Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Known Vulnerabilities

This page lists 14673 vulnerabilities in this category.

Critical: 1573 High: 3882 Medium: 8446 Low: 770 Information: 2
Vulnerability Name
CVE
CWE
Severity
Joomla Other Vulnerability (CVE-2006-2960)
CVE-2006-2960
-
High
OpenSSL Resource Management Errors Vulnerability (CVE-2006-2940)
CVE-2006-2940
-
High
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4605)
CVE-2011-4605
CWE-264
High
OpenSSL Resource Management Errors Vulnerability (CVE-2006-2937)
CVE-2006-2937
-
High
Remote code execution in bootstrap-sass 3.2.0.3
CVE-2019-10842
CWE-95
High
VMware directory traversal and privilege escalation vulnerabilities
CVE-2009-3733
CWE-22
High
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4937)
CVE-2011-4937
CWE-200
High
phpThumb() fltr[] parameter command injection vulnerability
CVE-2010-1598
CWE-20
High
silverstripeCMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-4960)
CVE-2011-4960
CWE-138
High
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
CVE-2018-15440
CWE-80
High
Drupal REST Remote Code Execution
CVE-2019-6340
CWE-78
High
Horde Imp Unauthenticated Remote Command Execution
CVE-2018-19518
CWE-94
High
Magento (2.2.0 to 2.3.0) Unauthenticated SQL Injection Vulnerability
CVE-2019-7139
CWE-89
High
Uploadify arbitrary file upload
-
CWE-434
High
TinyMCE ajax_create_folder remote code execution vulnerability
-
CWE-94
High
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-6852)
CVE-2008-6852
CWE-138
High
WordPress caching plugins PHP code execution
CVE-2013-2010
CWE-95
High
WordPress W3 Total Cache plugin predictable cache filenames
CVE-2012-6079
CWE-200
High
Nagios XI Magpie_debug.php Unauthenticated RCE
CVE-2018-15708
CWE-94
High
Nagios XI Unauthenticated SQLi CVE-2018-8734
CVE-2018-8734
CWE-89
High
File Content Disclosure in Action View
CVE-2019-5418
CWE-200
High
Nginx PHP code execution via FastCGI
-
CWE-94
High
Remote File Inclusion (admin/lang.php) (CMS Made Simple)
CVE-2005-2846
-
High
Vanilla Forums CVE-2013-3528 Vulnerability (CVE-2013-3528)
CVE-2013-3528
-
High
Ruby on Rails Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2006-4111)
CVE-2006-4111
CWE-94
High
Internet Information Services CVE-2006-6578 Vulnerability (CVE-2006-6578)
CVE-2006-6578
-
High
phpMyAdmin Other Vulnerability (CVE-2006-6944)
CVE-2006-6944
-
High
b2evolution Other Vulnerability (CVE-2006-6417)
CVE-2006-6417
-
High
Oracle Business Intelligence Convert XXE CVE-2019-2767
CVE-2019-2767
CWE-611
High
Oracle Business Intelligence ReportTemplateService XXE CVE-2019-2616
CVE-2019-2616
CWE-611
High
TYPO3 Improper Authentication Vulnerability (CVE-2009-0256)
CVE-2009-0256
CWE-287
High
Apache Struts2 Remote Command Execution (S2-052)
CVE-2017-9805
CWE-94
High
Apache Struts2 Remote Command Execution (S2-048)
CVE-2017-9791
CWE-94
High
Oracle Business Intelligence ReportTemplateService XXE (CVE-2021-2400)
CVE-2021-2400
CWE-611
High
Microsoft IIS 6.0 WebDAV Buffer Overflow
CVE-2017-7269
CWE-287
High
Pulse Secure SSL VPN Arbitrary File reading (CVE-2019-11510)
CVE-2019-11510
CWE-22
High
