Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.3.2229

Information Disclosure

This page lists 612 vulnerabilities in this category.

Critical: 3 High: 393 Medium: 134 Low: 72 Information: 10
Vulnerability Name
CVE
CWE
Severity
SAP Management Console list logfiles
-
CWE-200
High
SAP Management Console get user list
-
CWE-200
High
Nginx memory disclosure with specially crafted HTTP backend responses
CVE-2012-1180
CWE-399
High
MediaWiki multiple remote vulnerabilities
CVE-2012-4378
CWE-79
High
Elasticsearch service accessible
-
CWE-200
High
Ektron CMS unauthenticated code execution and Local File Read
CVE-2012-5358
CWE-20
High
Drupal 7 arbitrary PHP code execution and information disclosure
CVE-2012-4554
CWE-264
High
Zend Framework local file disclosure via XXE injection
CVE-2015-5161
CWE-611
High
Zend framework configuration file information disclosure
-
CWE-538
High
X-Forwarded-For HTTP header security bypass
-
CWE-287
High
WordPress debug mode
-
CWE-200
High
Adminer 4.6.2 file disclosure vulnerability
-
CWE-22
High
Bazaar repository found
-
CWE-538
High
File Content Disclosure in Action View
CVE-2019-5418
CWE-200
High
SharePoint user enumeration
-
CWE-200
High
Reachable SharePoint interface
-
CWE-200
High
[Possible] Sublime SFTP Config File Detected
-
CWE-200
High
RoR Database Configuration File Detected
-
CWE-538
High
PHP-CGI remote code execution
CVE-2012-2311
CWE-20
High
Oracle JavaServer Faces multiple vulnerabilities
CVE-2013-3827
CWE-22
High
Minify arbitrary file disclosure
CVE-2013-6619
CWE-538
High
MantisBT multiple security issues
CVE-2015-1042
CWE-200
High
Magento Cacheleak
-
CWE-200
High
JetLeak vulnerability
CVE-2015-2080
CWE-200
High
Unrestricted access to NGINX+ API interface (read write)
-
CWE-200
High
JBoss Seam remoting vulnerabilities
CVE-2013-6448
CWE-611
High
WordPress W3 Total Cache plugin predictable cache filenames
CVE-2012-6079
CWE-200
High
GIT Detected exposed
-
CWE-527
High
IBM Web Content Manager XPath injection
CVE-2013-6735
CWE-264
High
Tiki Wiki CMS: Arbitrary Code Execution
-
-
High
Padding oracle attack
-
CWE-209
High
XML entity injection
-
CWE-611
High
XML external entity injection and XML injection
-
CWE-611
High
XML external entity injection
-
CWE-611
High
XML External Entity Injection via external file
-
CWE-611
High
XML external entity injection via File Upload
-
CWE-611
High
XML external entity injection (variant)
-
CWE-611
High
Elmah.axd / Errorlog.axd Detected
-
CWE-209
High
Unprotected phpMyAdmin interface
-
CWE-205
High
SVN Detected
-
CWE-538
High
Atlassian Confluence information disclosure
CVE-2017-7415
-
High
Tiki Wiki CMS: Arbitrary File Download
-
-
High
Tiki Wiki CMS: Remote Code Execution via Calendar Module
-
-
High
Amazon S3 publicly writable bucket
-
CWE-264
High
JBoss BSHDeployer MBean
-
CWE-200
High
Apache Tomcat Information Disclosure CVE-2017-7674
CVE-2017-12616
CWE-200
High
RSA Private Key Detected
-
CWE-200
High
Mercurial repository found
-
CWE-538
High
Drupal Backup Migrate directory publicly accessible
-
CWE-538
High
JBoss Web Console JMX Invoker
-
CWE-200
High
JBoss JMX Console Unrestricted Access
-
CWE-200
High
JBoss Server MBean
-
CWE-200
High
Symfony databases.yml configuration file
-
CWE-538
High
JBoss ServerInfo MBean
CVE-2010-0738
CWE-200
High
JBoss JMX management console
-
CWE-200
High
WPEngine _wpeprivate/config.json information disclosure
-
CWE-200
High
JBoss HttpAdaptor JMXInvokerServlet
-
CWE-94
High
Dotenv .env file
-
CWE-538
High
Multiple vulnerabilities in Ioncube loader-wizard.php
-
CWE-552
High
MySQL connection credentials
-
CWE-538
High
The Heartbleed Bug
CVE-2014-0160
CWE-200
High
Jenkins weak password
-
CWE-200
High
qdPM Information Disclosure
-
CWE-260
High
ASP.NET connection strings stored in plaintext
-
CWE-16
High
Apache Tomcat version older than 6.0.35
CVE-2012-0022
CWE-264
High
Apache Axis2 xsd local file inclusion
-
CWE-22
High
Web application default/weak credentials
-
CWE-200
High
Webmail weak password
-
CWE-200
High
WebLogic admin console weak credentials
-
CWE-693
High
Weak password
-
CWE-200
High
SAP weak/predictable user credentials
-
CWE-200
High
Microsoft IIS5 NTLM and Basic authentication bypass
CVE-2007-2815
CWE-264
High
Apache Solr Log4Shell RCE
CVE-2021-44228
CWE-78
High
Unrestricted access to Caddy API interface
-
CWE-200
High
IBM WebSphere administration console weak password
-
CWE-200
High