Web Application Vulnerabilities Index
This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.
Select Category
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Vulnerability Name
Classification
Severity
Spring Boot Misconfiguration: Actuator endpoint security disabled
Spring Boot Misconfiguration: Admin MBean enabled
Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed
Spring Boot Misconfiguration: Datasource credentials stored in the properties file
Spring Boot Misconfiguration: Developer tools enabled on production
Spring Boot Misconfiguration: H2 console enabled
Spring Boot Misconfiguration: MongoDB credentials stored in the properties file
Spring Boot Misconfiguration: Overly long session timeout
Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed
Spring Boot Misconfiguration: Unsafe value for session tracking
Spring Misconfiguration: HTML Escaping disabled
SQL File Detected
SQL Injection
SQL Injection (IAST)
SQLite Database File Found
Squarespace Identified
Squid Identified
SSL Certificate Is About To Expire
SSL Certificate Name Hostname Mismatch
SSL/TLS Not Implemented
SSL Untrusted Root Certificate
Stack Trace Disclosure (Apache MyFaces)
Stack Trace Disclosure (Apache Shiro)
Stack Trace Disclosure (ASP.NET)
Stack Trace Disclosure (CakePHP Framework)
Stack Trace Disclosure (CherryPy)
Stack Trace Disclosure (ColdFusion)
Stack Trace Disclosure (Django)
Stack Trace Disclosure (Grails)
Stack Trace Disclosure (GraphQL)
Stack Trace Disclosure (Java)
Stack Trace Disclosure (Laravel)
Stack Trace Disclosure (Node.js)
Stack Trace Disclosure (PHP)
Stack Trace Disclosure (Python)
Stack Trace Disclosure (RoR)
Stack Trace Disclosure (Ruby-Sinatra Framework)
Static Nonce Identified in Content Security Policy (CSP)
Stored Cross-site Scripting
Struts 2 Config Browser plugin enabled
Struts 2 Development Mode Enabled
Struts2 Development Mode Enabled
Sublime SFTP Config File Detected
Sugar CRM Identified
SVN Detected
swagger.json Detected
Taleo Web Server Identified
Telerik Web UI Identified
Test File Detected
Text4Shell Remote Code Execution - (CVE-2022-42889)
TinyMCE Identified
TLS/SSL Certificate Key Size Too Small
Tomcat Identified
TorchServe Management API Publicly Exposed
TorchServe Management API SSRF (CVE-2023-43654)
Tornado Web Server Identified
Trace.axd Detected
TRACE/TRACK Method Detected
Trac Software Project Management Tool Identified
Tracy Debugging Identified
Travis CI Configuration File Detected
TS Web Access Identified
TwistedWeb HTTP Server Identified
Typo3 Identified