Invicti

Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category

Select Vulnerability

Vulnerability Name

Classification

Severity

ASP.NET Cookieless Authentication Is Enabled

Medium

ASP.NET Cookieless Session State Is Enabled

Medium

ASP.NET CustomErrors Is Disabled

Medium

ASP.NET Login Credentials Stored In Plain Text

Medium

ASP.NET ValidateRequest Is Globally Disabled

Medium

ASP.NET: Failure To Require SSL For Authentication Cookies

Medium

Active Mixed Content over HTTPS

Medium

Anonymous Ciphers Supported

Medium

Apache Server-Info Detected

Medium

Apache Server-Status Detected

Medium

Axis Development Mode Enabled in WEB-INF/server-config.wsdd

Medium

Axis system configuration listing enabled in WEB-INF/server-config.wsdd

Medium

B.R.E.A.C.H. Attack Detected

Medium

BREACH Attack Detected

Medium

Base Tag Hijacking

Medium

Medium

Critical Form Send to HTTP

Medium

Critical Form Served over HTTP

Medium

Custom Error Pages Are Not Configured in WEB-INF/web.xml

Medium

Expired SSL Certificate

Medium

Express Development Mode Is Enabled

Medium

Express express-session Weak Secret Key Detected

Medium

Frame Injection

Medium

Medium

HTTP Header Injection

Medium

HTTP Header Injection (IAST)

Medium

HTTP Parameter Pollution

Medium

HTTP Strict Transport Security (HSTS) Errors and Warnings

Medium

HTTP Strict Transport Security (HSTS) Policy Not Enabled

Medium

Insecure HTTP Usage

Medium

Invalid SSL Certificate

Medium

Java Verb Tampering Via Misconfigured Security Constraint

Medium

JavaMelody Interface Detected

Medium

JetBrains .idea Project Directory Detected

Medium

Microsoft Access Database File Detected

Medium

Node.js Web Application does not handle uncaughtException

Medium

Node.js Web Application does not handle unhandledRejection

Medium

Open Policy Crossdomain.xml Detected

Medium

Open Redirection

Medium

Open Redirection (DOM based)

Medium

Open Silverlight Client Access Policy

Medium

Overly Long Session Timeout

Medium

PHP enable_dl Is Enabled

Medium

PHP magic_quotes_gpc Is Disabled

Medium

PHP register_globals Is Enabled

Medium

PHP session.use_only_cookies Is Disabled

Medium

PHP session.use_trans_sid Is Enabled

Medium

Password Transmitted over Query String

Medium

RSA Private Key Detected

Medium

Revoked SSL Certificate

Medium

SAML Consumer Service KeyInfo RetrievalMethod SSRF

Medium

SAML Consumer Service XSS Vulnerability

Medium

SQLite Database File Found

Medium

SSL Certificate Is About To Expire

Medium

SSL Certificate Name Hostname Mismatch

Medium

SSL Untrusted Root Certificate

Medium

SSL/TLS Not Implemented

Medium

Sensitive Data Exposure

Medium

Sensitive Data Exposure - Amazon AWS Access Key Id

Medium

Sensitive Data Exposure - Amazon AWS Secret Key

Medium

Sensitive Data Exposure - Amazon MWS Auth Token

Medium

Sensitive Data Exposure - Amazon SES SMTP Password

Medium

Sensitive Data Exposure - Consul Token

Medium

Sensitive Data Exposure - Database Connection String - MongoDB - MySQL

Medium

Sensitive Data Exposure - Database Connection String - PostgreSQL

Medium

Sensitive Data Exposure - Devise Secret Key

Medium

Sensitive Data Exposure - Facebook Access Token

Medium

Sensitive Data Exposure - Facebook App ID

Medium

Sensitive Data Exposure - Facebook App Secret

Medium

Sensitive Data Exposure - Gitlab Personal Access Token

Medium

Sensitive Data Exposure - Google Cloud API Key

Medium

Sensitive Data Exposure - Google OAuth Access Token

Medium

Sensitive Data Exposure - Heroku API Key

Medium

Sensitive Data Exposure - JDBC Database Connection String

Medium