183 matches found
YUI 2.4.0 < 3.0.0 Cross-site Scripting
According to its self-reported version number, YUI is at least 2.4.0 and prior to 3.0.0. Therefore, it may be affected by a cross-site scripting vulnerability via YUI .swf files. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...
Apache Tomcat 7.0.41 < 7.0.79 Cache Poisoning Vulnerability
The version of Apache Tomcat installed on the remote host is 7.0.41 or later but prior to 7.0.79. It is, therefore, affected by a flaw in the CORS filter where the HTTP Vary header is not properly added. This allows a remote attacker to conduct client-side and server-side cache poisoning attacks...
AngularJS < 1.6.9 Cross-Site Scripting
According to its self-reported version number, AngularJS is prior to 1.6.9. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability through SVG files if enableSvg is set. Note that the scanner has not tested for these issues but has instead relied only on the application's...
YUI 3.0.0 < 3.10.1 Cross-site Scripting
According to its self-reported version number, YUI is at least 3.0.0 and prior to 3.10.1 or 3.10.2. Therefore, it may be affected by a cross-site scripting vulnerability via YUI io.swf file. Note that the scanner has not tested for these issues but has instead relied only on the application's...
lighttpd 1.4.31 http_request_split_value Function Header Handling DoS
According to its banner, the version of lighttpd running on the remote host is 1.4.31. It is, therefore, affected by a denial of service vulnerability. An error in the httprequestsplitvalue function in 'src/request.c' can cause the application to enter an endless loop when handling specially...
Joomla! 1.7.x < 3.8.9 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - Local file inclusion with PHP 5.3 affects Joomla 2.5.0 through 3.8.8 - XSS vulnerability in language switcher module affects Joomla 1.6.0 through 3.8.8 Note that the scanner...
WordPress 4.9.x < 4.9.5 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Localhost is treated as same host by default. - Unsafe redirects are used when redirecting the login page if SSL is forced. - The version string is not correctly escaped f...
WordPress 4.8.x < 4.8.6 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Localhost is treated as same host by default. - Unsafe redirects are used when redirecting the login page if SSL is forced. - The version string is not correctly escaped f...
Joomla! 3.4.x < 3.8.2 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by an authentication bypass and multiple information disclosure vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
Joomla! 2.5.x < 3.8.2 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by an authentication bypass and multiple information disclosure vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...
Lighttpd Default Index Page
The remote web server uses the default Lighttpd index page. This page may contain some sensitive data like the server root and installation paths. This could potentially leak useful information about the server installation to a remote, unauthenticated attacker. No source data...
Apache Struts 2 OGNL Console Detected
Apache Struts 2 installed on the remote host is running a OGNL console. While this environment can help speed up development of web applications, it can leak information about the underlying web applications as well as the installation of Struts, Java, and other related items on the remote host a...
Apache Default Index Page
The remote web server uses the default Apache index page. This page may contain some sensitive data like the server root and installation paths. This could potentially leak useful information about the server installation to a remote, unauthenticated attacker. No source data...
Apache Tomcat Unsupported Version
The installation of Apache Tomcat detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...
Apache Unsupported Version
The installation of Apache detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...
Microsoft IIS Unsupported Version
The installation of Microsoft Internet Information Services IIS detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...
Drupal RESTWS Module Page Callback RCE
The version of Drupal running on the remote web server is affected by a remote code execution vulnerability in the bundled RESTful Web services RESTWS module due to a flaw in how default page callbacks for Drupal entities are altered when handling specially crafted requests. An unauthenticated,...
TLS 1.1 Weak Protocol
The remote server offers deprecated TLS 1.1 protocol. No source data...
Screenshot
Screenshot of the target web page, see attached image. This screenshot should show you the target page we are launching the scan against. If the image is not of the intended target page, please check the provided url in the scan configuration. No source data...
Cookie Authentication Failed
This plugin is raised when the scanner has not been able to authenticate against the web application using the cookies provided in the scan policy. Check the output of the plugin to get an explanation of the issue encountered by the scan. No source data...