Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ Configuration
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Configuration
This page lists
401 vulnerabilities
in this category.
Critical: 4
High: 128
Medium: 174
Low: 50
Information: 45
Vulnerability Name
CVE
CWE
Severity
GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability
-
CWE-352
Medium
PHP errors enabled
-
CWE-209
Medium
Yii2 debug toolkit
-
CWE-200
Medium
Yii2 Gii extension
-
CWE-200
Medium
GraphQL Field Suggestions Enabled
-
CWE-200
Medium
PHP session.use_trans_sid enabled
-
CWE-598
Medium
Arbitrary File Read on Nuxt.js Development Server
-
CWE-200
Low
Wing FTP Anonymous access
-
CWE-200
Low
TRACE Method enabled
-
CWE-489
Low
Nuxt.js Running in Development Mode
-
CWE-200
Low
Passive Mixed Content over HTTPS
-
CWE-284
Low
FrontPage Identified
-
CWE-16
Low
ColdFusion administrator login page publicly available
-
CWE-200
Low
Internet Information Server returns IP address in HTTP header (Content-Location)
-
CWE-200
Low
Symfony ESI (Edge-Side Includes) enabled
-
CWE-16
Low
Possible Database Name Disclosure
-
CWE-200
Low
Gitlab user disclosure
-
CWE-200
Low
Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed
-
CWE-16
Low
Cookies Not Marked as HttpOnly
-
CWE-1004
Low
ColdFusion RDS Service enabled
-
CWE-200
Low
Insecure Transportation Security Protocol Supported (TLS 1.1)
-
CWE-326
Low
PHP open_basedir is not set
-
CWE-664
Low
Error page path disclosure
-
CWE-200
Low
Apache stronghold-status enabled
-
CWE-200
Low
Apache stronghold-info enabled
-
CWE-200
Low
Missing Content-Type Header
-
CWE-16
Low
Apache Solr endpoint
-
CWE-200
Low
ASP.NET error message
-
CWE-12
Low
Tomcat status page
-
CWE-200
Low
PHP allow_url_fopen Is Enabled
-
CWE-829
Low
Sensitive pages could be cached
-
CWE-200
Low
Session cookies scoped to parent domain
-
CWE-284
Low
Session ID in URL
-
CWE-200
Low
Apache mod_negotiation filename bruteforcing
-
CWE-538
Low
PHP open_basedir Is Not Configured
-
CWE-664
Low
PHP display_errors Is Enabled
-
CWE-209
Low
PHP allow_url_include Is Enabled
-
CWE-829
Low
WordPress default administrator account
-
CWE-16
Low
WordPress admin accessible without HTTP authentication
-
CWE-16
Low
Version Disclosure (IIS)
-
CWE-200
Low
PHP allow_url_include enabled
-
CWE-829
Low
Cookies Not Marked as Secure
-
CWE-614
Low
ASP.NET ViewStateUserKey Is Not Set
-
CWE-642
Low
Cookies with missing, inconsistent or contradictory properties
-
CWE-284
Low
Clickjacking: CSP frame-ancestors missing
-
CWE-1021
Low
Unrestricted access to Prometheus
-
CWE-200
Low
Unrestricted access to Prometheus Metrics
-
CWE-200
Low
ASP.NET debugging enabled
-
CWE-11
Low
TRACK Method enabled
-
CWE-489
Low
Unrestricted access to a monitoring system
-
CWE-200
Low
Unrestricted access to ImageResizer Diagnotics plugin
-
CWE-200
Low
H2 console publicly accessible
-
CWE-287
Low
OData feed accessible anonymously
-
CWE-200
Low
Broken Link Hijacking
-
CWE-610
Low
Kentico Staging API publicly accessible
-
CWE-200
Low
Jenkins open people list
-
CWE-200
Low
Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive
-
CWE-16
Information
Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes
-
CWE-16
Information
No Script Block Detected with the Hash Value Declared in Content Security Policy (CSP)
-
CWE-16
Information
Microsoft Frontpage configuration information
-
CWE-200
Information
data: Used in a Content Security Policy (CSP) Directive
-
CWE-16
Information
Missing object-src in CSP Declaration
-
CWE-16
Information
Scheme URI Detected in Content Security Policy (CSP) Directive
-
CWE-16
Information
Insecure Protocol Detected in Content Security Policy (CSP)
-
CWE-16
Information
X-Content-Type-Options (XCTO) Not Implemented
-
-
Information
Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags
-
CWE-16
Information
WordPress user registration enabled
-
CWE-16
Information
Content Security Policy Misconfiguration
-
CWE-16
Information
Web Application Firewall Detected
-
CWE-16
Information
.htaccess File Detected
-
CWE-443
Information
Weak Nonce Detected in Content Security Policy (CSP) Declaration
-
CWE-16
Information
WebDAV Enabled
-
CWE-16
Information
WordPress readme.html file
-
CWE-200
Information
Web server default welcome page
-
CWE-200
Information
Multiple Content Security Policy (CSP) Implementation Detected
-
CWE-16
Information
«
1
...
4
5
6
»
