Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ Information Disclosure
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Information Disclosure
This page lists
611 vulnerabilities
in this category.
Critical: 3
High: 392
Medium: 134
Low: 72
Information: 10
Vulnerability Name
CVE
CWE
Severity
SAP Management Console get user list
-
CWE-200
High
Nginx memory disclosure with specially crafted HTTP backend responses
CVE-2012-1180
CWE-399
High
MediaWiki multiple remote vulnerabilities
CVE-2012-4378
CWE-79
High
Elasticsearch service accessible
-
CWE-200
High
Ektron CMS unauthenticated code execution and Local File Read
CVE-2012-5358
CWE-20
High
Drupal 7 arbitrary PHP code execution and information disclosure
CVE-2012-4554
CWE-264
High
Zend Framework local file disclosure via XXE injection
CVE-2015-5161
CWE-611
High
Zend framework configuration file information disclosure
-
CWE-538
High
X-Forwarded-For HTTP header security bypass
-
CWE-287
High
WordPress debug mode
-
CWE-200
High
Adminer 4.6.2 file disclosure vulnerability
-
CWE-22
High
Bazaar repository found
-
CWE-538
High
File Content Disclosure in Action View
CVE-2019-5418
CWE-200
High
SharePoint user enumeration
-
CWE-200
High
Reachable SharePoint interface
-
CWE-200
High
[Possible] Sublime SFTP Config File Detected
-
CWE-200
High
RoR Database Configuration File Detected
-
CWE-538
High
PHP-CGI remote code execution
CVE-2012-2311
CWE-20
High
Oracle JavaServer Faces multiple vulnerabilities
CVE-2013-3827
CWE-22
High
Minify arbitrary file disclosure
CVE-2013-6619
CWE-538
High
MantisBT multiple security issues
CVE-2015-1042
CWE-200
High
Magento Cacheleak
-
CWE-200
High
JetLeak vulnerability
CVE-2015-2080
CWE-200
High
Unrestricted access to NGINX+ API interface (read write)
-
CWE-200
High
JBoss Seam remoting vulnerabilities
CVE-2013-6448
CWE-611
High
WordPress W3 Total Cache plugin predictable cache filenames
CVE-2012-6079
CWE-200
High
GIT Detected exposed
-
CWE-527
High
IBM Web Content Manager XPath injection
CVE-2013-6735
CWE-264
High
Tiki Wiki CMS: Arbitrary Code Execution
-
-
High
Padding oracle attack
-
CWE-209
High
XML entity injection
-
CWE-611
High
XML external entity injection and XML injection
-
CWE-611
High
XML external entity injection
-
CWE-611
High
XML External Entity Injection via external file
-
CWE-611
High
XML external entity injection via File Upload
-
CWE-611
High
XML external entity injection (variant)
-
CWE-611
High
Elmah.axd / Errorlog.axd Detected
-
CWE-209
High
Unprotected phpMyAdmin interface
-
CWE-205
High
SVN Detected
-
CWE-538
High
Atlassian Confluence information disclosure
CVE-2017-7415
-
High
Tiki Wiki CMS: Arbitrary File Download
-
-
High
Tiki Wiki CMS: Remote Code Execution via Calendar Module
-
-
High
Amazon S3 publicly writable bucket
-
CWE-264
High
JBoss BSHDeployer MBean
-
CWE-200
High
Apache Tomcat Information Disclosure CVE-2017-7674
CVE-2017-12616
CWE-200
High
RSA Private Key Detected
-
CWE-200
High
Mercurial repository found
-
CWE-538
High
Drupal Backup Migrate directory publicly accessible
-
CWE-538
High
JBoss Web Console JMX Invoker
-
CWE-200
High
JBoss JMX Console Unrestricted Access
-
CWE-200
High
JBoss Server MBean
-
CWE-200
High
Symfony databases.yml configuration file
-
CWE-538
High
JBoss ServerInfo MBean
CVE-2010-0738
CWE-200
High
JBoss JMX management console
-
CWE-200
High
WPEngine _wpeprivate/config.json information disclosure
-
CWE-200
High
JBoss HttpAdaptor JMXInvokerServlet
-
CWE-94
High
Dotenv .env file
-
CWE-538
High
Multiple vulnerabilities in Ioncube loader-wizard.php
-
CWE-552
High
MySQL connection credentials
-
CWE-538
High
The Heartbleed Bug
CVE-2014-0160
CWE-200
High
Jenkins weak password
-
CWE-200
High
qdPM Information Disclosure
-
CWE-260
High
ASP.NET connection strings stored in plaintext
-
CWE-16
High
Apache Tomcat version older than 6.0.35
CVE-2012-0022
CWE-264
High
Apache Axis2 xsd local file inclusion
-
CWE-22
High
Web application default/weak credentials
-
CWE-200
High
Webmail weak password
-
CWE-200
High
WebLogic admin console weak credentials
-
CWE-693
High
Weak password
-
CWE-200
High
SAP weak/predictable user credentials
-
CWE-200
High
Microsoft IIS5 NTLM and Basic authentication bypass
CVE-2007-2815
CWE-264
High
IBM WebSphere administration console weak password
-
CWE-200
High
Unrestricted access to Caddy API interface
-
CWE-200
High
GlassFish admin console weak credentials
-
CWE-693
High
Devise weak password
-
CWE-200
High
«
1
...
4
5
6
...
9
»
