Vulnerability List

List of issues SmartScanner can test

224 Total Tests
High 130
Medium 43
Low 22
Informational 29

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when...

Sensitive information is exposed on this page. Attackers can use this information to extend their attack.

Sensitive information is exposed on this page. Attackers can use this information to extend their attack.

Source code on a web server often contains sensitive information and should not be accessible to users.

The user browser can save and remember the entered values for user input fields with autocomplete enabled attributes. This might reveal sensitive information like passwords,...

HTTP traffic can often be sniffed and captured by an attacker who has access to a network interface. In HTTP basic authentication, user credentials are...

Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

BREACH is an instance of the CRIME attack against HTTP compression—the use of gzip or DEFLATE data compression algorithms via the content-encoding option within HTTP...

Broken hyperlinks in web pages can create a bad experience for the users. It can also affect the web page ranking in web search results....

SEO

The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute...

Web browsers need to be aware of the encoding of characters to display it right. When the character encoding is not explicitly defined, the browser...

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS)...

The HttpOnly cookie flag prevents JavaScript Document.cookie API from accessing the cookie. When this flag is set, the cookie is only sent to the server....

The SameSite cookie flag with the right value prevents the browser from sending the cookie in cross-origin requests. It provides some protection against cross-site request...

The Secure cookie flag prevents the browser from sending the cookie over an unencrypted connection. A cookie with a Secure flag is sent to the...

Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to tell browsers to give a web application running at one origin, access...

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when...

A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary...

A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary...

Spambots can harvest email addresses from webpages and use them for sending spam emails.

In programming languages, Expressions are constants, variables, operators, or functions that can perform actions and produce values. Web applications often use dynamic Expressions in their...

The robots.txt file specifies how to inform the web robot about which areas of the website should not be processed or scanned. Robots are often...

HTTP response splitting is the result of the failure of a web application to properly sanitize CR (ASCII 0x0D) and LF (ASCII 0x0A) character in...

Null byte character (ASCII 0x00) is allowed in the URL. If the user can control the contents of files on the server, this can result...

In HTTP communications, traffic is not encrypted and can be captured by an attacker who has access to a network interface.

When HTTPS is enabled but, HTTP requests are not redirected to HTTPS automatically, users have to open the HTTPS URL explicitly. Otherwise, communication is not...

Backup files can disclose important information like an application’s source code, administrative interfaces, or even credentials to connect to the administrative interface or the database...

Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection...

Attackers can sniff and capture sensitive information like passwords when they’re served and transmitted over the unencrypted HTTP traffic.

URLs are stored in log files and might be sent in the referer HTTP request header to other websites. Passing sensitive information like passwords as...

URLs are stored in log files and might be sent in the referer HTTP request header to other websites. Passing sensitive information like passwords as...

Attackers can sniff and capture sensitive information like passwords when they’re served and transmitted over the unencrypted HTTP traffic.

The robots.txt file specifies how to inform the web robot about which areas of the website should not be processed or scanned. Robots are often...

Knowing the PHP version used by the server, attackers can find vulnerabilities easier. This information exposes the server to attackers.

The phpinfo() method in the PHP programming language discloses a large amount of information about the PHP, extensions, server, and environments. Since different environments have...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

Private IP addresses are used in private networks like local area networks (LANs). A private IP address can reveal information about the IP planning scheme...

Private IP addresses are used in private networks like local area networks (LANs). A private IP address can reveal information about the IP planning scheme...

Profanity in web pages can create a bad experience for the users. It can also affect the web page ranking in web search results.

SEO

The HTTP Public-Key-Pins response header used to associate a specific cryptographic public key with a certain web server to decrease the risk of MITM attacks...

The Referrer-Policy HTTP header controls how much referrer information (sent via the Referer header) should be included with requests. MozillaThe Referer (sic) header contains the...

The robots.txt file specifies how to inform the web robot about which areas of the website should not be processed or scanned. Robots are often...

Backup files can disclose important information like an application’s source code, administrative interfaces, or even credentials to connect to the administrative interface or the database...

Attackers can often predict unreferenced resources on web applications. These files may disclose sensitive information that can facilitate a focused attack against the application. Unreferenced...

The HttpOnly cookie flag prevents JavaScript Document.cookie API from accessing the cookie. When this flag is set, the cookie is only sent to the server....

The SameSite cookie flag with the right value prevents the browser from sending the cookie in cross-origin requests. It provides some protection against cross-site request...

