Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.3.2229

Information Disclosure

This page lists 612 vulnerabilities in this category.

Critical: 3 High: 393 Medium: 134 Low: 72 Information: 10
Vulnerability Name
CVE
CWE
Severity
SAP NetWeaver server info information disclosure
-
CWE-200
Medium
SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability
-
CWE-200
Medium
CodeIgniter development mode enabled
-
CWE-16
Medium
Symfony debug mode enabled (Invicti IAST)
-
CWE-16
Medium
Symfony running in dev mode
-
CWE-16
Medium
F5 BIG-IP Cookie Information Disclosure
-
CWE-200
Low
Insecure transition from HTTPS to HTTP in form post
-
CWE-200
Low
FrontPage Identified
-
CWE-16
Low
Programming Error Messages
-
CWE-209
Low
Version Disclosure (ASP.NET MVC)
-
CWE-200
Low
Internet Information Server returns IP address in HTTP header (Content-Location)
-
CWE-200
Low
Possible sensitive directories
-
CWE-200
Low
Apache Axis2 web services enumeration
-
CWE-200
Low
Jenkins open people list
-
CWE-200
Low
Version Disclosure (ASP.NET)
-
CWE-200
Low
Possible Database Name Disclosure
-
CWE-200
Low
Possible sensitive files
-
CWE-200
Low
TRACE Method enabled
-
CWE-489
Low
Arbitrary File Read on Nuxt.js Development Server
-
CWE-200
Low
Nuxt.js Running in Development Mode
-
CWE-200
Low
ASP.NET path disclosure
-
CWE-200
Low
ColdFusion path disclosures
-
CWE-200
Low
ASP.NET debugging enabled
-
CWE-11
Low
Unrestricted access to Prometheus
-
CWE-200
Low
Unrestricted access to Prometheus Metrics
-
CWE-200
Low
Apache stronghold-info enabled
-
CWE-200
Low
Possible SQL Statement in comment
-
CWE-200
Low
Apache mod_negotiation filename bruteforcing
-
CWE-538
Low
Stack Trace Disclosure (Grails)
-
CWE-209
Low
Stack Trace Disclosure (GWT)
-
CWE-209
Low
Stack Trace Disclosure (CherryPy)
-
CWE-209
Low
Stack Trace Disclosure (CakePHP)
-
CWE-209
Low
Stack Trace Disclosure (ASP.NET)
-
CWE-209
Low
PHP display_errors Is Enabled
-
CWE-209
Low
Possible virtual host found
-
CWE-200
Low
Documentation files
-
CWE-538
Low
Oracle Reports Services RWServlet environment variables disclosure
-
CWE-200
Low
Jenkins user enumeration
-
CWE-200
Low
Error messages
-
CWE-209
Low
Stack Trace Disclosure (NodeJS)
-
CWE-209
Low
HTML Form found in redirect page
-
CWE-287
Low
WordPress REST API User Enumeration
-
CWE-200
Low
Atlassian Jira Manage Filters information disclosure
-
CWE-200
Low
Joe Editor DEADJOE file
-
CWE-538
Low
[Possible] Internal IP Address Disclosure
-
CWE-200
Low
Possible username or password disclosure
-
CWE-200
Low
Tomcat status page
-
CWE-200
Low
WordPress full path disclosure
-
CWE-200
Low
Error page path disclosure
-
CWE-200
Low
ASP.NET error message
-
CWE-12
Low
Apache Solr endpoint
-
CWE-200
Low
Sensitive pages could be cached
-
CWE-200
Low
Stack Trace Disclosure (Apache MyFaces)
-
CWE-209
Low
Stack Trace Disclosure (Ruby-Sinatra Framework)
-
CWE-209
Low
Whoops error handler component detected
-
CWE-200
Low
Session ID in URL
-
CWE-200
Low
ViewsState is not Encrypted
-
CWE-200
Low
Unrestricted access to a monitoring system
-
CWE-200
Low
OData feed accessible anonymously
-
CWE-200
Low
Gitlab user disclosure
-
CWE-200
Low
Jira Unauthorized User Enumeration via UserPickerBrowser
-
CWE-200
Low
Version Disclosure (PHP)
-
-
Low
Microsoft IIS tilde directory enumeration
-
CWE-20
Low
Microsoft IIS Server service.cnf file found
-
CWE-538
Low
Unrestricted access to NGINX+ Status module
-
CWE-200
Low
Apache stronghold-status enabled
-
CWE-200
Low
JBoss web service console
-
CWE-200
Low
Typo3 sensitive files
-
CWE-200
Low
IIS Path disclosure
-
CWE-200
Low
Stack Trace Disclosure (Tomcat)
-
CWE-209
Low
Composer installed.json publicly accessible
-
CWE-200
Low
Version Disclosure (IIS)
-
CWE-200
Low
Snoop Servlet information disclosure
-
CWE-200
Low
MySQL username disclosure
-
CWE-538
Low
Symfony debug mode enabled
-
CWE-200
Low