Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.3.2229

Information Disclosure

This page lists 612 vulnerabilities in this category.

Critical: 3 High: 393 Medium: 134 Low: 72 Information: 10
Vulnerability Name
CVE
CWE
Severity
ASP.NET Core Development Mode enabled
-
CWE-200
Medium
Clockwork PHP dev tool enabled
-
CWE-200
Medium
PHP Debug Bar enabled
-
CWE-200
Medium
PHP Console addon enabled
-
CWE-200
Medium
Laravel Telescope open
-
CWE-200
Medium
Laravel LogViewer open
-
CWE-200
Medium
ViewStateMac is Not Enabled
-
CWE-16
Medium
Craft CMS Development Mode enabled
-
CWE-200
Medium
Lucee Stacktrace Information Disclosure
-
CWE-200
Medium
Oracle E-Business Suite iStore open user registration
CVE-2022-21500
CWE-200
Medium
Bitrix server test script publicly accessible
-
CWE-200
Medium
Old API Version Exposed
-
CWE-693
Medium
PHP opcache-status page publicly accessible
-
CWE-200
Medium
Golang runtime profiling data
-
CWE-200
Medium
Apache balancer-manager application publicly accessible
-
CWE-200
Medium
TestRail Information Disclosure (CVE-2021-40875)
CVE-2021-40875
CWE-425
Medium
KeyCloak Information Disclosure (CVE-2020-27838)
CVE-2020-27838
CWE-287
Medium
Stack Trace Disclosure (RoR)
-
CWE-209
Medium
Jira QueryComponent Information Disclosure (CVE-2020-14179)
CVE-2020-14179
CWE-288
Medium
Stack Trace Disclosure (Python)
-
CWE-209
Medium
RoR Development Mode enabled
-
CWE-200
Medium
PHP opcache-gui publicly accessible
-
CWE-200
Medium
Symfony Profiler open
-
CWE-200
Medium
Stack Trace Disclosure (Java)
-
CWE-209
Medium
Unrestricted access to NGINX+ Upstream HTTP interface
-
CWE-200
Medium
WebPageTest Unauthorized Access Vulnerability
-
CWE-200
Medium
Payara Micro File Read (CVE-2021-41381)
CVE-2021-41381
CWE-22
Medium
Pyramid DebugToolbar enabled
-
CWE-200
Medium
NodeBB Arbitrary JSON File Read (CVE-2021-43788)
CVE-2021-43788
CWE-22
Medium
Django Debug Toolbar
-
CWE-200
Medium
Jira Unauthorized User Enumeration (CVE-2020-14181)
CVE-2020-14181
CWE-200
Medium
Jetty ConcatServlet Information Disclosure (CVE-2021-28169)
CVE-2021-28169
CWE-200
Medium
rack-mini-profiler environment variables disclosure
-
CWE-287
Medium
Jetty Information Disclosure (CVE-2021-34429)
CVE-2021-28164
CWE-200
Medium
Joomla Debug Console enabled
-
CWE-200
Medium
Tracy debugging tool enabled
-
CWE-200
Medium
Joomla J!Dump extension enabled
-
CWE-200
Medium
Express Development Mode enabled
-
CWE-200
Medium
Unrestricted access to NGINX+ Dashboard
-
CWE-200
Medium
ASP.NET viewstate encryption disabled
-
CWE-16
Medium
Unrestricted access to NGINX+ API interface (read only)
-
CWE-200
Medium
ASP.NET WCF service include exception details
-
CWE-16
Medium
Zabbix Guest Access
-
CWE-200
Medium
InfluxDB Unauthorized Access Vulnerability
-
CWE-200
Medium
Magento Config File Disclosure
-
CWE-200
Medium
Stack Trace Disclosure (Laravel)
-
CWE-209
Medium
Argo CD Information Disclosure (CVE-2024-37152)
CVE-2024-37152
CWE-287
Medium
GraphQL Field Suggestions Enabled
-
CWE-200
Medium
JSONP enabled by default in MappingJackson2JsonView
CVE-2018-11040
CWE-538
Medium
nginx range filter integer overflow
CVE-2017-7529
CWE-200
Medium
Yii2 debug toolkit
-
CWE-200
Medium
[Possible] Backup Folder
-
CWE-538
Medium
Microsoft Access Database File Detected
-
CWE-538
Medium
Test CGI script leaking environment variables
-
-
Medium
PHP X Prober publicly accessible
-
CWE-200
Medium
Atlassian Confluence Access Restriction Bypass
CVE-2017-9505
-
Medium
npm log file publicly accessible (npm-debug.log)
-
CWE-200
Medium
PHP-FPM Status Page
-
CWE-200
Medium
Atlassian Confluence Stored Cross Site Scripting
CVE-2016-6283
-
Medium
Laravel log file publicly accessible
-
CWE-538
Medium
ColdFusion Request Debugging information disclosure
-
CWE-200
Medium
GraphiQL Explorer/Playground Enabled
-
CWE-200
Medium
ColdFusion Robust Exception enabled
-
CWE-200
Medium
GraphQL Introspection Query Enabled
-
CWE-200
Medium
PHP-CS-Fixer cache file publicly accessible (.php_cs.cache)
-
CWE-200
Medium
Go web application binary disclosure
-
CWE-540
Medium
Stack Trace Disclosure (ColdFusion)
-
CWE-209
Medium
Phpfastcache phpinfo publicly accessible (CVE-2021-37704)
CVE-2021-37704
CWE-200
Medium
Joomla! Core improper access check in webservice endpoints
CVE-2023-23752
CWE-200
Medium
Citrix ADC NetScaler Local File Inclusion (CVE-2020-8193)
CVE-2020-8193
CWE-284
Medium
SAP ICF /sap/public/info sensitive information disclosure
-
CWE-200
Medium
SAP NetWeaver server info information disclosure BCB
-
CWE-200
Medium
Node.js Running in Development Mode
-
CWE-215
Medium
Struts 2 Config Browser plugin enabled
-
CWE-16
Medium
GraphQL Unhandled Error Leakage
-
CWE-209
Medium