Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ Configuration
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Configuration
This page lists
401 vulnerabilities
in this category.
Critical: 4
High: 128
Medium: 174
Low: 50
Information: 45
Vulnerability Name
CVE
CWE
Severity
Hadoop cluster web interface
-
CWE-200
Medium
Grails database console
-
CWE-200
Medium
Lucee Stacktrace Information Disclosure
-
CWE-200
Medium
Directory listings
-
CWE-538
Medium
[Possible] Password Transmitted over Query String
-
CWE-200
Medium
RoR Development Mode enabled
-
CWE-200
Medium
Node.js Running in Development Mode
-
CWE-215
Medium
SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability
-
CWE-200
Medium
Apache perl-status enabled
-
CWE-200
Medium
WebDAV directory listing
-
CWE-538
Medium
W3 total cache debug mode
-
CWE-489
Medium
GraphQL Unauthenticated Mutation Detected
-
CWE-306
Medium
Invalid SSL Certificate
-
CWE-298
Medium
Memcached Unauthorized Access Vulnerability
-
CWE-200
Medium
Apache configured to run as proxy
-
CWE-441
Medium
MySQL utf8 4-byte truncation
-
CWE-176
Medium
Oracle applications logs publicy available
-
CWE-200
Medium
Pyramid debug mode
-
CWE-489
Medium
Rails application running in development mode
-
CWE-200
Medium
Redis Unauthorized Access Vulnerability
-
CWE-200
Medium
TLS/SSL certificate key size too small
-
CWE-310
Medium
SSL Certificate Is About To Expire
-
CWE-298
Medium
The FREAK attack
CVE-2015-0204
CWE-310
Medium
Unicode Transformation (Best-Fit Mapping)
-
CWE-176
Medium
TLS/SSL LOGJAM attack
CVE-2015-4000
CWE-310
Medium
TLS/SSL Weak Cipher Suites
-
CWE-310
Medium
JSF ViewState client side storage
-
CWE-693
Medium
Same site scripting
-
CWE-16
Medium
SharePoint exposed web services
-
CWE-200
Medium
Java Management Extensions (JMX/RMI) service detected
-
CWE-200
Medium
Spring Boot Actuator
-
CWE-489
Medium
Spring Boot Actuator v2
-
CWE-489
Medium
Symfony web debug toolbar
-
CWE-489
Medium
Tornado debug mode
-
CWE-489
Medium
GraphQL Unhandled Error Leakage
-
CWE-209
Medium
Frontpage authors.pwd available
-
CWE-538
Medium
GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability
-
CWE-770
Medium
Flask weak secret key
-
CWE-693
Medium
GraphQL Alias Overloading Allowed: Potential Denial of Service Vulnerability
-
CWE-400
Medium
Httpoxy vulnerability
-
CWE-16
Medium
ViewState MAC Disabled
-
CWE-642
Medium
ASP.NET ValidateRequest Is Globally Disabled
-
CWE-707
Medium
ASP.NET application-level tracing enabled
-
CWE-215
Medium
ASP.NET login credentials stored in plain text
-
CWE-256
Medium
Insecure crossdomain.xml policy
-
CWE-284
Medium
Django weak secret key
-
CWE-693
Medium
Express cookie-session weak secret key
-
CWE-693
Medium
Open Silverlight Client Access Policy
-
CWE-16
Medium
ASP.NET: Failure To Require SSL For Authentication Cookies
-
CWE-319
Medium
GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability
-
CWE-352
Medium
ASP.NET ASPX debugging enabled
-
CWE-11
Medium
Mojolicious weak secret key
-
CWE-693
Medium
ASP.NET CustomErrors Is Disabled
-
CWE-12
Medium
Apache Proxy HTTP CONNECT method enabled
-
CWE-441
Medium
ASP.NET cookies accessible from client-side scripts
-
CWE-1004
Medium
SAP ICF /sap/public/info sensitive information disclosure
-
CWE-200
Medium
SAP NetWeaver server info information disclosure BCB
-
CWE-200
Medium
Spring Misconfiguration: HTML Escaping disabled
-
CWE-16
Medium
ASP.NET cookieless authentication enabled
-
CWE-598
Medium
SAP NetWeaver server info information disclosure
-
CWE-200
Medium
Apache Tomcat version older than 7.0.32
CVE-2012-4431
CWE-264
Medium
Firebase database accessible without authentication
-
CWE-200
Medium
Spring Boot Misconfiguration: Developer tools enabled on production
-
CWE-16
Medium
GraphQL Introspection Query Enabled
-
CWE-200
Medium
PHP enable_dl enabled
-
CWE-470
Medium
PHP register_globals enabled
-
CWE-1108
Medium
Misconfigured Access-Control-Allow-Origin Header
-
CWE-942
Medium
The POODLE attack (SSLv3 with CBC cipher suites)
CVE-2014-3566
CWE-326
Medium
Unchecked GraphQL Query Length: Potential Denial of Service Vulnerability
-
CWE-400
Medium
GraphQL Circular-Query via Introspection Allowed: Potential DoS Vulnerability
-
CWE-400
Medium
Apache Cassandra Unauthorized Access Vulnerability
-
CWE-200
Medium
Chrome Logger information disclosure
-
CWE-200
Medium
GraphiQL Explorer/Playground Enabled
-
CWE-200
Medium
GraphQL Non-JSON Mutations over GET: Potential CSRF Vulnerability
-
CWE-352
Medium
JavaMelody publicly accessible
-
CWE-200
Medium
«
1
...
3
4
5
6
»
