Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/
Medium Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Medium Severity Vulnerabilities
Found
8230 vulnerabilities
at
Medium
severity.
Vulnerability Name
CVE
CWE
Severity
Microsoft Access Database File Detected
-
CWE-538
Medium
Apache Proxy HTTP CONNECT method enabled
-
CWE-441
Medium
Apache configured to run as proxy
-
CWE-441
Medium
Apache httpOnly cookie disclosure
CVE-2012-0053
CWE-264
Medium
Apache Server-Info Detected
-
CWE-200
Medium
Apache Server-Status Detected
-
CWE-200
Medium
[Possible] AWStats Detected
-
CWE-538
Medium
HTTP Header Injection
-
CWE-113
Medium
CRLF injection/HTTP response splitting (Web Server)
-
CWE-113
Medium
CVS Detected
-
CWE-527
Medium
Cross frame scripting
-
CWE-79
Medium
Directory listings
-
CWE-538
Medium
Frontpage authors.pwd available
-
CWE-538
Medium
PHPinfo pages
-
CWE-200
Medium
Reverse proxy bypass
CVE-2011-3368
CWE-20
Medium
SQLite Database File Found
-
CWE-538
Medium
Source Code Disclosure
-
CWE-538
Medium
Webalizer script
-
CWE-538
Medium
apc.php page found
-
CWE-538
Medium
HTTP response splitting with cloud storage
-
CWE-113
Medium
Open Redirection
-
CWE-601
Medium
User controllable tag parameter
-
CWE-79
Medium
User-controlled form action
-
CWE-20
Medium
Nginx Redirect Header Injection
-
CWE-93
Medium
ASP.NET diagnostic page
-
CWE-200
Medium
Amazon S3 public bucket
-
CWE-264
Medium
Apache Axis2 information disclosure
-
CWE-200
Medium
Apache JServ protocol service
-
CWE-200
Medium
Apache Tomcat version older than 7.0.32
CVE-2012-4431
CWE-264
Medium
Apache Tomcat sample files
-
CWE-538
Medium
XSS on Apache HTTP Server 413 error pages via malformed HTTP method
CVE-2007-6203
CWE-79
Medium
Arbitrary file existence disclosure in Action Pack
CVE-2014-7829
CWE-200
Medium
ASP.NET cookieless authentication enabled
-
CWE-598
Medium
ASP.NET Cookieless session state enabled
-
CWE-598
Medium
ASP.NET cookies accessible from client-side scripts
-
CWE-1004
Medium
ASP.NET CustomErrors Is Disabled
-
CWE-12
Medium
ASP.NET ASPX debugging enabled
-
CWE-11
Medium
ASP.NET: Failure To Require SSL For Authentication Cookies
-
CWE-319
Medium
ASP.NET login credentials stored in plain text
-
CWE-256
Medium
ASP.NET application-level tracing enabled
-
CWE-215
Medium
ASP.NET ValidateRequest Is Globally Disabled
-
CWE-707
Medium
ViewState MAC Disabled
-
CWE-642
Medium
PHP errors enabled
-
CWE-209
Medium
PHP enable_dl enabled
-
CWE-470
Medium
PHP register_globals enabled
-
CWE-1108
Medium
PHP session.use_trans_sid enabled
-
CWE-598
Medium
Full public read access Azure blob storage
-
CWE-264
Medium
Misconfigured Access-Control-Allow-Origin Header
-
CWE-942
Medium
Apache Cassandra Unauthorized Access Vulnerability
-
CWE-200
Medium
Chrome Logger information disclosure
-
CWE-200
Medium
Core dump checker PHP script
-
CWE-200
Medium
HTTPS connection uses outdated TLS version
-
CWE-310
Medium
HTTPS connection with weak key length
-
CWE-310
Medium
Insecure transition from HTTP to HTTPS in form post
-
CWE-200
Medium
[Possible] Password Transmitted over Query String
-
CWE-200
Medium
Password transmitted over HTTP
-
CWE-523
Medium
[Possible] Database Connection String Detected
-
CWE-200
Medium
Development configuration files
-
CWE-538
Medium
Django Debug Mode Enabled
-
CWE-200
Medium
File tampering
-
CWE-20
Medium
HTML form susceptible to spam
-
CWE-20
Medium
Grails database console
-
CWE-200
Medium
HTTP parameter pollution
-
CWE-88
Medium
HTML Injection
-
CWE-80
Medium
Hadoop cluster web interface
-
CWE-200
Medium
Host header attack
-
CWE-20
Medium
Hostile subdomain takeover
-
CWE-16
Medium
Global.asa backup file found
-
CWE-538
Medium
JBoss status servlet information leak
CVE-2010-1429
CWE-200
Medium
Java Management Extensions (JMX/RMI) service detected
-
CWE-200
Medium
JSF ViewState client side storage
-
CWE-693
Medium
Jenkins dashboard
-
CWE-200
Medium
Memcached Unauthorized Access Vulnerability
-
CWE-200
Medium
MySQL utf8 4-byte truncation
-
CWE-176
Medium
Oracle applications logs publicy available
-
CWE-200
Medium
1
2
3
4
5
6
7
8
9
...
110
Next »
