Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ Configuration
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Configuration
This page lists
401 vulnerabilities
in this category.
Critical: 4
High: 128
Medium: 174
Low: 50
Information: 45
Vulnerability Name
CVE
CWE
Severity
SAP Knowledge Management and Collaboration (KMC) incorrect permissions
-
CWE-285
High
Apache Spark Master Unauthorized Access Vulnerability
-
CWE-200
High
Apache REST RCE CVE-2018-11770
CVE-2018-11770
CWE-94
High
Apache Tapestry weak secret key
-
CWE-693
High
Docker Engine API is accessible without authentication
-
CWE-287
High
Web Cache Poisoning via Fat GET Request
-
CWE-44
High
Apache Airflow Experimental API Auth Bypass CVE-2020-13927
CVE-2020-13927
CWE-200
High
Web Cache Poisoning via Host Header
-
CWE-44
High
Web Cache Poisoning via JSONP and UTM_ parameter
-
CWE-44
High
Web Cache Poisoning via POST Request
-
CWE-44
High
GoCD information disclosure (CVE-2021-43287)
CVE-2021-43287
CWE-200
High
Laravel Terminal open
-
CWE-200
High
Oracle E-Business Suite Information Disclosure
-
CWE-200
High
Request Smuggling
-
CWE-444
High
RethinkDB administrative interface publicly exposed
-
CWE-200
High
Web Cache Poisoning via semicolon query separator
-
CWE-44
High
MovableType remote code execution
CVE-2015-1592
CWE-94
High
JWT Signature Bypass via unvalidated jwk parameter
-
CWE-287
High
Magento Cacheleak
-
CWE-200
High
WebLogic admin console weak credentials
-
CWE-693
High
The Heartbleed Bug
CVE-2014-0160
CWE-200
High
HTTP verb tampering via POST
-
CWE-285
High
Method Tampering
-
CWE-285
High
Apache Axis2 administration console weak password
-
CWE-200
High
The DROWN attack (SSLv2 supported)
CVE-2016-0800
CWE-310
High
Devise weak password
-
CWE-200
High
GlassFish admin console weak credentials
-
CWE-693
High
Apache Tomcat version older than 7.0.28
CVE-2012-4534
CWE-20
High
Microsoft IIS WebDAV authentication bypass
CVE-2009-1535
CWE-287
High
Jenkins weak password
-
CWE-200
High
Microsoft IIS5 NTLM and Basic authentication bypass
CVE-2007-2815
CWE-264
High
SAP weak/predictable user credentials
-
CWE-200
High
Weak password
-
CWE-200
High
Core dump file
-
CWE-200
High
WebDAV Directory Has Write Permissions
-
CWE-264
High
Vulnerable project dependencies
-
CWE-937
High
Adobe ColdFusion 9 administrative login bypass
CVE-2013-0632
CWE-287
High
CodeIgniter session decoding vulnerability
-
CWE-327
High
Webmail weak password
-
CWE-200
High
Web application default/weak credentials
-
CWE-200
High
PHP magic_quotes_gpc is disabled
-
CWE-150
High
Joomla! 3.2.1 sql injection
-
CWE-89
High
Apache Roller OGNL injection
CVE-2013-4212
CWE-20
High
Apache Tomcat version older than 6.0.35
CVE-2012-0022
CWE-264
High
IIS extended unicode directory traversal vulnerability
CVE-2000-0884
CWE-22
High
Apache Tomcat version older than 6.0.36
CVE-2012-4534
CWE-20
High
Apache Tomcat version older than 7.0.21
CVE-2011-3190
CWE-264
High
Apache Tomcat version older than 7.0.30
CVE-2012-3546
CWE-20
High
Multiple vulnerabilities in Ioncube loader-wizard.php
-
CWE-552
High
IBM WebSphere administration console weak password
-
CWE-200
High
Apache Tomcat version older than 7.0.23
CVE-2012-0022
CWE-189
High
Joomla 1.5 end of life
-
CWE-1104
High
Code Execution via WebDav
-
CWE-434
High
Java Debug Wire Protocol remote code execution
-
CWE-94
High
JIRA Security Advisory 2013-02-21
-
CWE-22
High
JAAS authentication bypass
-
CWE-693
High
Jetpack 2.9.3: Critical Security Update
CVE-2014-0173
CWE-287
High
Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed
-
CWE-16
Medium
Web Cache Poisoning DoS through HTTP/2 headers
-
CWE-400
Medium
Apache ZooKeeper Unauthorized Access Vulnerability
-
CWE-200
Medium
Yii debug mode enabled
-
CWE-16
Medium
WordPress allows editing theme/plugin files
-
CWE-16
Medium
WordPress configuration file weak file permissions
-
CWE-16
Medium
Tornado weak secret key
-
CWE-693
Medium
HTTP header reflected in cached response
-
CWE-16
Medium
Atlassian JIRA Servicedesk misconfiguration
-
CWE-287
Medium
Cookie signed with weak secret key
-
CWE-693
Medium
Spring Boot Misconfiguration: Overly long session timeout
-
CWE-16
Medium
Spring Boot Misconfiguration: H2 console enabled
-
CWE-16
Medium
Gitlab open user registration
-
CWE-200
Medium
Overly long session timeout in servlet configuration
-
CWE-16
Medium
ASP.NET diagnostic page
-
CWE-200
Medium
Jenkins open user registration
-
CWE-200
Medium
Custom Error Pages Are Not Configured in WEB-INF/web.xml
-
CWE-16
Medium
Apache Kafka Unauthorized Access Vulnerability
-
CWE-200
Medium
«
1
2
3
4
...
6
»
