143 matches found
GraphQL API Detected
GraphQL is an open-source query and manipulation language for APIs and a server-side runtime built to handle these queries on the application dataset. It is a popular alternative to traditional REST or SOAP APIs, providing flexibility and an optimized data fetching method. The scanner detected th...
Microsoft FrontPage Insecure Extension Configuration
An information disclosure vulnerability is present on the remote server due to exposure of Microsoft FrontPage extensions configuration files in the vtipvt directory. No source data...
WordPress 4.9.x < 4.9.17 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An XML External Entity XXE vulnerability exists in the media library affecting PHP 8. - A data exposure vulnerability exists in the REST API. Note that the scanner has not...
Oracle WebLogic 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 Remote Code Execution
A vulnerability in Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0 & 12.2.1.3.0 allows an unauthenticated attacker with HTTP access to the service to obtain arbitrary code execution due to an insecure deserialization. Oracle proposes the associated patches on its site to fix the vulnerability. No...
Drupal 7.x < 7.75 Remote Code Execution
According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.75, 8.8.x prior to 8.8.12, 8.9.x prior to 8.9.10 or 9.0.x prior to 9.0.9. It is, therefore, affected by a remote code execution due to the PEAR ArchiveTar library used by Drupal. No...
Apache Tomcat 9.0.0.M1 < 9.0.37 Denial of Service
The version of Apache Tomcat installed on the remote host is 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 or 7.0.0 to 7.0.104. It is, therefore, affected by two denial of service vulnerabilities via WebSocket frame and HTTP/2 requests. Note that the scanner has not attempted to...
Oracle WebLogic WSAT Remote Code Execution
The remote Oracle WebLogic server is affected by a remote code execution vulnerability in the WSAT endpoint due to unsafe deserialization of XML encoded Java objects. An unauthenticated, remote attacker can exploit this, via a crafted Java object, to execute arbitrary Java code in the context of...
Microsoft SharePoint Server 2016 build < 16.0.4783.1000 Information Disclosure
According to its self-reported version number, the Microsoft SharePoint application running on the remote host is affected by an information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks a...
Apache Solr < 8.4.0 Remote Code Execution
Apache Solr versions 5.0.0 to 8.3.1 allow for a a remote, unauthenticated user to set 'params.resource.loader.enabled' to true via an HTTP POST request to the JMX server. Enabling this parameter would allow an attacker to use the velocity template parameter in a specially crafted Solr request,...
Apache Solr 4.0.0 < 4.10.3 Cross-Site Scripting
Cross-site scripting XSS vulnerability in the Admin UI Plugin / Stats page in Apache Solr versions 4.x 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object. Note that the scanner has not tested for these issues but has instead relied only on the...
Apache Solr 4.0.0 < 4.10.4 XML Resource Consumption Attack
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack via its update handle; leveraging XML DOCTYPE and ENTITY type elements, a remote, unauthenticated attacker may write data to the server which will expand when the server parses th...
Apache Solr 1.3.0 < 1.4.1 XML Resource Consumption Attack
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack via its update handle; leveraging XML DOCTYPE and ENTITY type elements, a remote, unauthenticated attacker may write data to the server which will expand when the server parses th...
Joomla! 3.0.x < 3.9.12 Cross-Site Scripting
According to its self-reported version number, the detected Joomla! application is affected by a cross-site scripting vulnerability in versions 3.0.0 to 3.9.11 due to inadequate escaping in the logo parameter of the default templates. Note that the scanner has not tested for these issues but has...
Sitemap.xml File Detected
The Sitemap Protocol allows you to inform search engines about URLs on a website that are available for crawling. In its simplest form, a Sitemap is an XML file that lists URLs for a site. It has been discovered that many site owners are not building their Sitemaps through spidering, but by...
Moment.js < 2.15.2 Regular Expression Denial of Service
According to its self-reported version number, Moment.js is prior to 2.15.2. Therefore, it may be affected by a regular expression denial of service vulnerability when arbitrary user input is passed into format. Note that the scanner has not tested for these issues but has instead relied only on...
Drupal 8.7.4 Access Bypass Vulnerability
According to its self-reported version, the instance of Drupal running on the remote web server is 8.7.4. It is, therefore, affected by an access bypass vulnerability when the experimental Workspaces module is enabled. Note that the scanner has not tested for these issues but has instead relied...
WordPress 4.3.x < 4.3.19 Cross-Site Scripting
According to its self-reported version number, the detected WordPress application is affected by a cross-site scripting XSS vulnerability due to insufficient input sanitization in comment. Note that the scanner has not tested for these issues but has instead relied only on the application's...
PHP 5.6.x < 5.6.37 exif_thumbnail_extract() DoS
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.37 or 7.1.x prior to 7.1.20. It is, therefore, affected by a denial of service vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's...
Drupal 7.x < 7.62 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists in third-party PEAR ArchiveTar library. - A flaw exists in PHP's built-in phar stream wrapper that could lead to a remote code execution when performing file...
PHP 7.0.x < 7.0.30 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.30. It is, therefore, affected by multiple vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No...