Directory Traversal (lib/translation.functions.php) (CMS Made Simple) v1.8.x
CVE-2010-2797
CWE-22
High
Vanilla Forums Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-3527)
CVE-2013-3527
CWE-138
High
Ruby on Rails CVE-2006-4112 Vulnerability (CVE-2006-4112)
CVE-2006-4112
-
High
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4608)
CVE-2011-4608
CWE-264
High
SAP Hybris Deserialization RCE
CVE-2019-0344
CWE-502
High
WeBid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-7119)
CVE-2008-7119
CWE-138
High
Apache REST RCE CVE-2018-11770
CVE-2018-11770
CWE-94
High
Oracle Weblogic T3 XXE (CVE-2019-2647)
CVE-2019-2647
CWE-611
High
Oracle Weblogic T3 XXE (CVE-2019-2888)
CVE-2019-2888
CWE-611
High
Directory Traversal (lib/translation.functions.php) (CMS Made Simple) v1.6.x
CVE-2010-2797
CWE-22
High
Joomla Other Vulnerability (CVE-2006-7008)
CVE-2006-7008
-
High
Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2009-1891)
CVE-2009-1891
CWE-400
High
Joomla Other Vulnerability (CVE-2006-7009)
CVE-2006-7009
-
High
Web Server Cache Poisoning (CMS Made Simple) v2.x
CVE-2016-2784
CWE-20
High
Oracle Weblogic Async Component Deserialization RCE CVE-2019-2725
CVE-2019-2725
CWE-94
High
Joomla Other Vulnerability (CVE-2006-7010)
CVE-2006-7010
-
High
Claroline Other Vulnerability (CVE-2006-7048)
CVE-2006-7048
-
High
SQL Injection (stylesheet.php) (CMS Made Simple)
CVE-2007-2473
CWE-89
High
Remote code execution of user-provided local names in Rails
CVE-2020-8163
CWE-94
High
Roundcube Resource Management Errors Vulnerability (CVE-2008-5620)
CVE-2008-5620
-
High
Rails Asset Pipeline Directory Traversal Vulnerability
CVE-2018-3760
CWE-22
High
Alibaba Nacos Authentication Bypass (CVE-2021-29441)
CVE-2021-29441
CWE-287
High
HipChat for JIRA plugin - Velocity template injection
CVE-2015-5603
CWE-94
High
spring-boot-actuator-logview Path Traversal
CVE-2021-21234
CWE-22
High
Reflected Cross-Site Scripting (XSS) vulnerability in PAN-OS management web interface
CVE-2020-2036
CWE-79
High
ntopng Authentication Bypass (CVE-2021-28073)
CVE-2021-28073
CWE-287
High
MongoDB injection
-
CWE-943
High
Cross-site scripting vulnerability in Google Web Toolkit (CVE-2012-5920)
CVE-2012-5920
CWE-80
High
Sitecore XP Deserialization RCE (CVE-2021-42237)
CVE-2021-42237
CWE-502
High
Misfortune Cookie vulnerability
CVE-2014-9222
CWE-119
High
Apache Tapestry Unauthenticated RCE (CVE-2019-0195, CVE-2021-27850)
CVE-2021-27850
CWE-200
High
SearchBlox Local File Inclusion (CVE-2020-35580)
CVE-2020-35580
CWE-22
High
SSRF via logo_uri in MITREid Connect
CVE-2021-26715
CWE-918
High
MediaWiki chunked uploads security issue
CVE-2013-2114
CWE-434
High
Nginx Out-of-bounds Write Vulnerability (CVE-2009-2629)
CVE-2009-2629
CWE-787
High
Microsoft Exchange Server Pre-auth Path Confusion vulnerability (CVE-2021-34473)
CVE-2021-34473
CWE-918
High
PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-3379)
CVE-2011-3379
CWE-94
High
VMware vRealize Operations Server Side Request Forgery (SSRF) vulnerability
CVE-2021-21975
CWE-918
High
Deserialization of Untrusted Data (XStream)
CVE-2020-26217
CWE-502
High