
VirtueMart access control bypass
-
CWE-287
High
WEBrick v.1.3 directory traversal
CVE-2008-1145
CWE-22
High
WordPress plugin WPtouch insecure nonce generation
-
CWE-287
High
WebLogic Server Side Request Forgery
CVE-2014-4242
CWE-918
High
IBM WebSphere/WebLogic application source file exposure
-
CWE-200
High
WooFramework shortcode exploit
-
CWE-95
High
WordPress debug mode
-
CWE-200
High
WordPress plugin Slider Revolution arbitrary file disclosure
-
CWE-200
High
WordPress OptimizePress unrestricted file upload
CVE-2013-7102
CWE-20
High
WordPress MailPoet Newsletters (wysija-newsletters) unauthenticated file upload
-
CWE-434
High
X-Forwarded-For HTTP header security bypass
-
CWE-287
High
XML quadratic blowup denial of service attack
-
CWE-400
High
XSLT injection
-
CWE-91
High
Zabbix 2.0.8 SQL injection
CVE-2013-5743
CWE-89
High
Zend framework configuration file information disclosure
-
CWE-538
High
Zend Framework local file disclosure via XXE injection
CVE-2015-5161
CWE-611
High
CKEditor 4.0.1 cross-site scripting vulnerability
-
CWE-79
High
Drupal core 7.x SQL injection vulnerability
CVE-2014-3704
CWE-89
High
Drupal 7 arbitrary PHP code execution and information disclosure
CVE-2012-4554
CWE-264
High
Ektron CMS400.NET ContentRatingGraph.aspx SQL injection
CVE-2008-5122
CWE-89
High
Ektron CMS multiple vulnerabilities
-
CWE-434
High
Ektron CMS unauthenticated code execution and Local File Read
CVE-2012-5358
CWE-20
High
Elasticsearch service accessible
-
CWE-200
High
Elasticsearch remote code execution
CVE-2014-3120
CWE-78
High
Ext JS arbitrary file read
-
CWE-22
High
Gallery 3.0.4 remote code execution
-
CWE-20
High
Horde/IMP Plesk webmail exploit
-
CWE-20
High
Invision Power Board version 3.3.4 unserialize PHP code execution
CVE-2012-5692
CWE-20
High
Joomla! 1.6/1.7/2.5 privilege escalation vulnerability
CVE-2012-1563
CWE-264
High
Joomla! 1.6.0 SQL injection vulnerability
CVE-2011-1151
CWE-89
High
Joomla! 1.7/2.5 SQL injection vulnerability
CVE-2012-1116
CWE-89
High
Kayako Fusion v4.51.1891 - multiple web vulnerabilities
-
CWE-79
High
Liferay JSON service API authentication vulnerability
-
CWE-287
High
lighttpd v1.4.34 SQL injection and path traversal
CVE-2014-2324
CWE-89
High
IBM Lotus Domino web server Cross-Site Scripting vulnerabilities
CVE-2012-3302
CWE-79
High
MediaWiki multiple remote vulnerabilities
CVE-2012-4378
CWE-79
High
MoinMoin CVE-2012-6081 multiple arbitrary code execution vulnerabilities
CVE-2012-6081
CWE-434
High
Vulnerabilities in SharePoint could allow elevation of privilege
CVE-2012-1859
CWE-79
High
Nginx memory disclosure with specially crafted HTTP backend responses
CVE-2012-1180
CWE-399
High
Unrestricted file upload vulnerability in ofc_upload_image.php
CVE-2009-4140
CWE-434
High
OpenX 2.8.10 backdoor
CVE-2013-4211
CWE-95
High
phpLiteAdmin default password
-
CWE-200
High
phpMoAdmin remote code execution
-
CWE-95
High
phpMyAdmin v3.5.2.2 backdoor
CVE-2012-5159
CWE-95
High
Roundcube security updates 0.8.6 and 0.7.3
CVE-2013-1904
CWE-22
High
SQL Injection in Symphony
CVE-2013-2559
CWE-89
High
Typo3 core sanitizeLocalUrl() non-persistent cross-site scripting
CVE-2015-5956
CWE-79
High
vBulletin 5.1.2 SQL injection
CVE-2014-5102
CWE-89
High
vBulletin 5 CONNECT remote code execution
-
CWE-94
High
vBulletin PHP object injection vulnerability
-
CWE-915
High
vBSEO 3.6.0 PHP code injection
CVE-2012-5223
CWE-94
High
vBulletin 4 (up to 4.1.2) search.php SQL injection
-
CWE-89
High
« Previous
1
2
3
4
5
6
7
8
9
...
171
Next »
