Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ Medium Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Medium Severity Vulnerabilities
Found
8230 vulnerabilities
at
Medium
severity.
Vulnerability Name
CVE
CWE
Severity
Pyramid debug mode
-
CWE-489
Medium
Rails application running in development mode
-
CWE-200
Medium
Rails controller possible sensitive information disclosure
-
CWE-200
Medium
Redis Unauthorized Access Vulnerability
-
CWE-200
Medium
TLS/SSL certificate key size too small
-
CWE-310
Medium
SSL Certificate Is About To Expire
-
CWE-298
Medium
Invalid SSL Certificate
-
CWE-298
Medium
The FREAK attack
CVE-2015-0204
CWE-310
Medium
TLS/SSL LOGJAM attack
CVE-2015-4000
CWE-310
Medium
TLS/SSL Weak Cipher Suites
-
CWE-310
Medium
Same origin method execution (SOME)
-
CWE-20
Medium
Same site scripting
-
CWE-16
Medium
SharePoint exposed web services
-
CWE-200
Medium
Spring Boot Actuator
-
CWE-489
Medium
Spring Boot Actuator v2
-
CWE-489
Medium
Symfony web debug toolbar
-
CWE-489
Medium
Tornado debug mode
-
CWE-489
Medium
Unicode Transformation (Best-Fit Mapping)
-
CWE-176
Medium
User controllable charset
-
CWE-20
Medium
Vulnerable JavaScript libraries
-
CWE-937
Medium
W3 total cache debug mode
-
CWE-489
Medium
WebDAV directory listing
-
CWE-538
Medium
WordPress username enumeration
-
CWE-200
Medium
WordPress XML-RPC authentication brute force
-
CWE-521
Medium
WordPress pingback scanner
CVE-2013-0235
CWE-918
Medium
Apache Tomcat examples directory vulnerabilities
-
CWE-264
Medium
CRIME SSL/TLS attack
CVE-2012-4929
CWE-310
Medium
Drupal Views module information disclosure vulnerability
-
CWE-200
Medium
Java object deserialization of user-supplied data
-
CWE-20
Medium
MongoDB HTTP status interface
-
CWE-200
Medium
Password found in server response
-
CWE-312
Medium
PHP object deserialization of user-supplied data
-
CWE-20
Medium
PHP register_globals Is Enabled
-
CWE-1108
Medium
PHP session.use_only_cookies Is Disabled
-
CWE-598
Medium
Python object deserialization of user-supplied data
-
CWE-20
Medium
Virtual host directory listing
-
CWE-538
Medium
FCKeditor arbitrary file upload
CVE-2009-2265
CWE-22
Medium
JetBrains .idea project directory
-
CWE-538
Medium
PHP curl_exec() url is controlled by user
CVE-2009-0037
CWE-352
Medium
PHP eval() used on user input
-
CWE-95
Medium
PHP preg_replace used on user input
-
CWE-20
Medium
PHP super-globals-overwrite
-
CWE-1108
Medium
PHP unserialize() used on user input
-
CWE-20
Medium
Sensitive Data Exposure
-
CWE-200
Medium
WordPress database credentials disclosure
-
CWE-538
Medium
Unprotected JSON file leaking secrets
-
CWE-200
Medium
Apache Tomcat WAR file directory traversal vulnerability
CVE-2009-2901
CWE-22
Medium
Apache perl-status enabled
-
CWE-200
Medium
The POODLE attack (SSLv3 with CBC cipher suites)
CVE-2014-3566
CWE-326
Medium
[Possible] Backup Folder
-
CWE-538
Medium
Local File Inclusion (CMS Made Simple)
-
CWE-94
Medium
Cross-Site Request Forgery (CSRF) (CMS Made Simple)
CVE-2016-7904
CWE-352
Medium
Cross Site Scripting (Category Description) (CMS Made Simple)
CVE-2017-6555
CWE-79
Medium
Cross Site Scripting (globalmetadata) (CMS Made Simple)
CVE-2017-6556
CWE-79
Medium
Atlassian Confluence Access Restriction Bypass
CVE-2017-9505
-
Medium
Atlassian Confluence Stored Cross Site Scripting
CVE-2016-6283
-
Medium
ColdFusion Request Debugging information disclosure
-
CWE-200
Medium
ColdFusion Robust Exception enabled
-
CWE-200
Medium
JavaMelody publicly accessible
-
CWE-200
Medium
Laravel log file publicly accessible
-
CWE-538
Medium
Liferay XMLRPC Blind SSRF
-
CWE-918
Medium
Liferay version older than 7.1
-
CWE-918
Medium
PHP-FPM Status Page
-
CWE-200
Medium
JSONP enabled by default in MappingJackson2JsonView
CVE-2018-11040
CWE-538
Medium
Test CGI script leaking environment variables
-
-
Medium
URL rewrite vulnerability
CVE-2018-14773
CWE-436
Medium
Yii2 debug toolkit
-
CWE-200
Medium
Yii2 Gii extension
-
CWE-200
Medium
Apache mod_jk access control bypass
CVE-2018-11759
CWE-918
Medium
Firebase database accessible without authentication
-
CWE-200
Medium
Httpoxy vulnerability
-
CWE-16
Medium
nginx range filter integer overflow
CVE-2017-7529
CWE-200
Medium
Source Code Disclosure (Node.js)
-
CWE-540
Medium
npm log file publicly accessible (npm-debug.log)
-
CWE-200
Medium
PHP-CS-Fixer cache file publicly accessible (.php_cs.cache)
-
CWE-200
Medium
« Previous
1
2
3
4
5
6
7
8
9
...
110
Next »