The Secure cookie flag prevents the browser from sending the cookie over an unencrypted connection. A cookie with a Secure flag is sent to the...

Source code on a web server often contains sensitive information and should not be accessible to users.

SQL commands reveal information about the structure of the underlying database.This information does not create any direct impact on the target, though it provides valuable...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

SSL version 2 has several flaws and is considered vulnerable.

SSL version 3 is vulnerable to padding attacks.

The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) lets a web site tell browsers that it should only be accessed using HTTPS, instead of...

Heartbleed is a security bug in the OpenSSL cryptography library, which is used for implementing the Transport Layer Security (TLS) protocol. This bug allows remote...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

TLS version 1.0 has several flaws and is considered vulnerable.

TLS version 1.1 has several flaws and is considered not secure.

File and directory paths reveal information about the structure of the file system of the underlying OS.This information does not create any direct impact on...

Attackers can often predict unreferenced resources on web applications. These files may disclose sensitive information that can facilitate a focused attack against the application. Unreferenced...

A repository keeps the versioning information of different documents. They are usually used to maintain the source code of applications. The most common version control...

Attackers can often predict unreferenced resources on web applications. These files may disclose sensitive information that can facilitate a focused attack against the application. Unreferenced...

Source code on a web server often contains sensitive information and should not be accessible to users.

Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a...

Often, web applications reveal when a username exists on system, either as a consequence of mis-configuration or as a design decision. For example, sometimes, when...

The Internet Information Services (IIS) version used is outdated and has security flaws.

The application does not enforce using a strong password, which makes it easier for attackers to find users’ passwords.

File and directory paths reveal information about the structure of the file system of the underlying OS.This information does not create any direct impact on...

WordPress wp-login.php is a well-known login page for both users and administrators. Password guessing and Brute Force attacks are the main methods attackers use to...

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when...

Often, web applications reveal when a username exists on system, either as a consequence of mis-configuration or as a design decision. For example, sometimes, when...

The X-Content-Type-Options response HTTP header is used by the server to prevent browsers from guessing the media type ( MIME type).This is known as MIME...

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>,...

The X-Powered-By header describes the technologies used by the webserver. This information exposes the server to attackers. Using the information in this header, attackers can...

HTTP TRACE method allows a client to see the whole request that the webserver has received. The main purpose of this feature is for testing...

HTTP TRACK and TRACE methods allow the client to see the whole request that the webserver has received. The main purpose of this feature is...

The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly...

CRIME (Compression Ratio Info-leak Made Easy) is a security exploit against secret web cookies over connections using the HTTPS and SPDY protocols that also use...

An issue in multiple subsystems of Drupal allows remote attackers to execute arbitrary OS commands on the server.

A vulnerability in Joomla! J2Store component allows attackers to inject and execute SQL commands on the website’s database.

The POODLE attack (which stands for “Padding Oracle On Downgraded Legacy Encryption”) is a man-in-the-middle exploit which takes advantage of Internet and security software clients’...

Buffer overflow can occur when an application accepts data more than the space it has for it. It will cause the data to overflow the...

Shellshock, also known as Bashdoor is a bug in Unix Bash shell that allows an attacker to execute arbitrary commands and gain unauthorized access using...

An <input> element with type="file" lets user choose one or more files from their device storage. Then, the files can be uploaded to a remote...

A vulnerability in Microsoft Windows HTTP Protocol Stack (HTTP.sys) allows remote attackers to execute code or cause a crash on the host OS.

An HTTP redirection (3XX status code) does not require a body. The presence of the body in a redirection HTTP response indicates execution of code...

The ViewState is a hidden form input in ASP.NET pages which is used automatically to persist information such as non-default values of controls.It is also...

When a user visits a page served over HTTPS, their connection with the web server is encrypted with TLS and is therefore safeguarded from most...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

An SQL Injection vulnerability exists in the league_id parameter of a function call made by the leaguemanager_export page

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a “dynamic file inclusion” mechanisms implemented in the target application. The vulnerability...

It is possible to inject content into the start of sessions when the server does not support secure renegotiation in the SSL/TLS connections. The server...

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when...

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when...

Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection...

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected...

The X-AspNet-Version and X-AspNetMvc-Version headers reveal the version of ASP.NET used by the webserver. This information exposes the server to attackers. Using the information in...

Unhandled exceptions have two primary risks. Denial of service: When an unhandled exception occurs, it might cause memory leakage or consume server resources by performing...

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to...

