Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Known Vulnerabilities

This page lists 14673 vulnerabilities in this category.

Critical: 1573 High: 3882 Medium: 8446 Low: 770 Information: 2
Vulnerability Name
CVE
CWE
Severity
Microsoft SharePoint XSS spoofing vulnerability
CVE-2015-2522
CWE-80
High
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-1499)
CVE-2009-1499
CWE-138
High
PHPUnit Remote Code Execution
CVE-2017-9841
CWE-94
High
Apache HTTP Server Numeric Errors Vulnerability (CVE-2006-3747)
CVE-2006-3747
-
High
ColdFusion JNDI injection RCE
CVE-2018-15957
CWE-502
High
Oracle Database Server CVE-2013-3771 Vulnerability (CVE-2013-3771)
CVE-2013-3771
-
High
Internet Information Services Improper Authentication Vulnerability (CVE-2009-1535)
CVE-2009-1535
CWE-287
High
phpMyFAQ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2006-6912)
CVE-2006-6912
CWE-138
High
ColdFusion Arbitrary File Upload
CVE-2018-15961
CWE-434
High
RCE with Spring Data Commons
CVE-2018-1273
CWE-94
High
Oracle WebLogic Authentication Bypass
CVE-2018-2894
CWE-287
High
phpMyFAQ Other Vulnerability (CVE-2006-6913)
CVE-2006-6913
-
High
Oracle WebLogic Remote Code Execution via T3
CVE-2018-3245
CWE-502
High
WordPress Plugin WPML Unauthenticated Stored XSS
CVE-2018-18069
CWE-80
High
Oracle Database Server CVE-2013-3760 Vulnerability (CVE-2013-3760)
CVE-2013-3760
-
High
Jira Unauthorized SSRF via REST API
CVE-2019-8451
CWE-918
High
Ruby Improper Input Validation Vulnerability (CVE-2011-4815)
CVE-2011-4815
CWE-20
High
ColdFusion FlashGateway Deserialization RCE CVE-2019-7091
CVE-2019-7091
CWE-502
High
ColdFusion AMF Deserialization RCE
CVE-2017-3066
CWE-502
High
Cisco Adaptive Security Appliance (ASA) Path Traversal (CVE-2018-0296)
CVE-2018-0296
CWE-22
High
Atlassian OAuth Plugin IconUriServlet SSRF
CVE-2017-9506
CWE-918
High
Apache Tomcat Information Disclosure CVE-2017-7674
CVE-2017-12616
CWE-200
High
Confluence Widget Connector SSTI
CVE-2019-3396
CWE-22
High
silverstripeCMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-1433)
CVE-2009-1433
CWE-138
High
LimeSurvey CVE-2009-1604 Vulnerability (CVE-2009-1604)
CVE-2009-1604
-
High
Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)
CVE-2018-13379
CWE-22
High
Apache Shiro Deserialization RCE
CVE-2016-4437
CWE-78
High
Jira SSTI CVE-2019-11581
CVE-2019-11581
CWE-22
High
Dolphin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-3638)
CVE-2013-3638
CWE-138
High
Oracle Business Intelligence Adfresource Path traversal CVE-2019-2588
CVE-2019-2588
CWE-200
High
Node.js path validation vulnerability
CVE-2017-14849
CWE-22
High
Oracle Database Server CVE-2013-3774 Vulnerability (CVE-2013-3774)
CVE-2013-3774
-
High
Joomla! Core Security Bypass
CVE-2017-11364
-
High
WordPress CVE-2011-4899 Vulnerability (CVE-2011-4899)
CVE-2011-4899
-
High
Arbitrary EL Evaluation in RichFaces
CVE-2015-0279
CWE-917
High
Remote Code Execution (RCE) in Spring Security OAuth
CVE-2016-4977
CWE-94
High
Spring Data REST RCE via PATCH requests
CVE-2017-8046
CWE-94
High
Paperclip gem SSRF (Server side request forgery)
CVE-2017-0889
CWE-918
High
Spring Security Authentication Bypass
CVE-2016-5007
CWE-287
High
Data Binding Expression Vulnerability in Spring Web Flow
CVE-2017-4971
CWE-78
High
Deserialization of Untrusted Data (Java JSON Deserialization) Jackson
CVE-2017-7525
CWE-502
High
Apache Struts Remote Code Execution (S2-057)
CVE-2018-11776
CWE-917
High
Telerik.Web.UI.dll Cryptographic Weakness
CVE-2017-9248
CWE-338
High
IBM WebSphere RCE Java Deserialization Vulnerability
CVE-2015-7450
CWE-502
High
JavaMelody XML External Entity (XXE) vulnerability
CVE-2018-15531
CWE-611
High
Oracle Weblogic WLS-WSAT Component Deserialization RCE
CVE-2017-10271
CWE-94
High
Adobe Experience Manager Misconfiguration
CVE-2016-0957
CWE-693
High
Apache CouchDB JSON Remote Privilege Escalation Vulnerability
CVE-2017-12635
CWE-285
High
Joomla Other Vulnerability (CVE-2006-6833)
CVE-2006-6833
-
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-4833)
CVE-2011-4833
CWE-138
High
phpMyFAQ Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4825)
CVE-2011-4825
CWE-94
High
Ektron CMS authentication bypass
CVE-2018-12596
CWE-285
High
TYPO3 Other Vulnerability (CVE-2006-6690)
CVE-2006-6690
-
High
Prototype CVE-2008-7220 Vulnerability (CVE-2008-7220)
CVE-2008-7220
-
High
GoAhead web server remote code execution
CVE-2017-17562
CWE-94
High
jQuery File Upload unauthenticated arbitrary file upload
CVE-2018-9206
CWE-434
High
Jboss Application Server HTTPServerILServlet.java remote code execution
CVE-2017-7504
CWE-502
High
JBoss InvokerTransformer Remote Code Execution
CVE-2015-7501
CWE-502
High
Laravel log viewer local file download (LFD)
CVE-2018-8947
CWE-22
High
Joomla Other Vulnerability (CVE-2006-3481)
CVE-2006-3481
-
High
ACME mini_httpd arbitrary file read
CVE-2018-18778
CWE-23
High
Drupal Remote Code Execution (SA-CORE-2018-004)
CVE-2018-7602
CWE-94
High
Drupal Remote Code Execution (SA-CORE-2018-002)
CVE-2018-7600
CWE-94
High
Oracle Business Intelligence AuthBypass CVE-2019-2768
CVE-2019-2768
CWE-200
High
Atlassian Confluence information disclosure
CVE-2017-7415
-
High
Webmin v1.920 Unauhenticated Remote Command Execution
CVE-2019-15107
CWE-94
High
JBoss Application Server Directory Traversal Vulnerability (CVE-2006-5750)
CVE-2006-5750
-
High
OpenX arbitrary file upload
CVE-2009-4140
CWE-434
High
Apache Solr Deserialization of untrusted data via jmx.serviceUrl
CVE-2019-0192
-
High
WeBid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-7116)
CVE-2008-7116
CWE-138
High
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7002)
CVE-2008-7002
CWE-264
High
PHP Address Book Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-2778)
CVE-2013-2778
CWE-352
High
Apache Tomcat Other Vulnerability (CVE-2006-7197)
CVE-2006-7197
-
High
e107 Other Vulnerability (CVE-2006-5786)
CVE-2006-5786
-
High
Atlassian Crowd Remote Code Execution
CVE-2019-11580
CWE-78
High