Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Known Vulnerabilities

This page lists 14673 vulnerabilities in this category.

Critical: 1573 High: 3882 Medium: 8446 Low: 770 Information: 2
Vulnerability Name
CVE
CWE
Severity
CrushFTP Server Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2017-14037)
CVE-2017-14037
CWE-707
Medium
CrushFTP Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-14038)
CVE-2017-14038
CWE-601
Medium
Python Cryptographic Issues Vulnerability (CVE-2012-1150)
CVE-2012-1150
-
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1117)
CVE-2012-1117
CWE-707
Medium
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1099)
CVE-2012-1099
CWE-707
Medium
Sqlite Improper Input Validation Vulnerability (CVE-2017-13685)
CVE-2017-13685
CWE-20
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14241)
CVE-2017-14241
CWE-707
Medium
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1098)
CVE-2012-1098
CWE-707
Medium
Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1039)
CVE-2012-1039
CWE-707
Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14498)
CVE-2017-14498
CWE-707
Medium
Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-0995)
CVE-2012-0995
CWE-707
Medium
Zenphoto Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-0994)
CVE-2012-0994
CWE-138
Medium
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1154)
CVE-2012-1154
CWE-264
Medium
Moodle Incorrect Default Permissions Vulnerability (CVE-2012-1157)
CVE-2012-1157
CWE-276
Medium
PHP Improper Input Validation Vulnerability (CVE-2012-1172)
CVE-2012-1172
CWE-20
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-12645)
CVE-2017-12645
CWE-707
Medium
Jboss EAP Incorrect Authorization Vulnerability (CVE-2017-12196)
CVE-2017-12196
CWE-863
Medium
Undertow Incorrect Authorization Vulnerability (CVE-2017-12196)
CVE-2017-12196
CWE-863
Medium
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1171)
CVE-2012-1171
CWE-200
Medium
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1169)
CVE-2012-1169
CWE-200
Medium
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1167)
CVE-2012-1167
CWE-264
Medium
OpenSSL Resource Management Errors Vulnerability (CVE-2012-1165)
CVE-2012-1165
-
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-12646)
CVE-2017-12646
CWE-707
Medium
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1158)
CVE-2012-1158
CWE-200
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-12647)
CVE-2017-12647
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-12648)
CVE-2017-12648
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-12649)
CVE-2017-12649
CWE-707
Medium
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1161)
CVE-2012-1161
CWE-200
Medium
Django Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-12794)
CVE-2017-12794
CWE-707
Medium
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1159)
CVE-2012-1159
CWE-200
Medium
silverstripeCMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-12849)
CVE-2017-12849
CWE-200
Medium
WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0237)
CVE-2013-0237
CWE-707
Medium
Mustache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8862)
CVE-2015-8862
CWE-707
Medium
MODX Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-8115)
CVE-2017-8115
CWE-22
Medium
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-3454)
CVE-2014-3454
CWE-352
Medium
Resin Application Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2966)
CVE-2014-2966
CWE-264
Medium
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-2983)
CVE-2014-2983
CWE-200
Medium
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3092)
CVE-2014-3092
CWE-200
Medium
Oracle JRE CVE-2013-2418 Vulnerability (CVE-2013-2418)
CVE-2013-2418
-
Medium
Collabtive Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3246)
CVE-2014-3246
CWE-138
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3247)
CVE-2014-3247
CWE-707
Medium
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-3455)
CVE-2014-3455
CWE-352
Medium
phpList Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-2916)
CVE-2014-2916
CWE-352
Medium
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3464)
CVE-2014-3464
CWE-264
Medium
OpenSSL Cryptographic Issues Vulnerability (CVE-2014-3470)
CVE-2014-3470
-
Medium
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3472)
CVE-2014-3472
CWE-264
Medium
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-3478)
CVE-2014-3478
CWE-119
Medium
PHP CVE-2014-3479 Vulnerability (CVE-2014-3479)
CVE-2014-3479
-
Medium
PHP Improper Input Validation Vulnerability (CVE-2014-3480)
CVE-2014-3480
CWE-20
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2963)
CVE-2014-2963
CWE-707
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2853)
CVE-2014-2853
CWE-707
Medium
Oracle JRE CVE-2013-2417 Vulnerability (CVE-2013-2417)
CVE-2013-2417
-
Medium
MySQL CVE-2014-2494 Vulnerability (CVE-2014-2494)
CVE-2014-2494
-
Medium
MySQL CVE-2014-2436 Vulnerability (CVE-2014-2436)
CVE-2014-2436
-
Medium
MySQL CVE-2014-2440 Vulnerability (CVE-2014-2440)
CVE-2014-2440
-
Medium
MySQL CVE-2014-2442 Vulnerability (CVE-2014-2442)
CVE-2014-2442
-
Medium
MySQL CVE-2014-2444 Vulnerability (CVE-2014-2444)
CVE-2014-2444
-
Medium
MySQL CVE-2014-2450 Vulnerability (CVE-2014-2450)
CVE-2014-2450
-
Medium
MySQL CVE-2014-2484 Vulnerability (CVE-2014-2484)
CVE-2014-2484
-
Medium
PHP Resource Management Errors Vulnerability (CVE-2014-2497)
CVE-2014-2497
-
Medium
Oracle JRE CVE-2013-2419 Vulnerability (CVE-2013-2419)
CVE-2013-2419
-
Medium
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2572)
CVE-2014-2572
CWE-264
Medium
ownCloud Improper Input Validation Vulnerability (CVE-2014-2585)
CVE-2014-2585
CWE-20
Medium
MediaWiki Improper Authentication Vulnerability (CVE-2014-2665)
CVE-2014-2665
CWE-287
Medium
PostgreSQL Numeric Errors Vulnerability (CVE-2014-2669)
CVE-2014-2669
-
Medium
Ruby Resource Management Errors Vulnerability (CVE-2014-2734)
CVE-2014-2734
-
Medium
Oracle JRE CVE-2013-2423 Vulnerability (CVE-2013-2423)
CVE-2013-2423
-
Medium
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3481)
CVE-2014-3481
CWE-200
Medium
Oracle JRE CVE-2013-2416 Vulnerability (CVE-2013-2416)
CVE-2013-2416
-
Medium
MySQL CVE-2014-2434 Vulnerability (CVE-2014-2434)
CVE-2014-2434
-
Medium
Nginx Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2014-3556)
CVE-2014-3556
CWE-138
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3547)
CVE-2014-3547
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3548)
CVE-2014-3548
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3549)
CVE-2014-3549
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3550)
CVE-2014-3550
CWE-707
Medium