Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Known Vulnerabilities

This page lists 14673 vulnerabilities in this category.

Critical: 1573 High: 3882 Medium: 8446 Low: 770 Information: 2
Vulnerability Name
CVE
CWE
Severity
PHP-CGI remote code execution
CVE-2012-2311
CWE-20
High
Python Integer Overflow or Wraparound Vulnerability (CVE-2008-4864)
CVE-2008-4864
CWE-190
High
PHP Other Vulnerability (CVE-2007-0909)
CVE-2007-0909
-
High
Oracle Database Server CVE-2006-5334 Vulnerability (CVE-2006-5334)
CVE-2006-5334
-
High
Apache Roller OGNL injection
CVE-2013-4212
CWE-20
High
Joomla CVE-2006-4472 Vulnerability (CVE-2006-4472)
CVE-2006-4472
-
High
AppWeb Authentication Bypass (CVE-2018-8715)
CVE-2018-8715
CWE-287
High
Drupal CVE-2008-4793 Vulnerability (CVE-2008-4793)
CVE-2008-4793
-
High
Oracle Database Server CVE-2006-5333 Vulnerability (CVE-2006-5333)
CVE-2006-5333
-
High
Claroline Other Vulnerability (CVE-2006-5256)
CVE-2006-5256
-
High
CodeIgniter 2.1.3 xss_clean() filter bypass
CVE-2013-4891
CWE-80
High
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-4475)
CVE-2006-4475
CWE-264
High
Adobe ColdFusion directory traversal
CVE-2013-3336
CWE-22
High
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-4476)
CVE-2006-4476
CWE-264
High
WordPress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-3130)
CVE-2011-3130
CWE-138
High
Oracle Database Server Other Vulnerability (CVE-2006-1872)
CVE-2006-1872
-
High
Agentejo Cockpit CMS resetpassword NoSQLi (CVE-2020-35847)
CVE-2020-35847
CWE-89
High
Adobe ColdFusion 9 administrative login bypass
CVE-2013-0632
CWE-287
High
MySQL Use of Externally-Controlled Format String Vulnerability (CVE-2009-2446)
CVE-2009-2446
CWE-134
High
Ruby on Rails directory traversal vulnerability
CVE-2014-0130
CWE-22
High
Rails remote code execution using render :inline
CVE-2016-2098
CWE-94
High
XOOPS Other Vulnerability (CVE-2007-0377)
CVE-2007-0377
-
High
Oracle Database Server CVE-2006-5340 Vulnerability (CVE-2006-5340)
CVE-2006-5340
-
High
RCE in SQL Server Reporting Services (SSRS)
CVE-2020-0618
CWE-78
High
Ruby on Rails SQL injection
CVE-2012-2695
CWE-89
High
Oracle Database Server CVE-2006-1877 Vulnerability (CVE-2006-1877)
CVE-2006-1877
-
High
Oracle Database Server CVE-2006-1874 Vulnerability (CVE-2006-1874)
CVE-2006-1874
-
High
Rails mass assignment
-
CWE-915
High
Joomla CVE-2006-4470 Vulnerability (CVE-2006-4470)
CVE-2006-4470
-
High
Joomla CVE-2006-4469 Vulnerability (CVE-2006-4469)
CVE-2006-4469
-
High
Directory Traversal with spring-cloud-config-server
CVE-2020-5410
CWE-22
High
Parallels Plesk SQL injection vulnerability
CVE-2012-1557
CWE-89
High
vBulletin Pre-Auth RCE Vulnerability
CVE-2020-17496
CWE-94
High
Metabase Local File Inclusion (CVE-2021-41277)
CVE-2021-41277
CWE-200
High
vBulletin 5.6.1 nodeId SQL injection
CVE-2020-12720
CWE-94
High
WordPress Theme OneTone: Unauthenticated Stored Cross-Site Scripting (XSS)
CVE-2019-17231
CWE-79
High
Internet Information Services Improper Authentication Vulnerability (CVE-2009-1122)
CVE-2009-1122
CWE-287
High
PHP Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2007-0455)
CVE-2007-0455
CWE-120
High
Python Other Vulnerability (CVE-2006-4980)
CVE-2006-4980
-
High
MovableType remote code execution
CVE-2015-1592
CWE-94
High
Oracle JavaServer Faces multiple vulnerabilities
CVE-2013-3827
CWE-22
High
PHP Improper Input Validation Vulnerability (CVE-2009-3291)
CVE-2009-3291
CWE-20
High
PHP CVE-2009-3292 Vulnerability (CVE-2009-3292)
CVE-2009-3292
-
High
Security update: Hotfix available for ColdFusion
CVE-2013-0632
CWE-287
High
Nagios core config manager SQL injection vulnerability
CVE-2013-6875
CWE-89
High
PHP CVE-2009-3293 Vulnerability (CVE-2009-3293)
CVE-2009-3293
-
High
Oracle Reports rwservlet vulnerabilities
CVE-2012-3153
CWE-20
High
Ghost CMS Theme Preview XSS (CVE-2021-29484)
CVE-2021-29484
CWE-79
High
Unauthenticated OGNL injection in Confluence Server and Data Center
CVE-2021-26084
CWE-917
High
OpenX xajaxargs SQL injection vulnerability
-
CWE-89
High
WordPress Other Vulnerability (CVE-2007-0539)
CVE-2007-0539
-
High
GoCD information disclosure (CVE-2021-43287)
CVE-2021-43287
CWE-200
High
Dragonfly Arbitrary File Read/Write (CVE-2021-33564)
CVE-2021-33564
CWE-20
High
Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2006-1868)
CVE-2006-1868
CWE-119
High
Restlet Framework XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2013-4221)
CVE-2013-4221
CWE-91
High
PHP Numeric Errors Vulnerability (CVE-2007-2872)
CVE-2007-2872
-
Medium
ProjectSend Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-40888)
CVE-2021-40888
CWE-707
Medium
PostgreSQL Numeric Errors Vulnerability (CVE-2007-4769)
CVE-2007-4769
-
Medium
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-2510)
CVE-2007-2510
CWE-119
Medium
MySQL CVE-2021-35621 Vulnerability (CVE-2021-35621)
CVE-2021-35621
-
Medium
SharePoint CVE-2022-30158 Vulnerability (CVE-2022-30158)
CVE-2022-30158
-
Medium
MySQL CVE-2021-35546 Vulnerability (CVE-2021-35546)
CVE-2021-35546
-
Medium
Lighttpd Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-4727)
CVE-2007-4727
CWE-119
Medium
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-2581)
CVE-2007-2581
CWE-707
Medium
TYPO3 Improper Neutralization of HTTP Headers for Scripting Syntax Vulnerability (CVE-2021-41114)
CVE-2021-41114
CWE-644
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-34911)
CVE-2022-34911
CWE-707
Medium
WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)
CVE-2021-41184
CWE-707
Medium
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2007-4652)
CVE-2007-4652
CWE-59
Medium
CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41164)
CVE-2021-41164
CWE-707
Medium
Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41164)
CVE-2021-41164
CWE-707
Medium
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31049)
CVE-2022-31049
CWE-707
Medium
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31048)
CVE-2022-31048
CWE-707
Medium
TYPO3 Insertion of Sensitive Information into Log File Vulnerability (CVE-2022-31047)
CVE-2022-31047
CWE-532
Medium
TYPO3 Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-31046)
CVE-2022-31046
CWE-319
Medium
MySQL CVE-2021-35612 Vulnerability (CVE-2021-35612)
CVE-2021-35612
-
Medium