Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ Configuration
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Configuration
This page lists
401 vulnerabilities
in this category.
Critical: 4
High: 128
Medium: 174
Low: 50
Information: 45
Vulnerability Name
CVE
CWE
Severity
Adobe Experience Manager Information Disclosure via Apache Sling v2.3.6 vulnerability
CVE-2016-0956
CWE-668
Medium
Spring Boot Misconfiguration: Admin MBean enabled
-
CWE-16
Medium
Laravel Horizon open
-
CWE-200
Medium
ASP.NET Core Development Mode enabled
-
CWE-200
Medium
HTTP Strict Transport Security (HSTS) Policy Not Enabled
-
CWE-16
Medium
Active Mixed Content over HTTPS
-
CWE-284
Medium
Yii2 weak secret key
-
CWE-693
Medium
Laravel debug mode enabled
-
CWE-200
Medium
Laravel Health Monitor open
-
CWE-200
Medium
Laravel LogViewer open
-
CWE-200
Medium
Yii running in dev mode
-
CWE-16
Medium
TLS/SSL Sweet32 attack
CVE-2016-6329
CWE-310
Medium
Web Cache Poisoning DoS
-
CWE-400
Medium
Web2py weak secret key
-
CWE-693
Medium
Web Cache Poisoning DoS (for javascript)
-
CWE-400
Medium
Spring Boot Misconfiguration: Actuator endpoint security disabled
-
CWE-16
Medium
Symfony running in dev mode
-
CWE-16
Medium
Apache JServ protocol service
-
CWE-200
Medium
Unsafe value for session tracking in WEB-INF/web.xml
-
CWE-16
Medium
ASP.NET Deny missing from authorization rule on location
-
CWE-16
Medium
Axis system configuration listing enabled in WEB-INF/server-config.wsdd
-
CWE-16
Medium
Node.js Web Application does not handle uncaughtException
-
CWE-248
Medium
Drupal configuration file weak file permissions
-
CWE-16
Medium
ASP.NET WCF metadata enabled for behavior
-
CWE-16
Medium
ASP.NET WCF replay attacks are not detected
-
CWE-16
Medium
CodeIgniter development mode enabled
-
CWE-16
Medium
ASP.NET viewstate encryption disabled
-
CWE-16
Medium
Verb tampering via misconfigured security constraint
-
CWE-16
Medium
Express Development Mode enabled
-
CWE-200
Medium
Node.js Web Application does not handle unhandledRejection
-
CWE-248
Medium
InfluxDB Unauthorized Access Vulnerability
-
CWE-200
Medium
Unprotected Apache NiFi API interface
-
CWE-287
Medium
Unprotected Kong Gateway Admin API interface
-
CWE-287
Medium
ASP.NET expired session IDs are not regenerated
-
CWE-16
Medium
Webalizer script
-
CWE-538
Medium
Unauthorized Access to a web app installer
-
CWE-200
Medium
ASP.NET event validation disabled
-
CWE-16
Medium
ASP.NET forms authentication using inadequate protection
-
CWE-16
Medium
ASP.NET header checking is disabled in web.config
-
CWE-16
Medium
ASP.NET WCF service include exception details
-
CWE-16
Medium
Joomla J!Dump extension enabled
-
CWE-200
Medium
Oracle E-Business Suite Frame Injection (CVE-2017-3528)
CVE-2017-3528
CWE-601
Medium
Pyramid DebugToolbar enabled
-
CWE-200
Medium
ASP.NET potential HTTP Verb Tampering
-
CWE-16
Medium
Laravel debug mode enabled (Invicti IAST)
-
CWE-16
Medium
Drupal trusted_host_patterns setting not configured
-
CWE-16
Medium
WebPageTest Unauthorized Access Vulnerability
-
CWE-200
Medium
Axis development mode enabled in WEB-INF/server-config.wsdd
-
CWE-16
Medium
Phpfastcache phpinfo publicly accessible (CVE-2021-37704)
CVE-2021-37704
CWE-200
Medium
Spring Boot Misconfiguration: Unsafe value for session tracking
-
CWE-16
Medium
Go web application binary disclosure
-
CWE-540
Medium
Joomla Debug Console enabled
-
CWE-200
Medium
Spring Boot Misconfiguration: Datasource credentials stored in the properties file
-
CWE-16
Medium
Oracle E-Business Suite iStore open user registration
CVE-2022-21500
CWE-200
Medium
Magento Config File Disclosure
-
CWE-200
Medium
Spring Boot Misconfiguration: MongoDB credentials stored in the properties file
-
CWE-16
Medium
Django Debug Toolbar
-
CWE-200
Medium
Struts 2 Config Browser plugin enabled
-
CWE-16
Medium
Jetty ConcatServlet Information Disclosure (CVE-2021-28169)
CVE-2021-28169
CWE-200
Medium
Jetty Information Disclosure (CVE-2021-34429)
CVE-2021-28164
CWE-200
Medium
Symfony debug mode enabled (Invicti IAST)
-
CWE-16
Medium
ASP.NET Cookieless session state enabled
-
CWE-598
Medium
Apache Spark Web UI Unauthorized Access Vulnerability
-
CWE-200
Medium
PHP session.use_only_cookies Is Disabled
-
CWE-598
Medium
Apache Server-Status Detected
-
CWE-200
Medium
Craft CMS Development Mode enabled
-
CWE-200
Medium
Unrestricted access to MLflow
-
CWE-200
Medium
Apache Tomcat examples directory vulnerabilities
-
CWE-264
Medium
CRIME SSL/TLS attack
CVE-2012-4929
CWE-310
Medium
[Possible] AWStats Detected
-
CWE-538
Medium
Unrestricted access to AnythingLLM API
CVE-2024-6842
CWE-200
Medium
Next.js image Blind SSRF
-
CWE-918
Medium
PHP register_globals Is Enabled
-
CWE-1108
Medium
Hostile subdomain takeover
-
CWE-16
Medium
Apache Server-Info Detected
-
CWE-200
Medium
«
1
2
3
4
...
6
»
