This page lists all vulnerabilities that can be detected by Invicti.
Vulnerability Name | Classifications | Severity |
---|---|---|
Code Evaluation (Apache Struts S02-53) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (Apache Struts) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (Apache Struts) S2-045 | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (Apache Struts) S2-046 | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (ASP) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (Node.js) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (Perl) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (PHP) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (RoR - JSON) | PCI v3.2-6.5.1; CAPEC-356; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-23; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation (RoR) | PCI v3.2-6.5.1; CAPEC-356; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-23; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Evaluation via Local File Inclusion (PHP) | PCI v3.2-6.5.1; CAPEC-251; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-33; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via File Upload | PCI v3.2-6.5.1; CAPEC-210; CWE-94; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-42; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via Local File Inclusion | PCI v3.2-6.5.1; CAPEC-170; CWE-94; HIPAA-164.306(a); ISO27001-A.14.2.5; WASC-33; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Code Execution via WebDAV | PCI v3.2-6.5.8; CAPEC-17; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-17; OWASP 2017-A6 | Critical |
Drupal Core - Remote Code Execution (CVE-2019-6340) | PCI v3.2-6.5.1; CAPEC-242; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Evaluation (Apache Struts 2) | PCI v3.2-6.5.1; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Evaluation (Apache Struts 2) S2-053 | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Evaluation (ASP) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Evaluation (Perl) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Evaluation (PHP) | PCI v3.2-6.5.1; CAPEC-23; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Evaluation (RoR - JSON) | PCI v3.2-6.5.1; CAPEC-356; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-23; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Out of Band Code Evaluation (RoR) | PCI v3.2-6.5.1; CAPEC-356; CWE-94; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-23; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Remote Code Execution and DoS in HTTP.sys (IIS) | PCI v3.2-6.5.1; CAPEC-340; CWE-20; HIPAA-164.306(a), 164.308(a); ISO27001-A.14.2.5; WASC-7; OWASP 2013-A1; OWASP 2017-A1 | Critical |
Backup Source Code Detected | PCI v3.2-6.5.8; CAPEC-87; CWE-530; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-34; OWASP 2013-A7; OWASP 2017-A5 | High |
Source Code Disclosure (ASP.NET) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (ColdFusion) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.18.1.3; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (Generic) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (Java) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (Perl) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (PHP) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (Python) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (Ruby) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Source Code Disclosure (Tomcat) | CAPEC-118; CWE-540; HIPAA-164.306(a), 164.308(a); ISO27001-A.9.4.5; WASC-13; OWASP 2013-A5; OWASP 2017-A3 | Medium |
Unicode Transformation (Best-Fit Mapping) | CWE-20 | Medium |