If the Set-Cookie header contains the Domain attribute, browsers automatically send the cookie to any subdomains of the specified domain. This allows subdomains to access...

Insecure deserialization occurs when an application deserializes a user-supplied object string without checking its integrity. It allows attackers to manipulate the system state and execute...

Insecure deserialization occurs when an application deserializes a user-supplied object string without checking its integrity. It allows attackers to manipulate the system state and execute...

A bug in Nginx allows an attacker to bypass security restrictions in certain configurations by using a specially crafted request. Some checks on a request...

The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a “dynamic file inclusion” mechanisms implemented in the target application. The vulnerability...

The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a “dynamic file inclusion” mechanisms implemented in the target application. The vulnerability...

The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a “dynamic file inclusion” mechanisms implemented in the target application. The vulnerability...

Object serialization allows transferring complex data structures over channels like HTTP. But whenever there is a serialized object there would be a deserialization process in...

If the Set-Cookie header contains the Domain attribute, browsers automatically send the cookie to any subdomains of the specified domain. This allows subdomains to access...

When a web server fails to normalize and validate the ../ sequence properly, it enables attackers to access files outside the public web directory. This...

The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting...

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP...

Unhandled exceptions have two primary risks. Denial of service: When an unhandled exception occurs, it might cause memory leakage or consume server resources by performing...

Unhandled exceptions have two primary risks. Denial of service: When an unhandled exception occurs, it might cause memory leakage or consume server resources by performing...

Unhandled exceptions have two primary risks. Denial of service: When an unhandled exception occurs, it might cause memory leakage or consume server resources by performing...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

When processing an incoming HTTP request, the webserver needs to know which component or virtual host should complete the request. The Host HTTP header is...

Werkzeug is a comprehensive WSGI web application library for the Python language. Werkzeug provides a WSGI middleware that renders nice tracebacks, optionally with an interactive...

Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection...

The CRLF refers to the combination of two characters the Carriage Return (ASCII 13, \r) and Line Feed (ASCII 10, \n). These characters are used...

A misconfigured Nginx with PHP FPM (FastCGI Process Manager) allows an attacker to forward any file to PHP FPM by adding /.php at the end...

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially...

Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a...

PHPMailer before 5.2.18 allows remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code. It is possible to execute remote...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful...

Web cache or HTTP cache is a system for optimizing the web. Browsers cache contents of a resource once and reuse it on consequent requests....

The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector...

The Apache Struts frameworks, when forced, performs double evaluation of attributes’ values assigned to certain tags attributes such as id so it is possible to...

It is possible to perform a RCE attack with a malicious Content-Type value. If the Content-Type value isn’t valid an exception is thrown which is...

The REST Plugin is using a XStreamHandler with an instance of XStream for deserialization without any type filtering and this can lead to Remote Code...

It is possible to perform a RCE attack when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: namespace value...

When running on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload...

By default the Manager should be only accessible from a browser running on the same machine as Tomcat. With a Apache Tomcat Login accessible over...

A bad configured web server can leak Apache version number in the Server HTTP header or in the body of error pages. Attackers use this...

Unhandled exceptions have two primary risks. Denial of service: When an unhandled exception occurs, it might cause memory leakage or consume server resources by performing...

Unhandled exceptions have two primary risks. Denial of service: When an unhandled exception occurs, it might cause memory leakage or consume server resources by performing...

The Server header describes the server application that handled the request. Detailed information in this header like Nginx version, can expose the server to attackers....

Exposing detailed information such Tomcat version number helps attackers to find vulnerabilities and plan their attack easier.

The Server header describes the server application that handled the request. Detailed information in this header can expose the server to attackers. Using the information...

An inline frame tag (iframe) on the page refers to an external resource, and no sandbox is set. This allows the external URL to trick...

The Unicode Standard represents a very significant advance over all previous methods of encoding characters. For the first time, all of the world’s characters can...

There are certain HTML attributes with a value type of URI, for example, href in the a tag or src in the img tag. Depending...

In some versions of Microsoft IIS, it is possible to detect the existence of files using an 8.3 short filename (SFN).This vulnerability allows attackers to...

The Nginx version used is outdated and has security flaws.

The Apache HTTP Server version used is outdated and has security flaws.

The PHP version used is outdated and has security flaws.

The OpenSSL version used is outdated and has security flaws.

The Apache Tomcat version used is outdated and has security flaws.

The WordPress version used is outdated and has security flaws.

Download free web application security scanner

Download