Configuration

This page lists 401 vulnerabilities in this category.

Critical: 4 High: 128 Medium: 174 Low: 50 Information: 45

Vulnerability Name

CVE

CWE

Severity

SAP Knowledge Management and Collaboration (KMC) incorrect permissions

-

CWE-285

High

Apache Spark Master Unauthorized Access Vulnerability

-

CWE-200

High

Apache REST RCE CVE-2018-11770

CVE-2018-11770

CWE-94

High

Apache Tapestry weak secret key

-

CWE-693

High

Docker Engine API is accessible without authentication

-

CWE-287

High

Web Cache Poisoning via Fat GET Request

-

CWE-44

High

Apache Airflow Experimental API Auth Bypass CVE-2020-13927

CVE-2020-13927

CWE-200

High

Web Cache Poisoning via Host Header

-

CWE-44

High

Web Cache Poisoning via JSONP and UTM_ parameter

-

CWE-44

High

Web Cache Poisoning via POST Request

-

CWE-44

High

GoCD information disclosure (CVE-2021-43287)

CVE-2021-43287

CWE-200

High

Laravel Terminal open

-

CWE-200

High

Oracle E-Business Suite Information Disclosure

-

CWE-200

High

Request Smuggling

-

CWE-444

High

RethinkDB administrative interface publicly exposed

-

CWE-200

High

Web Cache Poisoning via semicolon query separator

-

CWE-44

High

MovableType remote code execution

CVE-2015-1592

CWE-94

High

JWT Signature Bypass via unvalidated jwk parameter

-

CWE-287

High

Magento Cacheleak

-

CWE-200

High

WebLogic admin console weak credentials

-

CWE-693

High

The Heartbleed Bug

CVE-2014-0160

CWE-200

High

HTTP verb tampering via POST

-

CWE-285

High

Method Tampering

-

CWE-285

High

Apache Axis2 administration console weak password

-

CWE-200

High

The DROWN attack (SSLv2 supported)

CVE-2016-0800

CWE-310

High

Devise weak password

-

CWE-200

High

GlassFish admin console weak credentials

-

CWE-693

High

Apache Tomcat version older than 7.0.28

CVE-2012-4534

CWE-20

High

Microsoft IIS WebDAV authentication bypass

CVE-2009-1535

CWE-287

High

Jenkins weak password

-

CWE-200

High

Microsoft IIS5 NTLM and Basic authentication bypass

CVE-2007-2815

CWE-264

High

SAP weak/predictable user credentials

-

CWE-200

High

Weak password

-

CWE-200

High

Core dump file

-

CWE-200

High

WebDAV Directory Has Write Permissions

-

CWE-264

High

Vulnerable project dependencies

-

CWE-937

High

Adobe ColdFusion 9 administrative login bypass

CVE-2013-0632

CWE-287

High

CodeIgniter session decoding vulnerability

-

CWE-327

High

Webmail weak password

-

CWE-200

High

Web application default/weak credentials

-

CWE-200

High

PHP magic_quotes_gpc is disabled

-

CWE-150

High

Joomla! 3.2.1 sql injection

-

CWE-89

High

Apache Roller OGNL injection

CVE-2013-4212

CWE-20

High

Apache Tomcat version older than 6.0.35

CVE-2012-0022

CWE-264

High

IIS extended unicode directory traversal vulnerability

CVE-2000-0884

CWE-22

High

Apache Tomcat version older than 6.0.36

CVE-2012-4534

CWE-20

High

Apache Tomcat version older than 7.0.21

CVE-2011-3190

CWE-264

High

Apache Tomcat version older than 7.0.30

CVE-2012-3546

CWE-20

High

Multiple vulnerabilities in Ioncube loader-wizard.php

-

CWE-552

High

IBM WebSphere administration console weak password

-

CWE-200

High

Apache Tomcat version older than 7.0.23

CVE-2012-0022

CWE-189

High

Joomla 1.5 end of life

-

CWE-1104

High

Code Execution via WebDav

-

CWE-434

High

Java Debug Wire Protocol remote code execution

-

CWE-94

High

JIRA Security Advisory 2013-02-21

-

CWE-22

High

JAAS authentication bypass

-

CWE-693

High

Jetpack 2.9.3: Critical Security Update

CVE-2014-0173

CWE-287

High

Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed

-

CWE-16

Medium

Web Cache Poisoning DoS through HTTP/2 headers

-

CWE-400

Medium

Apache ZooKeeper Unauthorized Access Vulnerability

-

CWE-200

Medium

Yii debug mode enabled

-

CWE-16

Medium

WordPress allows editing theme/plugin files

-

CWE-16

Medium

WordPress configuration file weak file permissions

-

CWE-16

Medium

Tornado weak secret key

-

CWE-693

Medium

HTTP header reflected in cached response

-

CWE-16

Medium

Atlassian JIRA Servicedesk misconfiguration

-

CWE-287

Medium

Cookie signed with weak secret key

-

CWE-693

Medium

Spring Boot Misconfiguration: Overly long session timeout

-

CWE-16

Medium

Spring Boot Misconfiguration: H2 console enabled

-

CWE-16

Medium

Gitlab open user registration

-

CWE-200

Medium

Overly long session timeout in servlet configuration

-

CWE-16

Medium

ASP.NET diagnostic page

-

CWE-200

Medium

Jenkins open user registration

-

CWE-200

Medium

Custom Error Pages Are Not Configured in WEB-INF/web.xml

-

CWE-16

Medium

Apache Kafka Unauthorized Access Vulnerability

-

CWE-200

Medium

«
1
2
3
4
...
6
»