High Severity Vulnerabilities

Found 12791 vulnerabilities at High severity.

Vulnerability Name

CVE

CWE

Severity

vBulletin customer number disclosure

CVE-2013-6129

CWE-264

High

CodeIgniter weak encryption key

-

CWE-200

High

Ruby on Rails weak/known secret token

CVE-2013-0156

CWE-200

High

webadmin.php script

-

CWE-552

High

WordPress W3 Total Cache plugin predictable cache filenames

CVE-2012-6079

CWE-200

High

WordPress caching plugins PHP code execution

CVE-2013-2010

CWE-95

High

Apache Geronimo default administrative credentials

-

CWE-693

High

Apache Tomcat insecure default administrative password

CVE-2009-3548

CWE-284

High

Bazaar repository found

-

CWE-538

High

ColdFusion 8 FCKEditor file upload vulnerability

CVE-2009-2265

CWE-22

High

Unrestricted File Upload

-

CWE-434

High

Cross-site Scripting via File Upload

-

CWE-79

High

GIT Detected exposed

-

CWE-527

High

JBoss BSHDeployer MBean

-

CWE-200

High

JBoss HttpAdaptor JMXInvokerServlet

-

CWE-94

High

JBoss JMX management console

-

CWE-200

High

JBoss ServerInfo MBean

CVE-2010-0738

CWE-200

High

JBoss Server MBean

-

CWE-200

High

JBoss JMX Console Unrestricted Access

-

CWE-200

High

JBoss Web Console JMX Invoker

-

CWE-200

High

Mercurial repository found

-

CWE-538

High

RSA Private Key Detected

-

CWE-200

High

SVN Detected

-

CWE-538

High

TinyMCE ajax_create_folder remote code execution vulnerability

-

CWE-94

High

Unprotected phpMyAdmin interface

-

CWE-205

High

Uploadify arbitrary file upload

-

CWE-434

High

phpThumb() fltr[] parameter command injection vulnerability

CVE-2010-1598

CWE-20

High

Apache solr service exposed

-

CWE-200

High

ColdFusion 9 solr service exposed

CVE-2010-0185

CWE-264

High

VMware directory traversal and privilege escalation vulnerabilities

CVE-2009-3733

CWE-22

High

Padding oracle attack

-

CWE-209

High

OpenX arbitrary file upload

CVE-2009-4140

CWE-434

High

XML entity injection

-

CWE-611

High

XML external entity injection and XML injection

-

CWE-611

High

XML external entity injection

-

CWE-611

High

XML External Entity Injection via external file

-

CWE-611

High

XML external entity injection via File Upload

-

CWE-611

High

XML external entity injection (variant)

-

CWE-611

High

Elmah.axd / Errorlog.axd Detected

-

CWE-209

High

Nginx PHP code execution via FastCGI

-

CWE-94

High

Insecure Transportation Security Protocol Supported (TLS 1.0)

-

CWE-326

High

Remote File Inclusion (admin/lang.php) (CMS Made Simple)

CVE-2005-2846

-

High

SQL Injection (stylesheet.php) (CMS Made Simple)

CVE-2007-2473

CWE-89

High

Web Server Cache Poisoning (CMS Made Simple) v2.x

CVE-2016-2784

CWE-20

High

Directory Traversal (lib/translation.functions.php) (CMS Made Simple) v1.6.x

CVE-2010-2797

CWE-22

High

Directory Traversal (lib/translation.functions.php) (CMS Made Simple) v1.8.x

CVE-2010-2797

CWE-22

High

Microsoft IIS 6.0 WebDAV Buffer Overflow

CVE-2017-7269

CWE-287

High

Apache Struts2 Remote Command Execution (S2-048)

CVE-2017-9791

CWE-94

High

Apache Struts2 Remote Command Execution (S2-052)

CVE-2017-9805

CWE-94

High

Atlassian Confluence information disclosure

CVE-2017-7415

-

High

Joomla! Core Security Bypass

CVE-2017-11364

CWE-264

High

Tiki Wiki CMS: Arbitrary File Download

-

-

High

Tiki Wiki CMS: Remote Code Execution via Calendar Module

-

-

High

Tiki Wiki CMS: Arbitrary Code Execution

-

-

High

Amazon S3 publicly writable bucket

-

CWE-264

High

Apache Shiro Deserialization RCE

CVE-2016-4437

CWE-78

High

Apache Tomcat Information Disclosure CVE-2017-7674

CVE-2017-12616

CWE-200

High

Atlassian Jira insecure REST permissions

-

-

High

Atlassian OAuth Plugin IconUriServlet SSRF

CVE-2017-9506

CWE-918

High

Auxiliary systems SSRF

-

CWE-918

High

Flex BlazeDS AMF Deserialization RCE

CVE-2017-5641

CWE-502

High

Cisco Adaptive Security Appliance (ASA) Path Traversal (CVE-2018-0296)

CVE-2018-0296

CWE-22

High

ColdFusion AMF Deserialization RCE

CVE-2017-3066

CWE-502

High

ColdFusion Arbitrary File Upload

CVE-2018-15961

CWE-434

High

ColdFusion JNDI injection RCE

CVE-2018-15957

CWE-502

High

Drupal Backup Migrate directory publicly accessible

-

CWE-538

High

Drupal Remote Code Execution (SA-CORE-2018-002)

CVE-2018-7600

CWE-94

High

Drupal Remote Code Execution (SA-CORE-2018-004)

CVE-2018-7602

CWE-94

High

JBoss InvokerTransformer Remote Code Execution

CVE-2015-7501

CWE-502

High

Jboss Application Server HTTPServerILServlet.java remote code execution

CVE-2017-7504

CWE-502

High

JavaMelody XML External Entity (XXE) vulnerability

CVE-2018-15531

CWE-611

High

Deserialization of Untrusted Data (Java JSON Deserialization) Fastjson

-

CWE-502

High

Deserialization of Untrusted Data (Java JSON Deserialization) Genson

-

CWE-502

High

Deserialization of Untrusted Data (Java JSON Deserialization) Jackson

CVE-2017-7525

CWE-502

High

Deserialization of Untrusted Data (Java JSON Deserialization) JsonIO

-

CWE-502

High