Flash File Detected

A Adobe Flash file has been detected on this url. Flash will be EOL on December 31, 2020. No source data...

API Detected

The scan detected that some XHR requests seem to call an API. The scanner generated an OpenAPI file based on the observed requests and attached it to the plugin output. This OpenAPI file can then be used to run a scan against the API with WAS API Scanning. No source data...

OpenAPI File Detected

A OpenAPI configuration file has been detected and is available as an attachment below. OpenAPI is a specification that helps with documentation and consumption of REST APIs and may also be used to configure API scanning. No source data...

Server-Side Template Injection

Web applications often rely on template engines to manage the dynamic generation of the HTML pages presented to their users. A Server-Side Template Injection SSTI vulnerability exists when an application embeds unsafe user-controlled inputs in its templates and then evaluates it. By injecting a...

WordPress User Enumeration

In default WordPress installation there are several methods to enumerate authors username. These WordPress users can then be used in brute-force attacks against WordPress login page to guess passwords. No source data...

URI Blocked Due to Exclusion Rule

Requests to the URI were blocked due to a matching Exclusion rule. No source data...

Magento Mass Importer Unauthenticated Access

Magento Mass Importer Magmi is a Magento database client used to perform raw bulk operations on the models of the online store. The purpose of this software is to help Magento websites administrators to manage their catalog through a dedicated web interface. By directly accessing the Magmi URL wi...

OpenAPI Import Failed

OpenAPI file could not be imported and cannot be used during the scan. No source data...

OpenAPI Import Success

OpenAPI file was successfully imported and can be used during the scan. No source data...

Telerik UI for ASP.NET AJAX Cryptographic Weakness

According to its self-reported version number, the version of Telerik UI for ASP.NET is affected by a cryptographic weakness. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

Magento Unsupported Version

The installation of Magento detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...

ELMAH Information Disclosure

ELMAH Error Logging Modules and Handlers is an application error logging facility. This application is not properly configured and leads to information disclosure via elmah.axd or errorlog.axd. This allows an unauthenticated, remote attacker to view web requests made to the server, including...

Oracle WebLogic UDDI Explorer Server-Side Request Forgery

The Oracle WebLogic UDDI Explorer service in Oracle Fusion Middleware versions 10.0.2 and 10.3.6 is affected by a server-side request forgery vulnerability due to the lack of validation of the operator parameter in the SearchPublicRegistries.jsp page. A remote and unauthenticated attacker can...

Microsoft SharePoint Server 2013 build < 15.0.5215.1000 Multiple Vulnerabilities

According to its self-reported version number, the Microsoft SharePoint application running on the remote host is affected by multiple vulnerabilities, two cross-site-scripting XSS exist when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected...

Kentico CMS < 9.0.51 Cross-Site Scripting

Kentico CMS is a common ASP.NET Content Management System CMS used for building websites and online stores. Kentico CMS versions before 9.0.51 allow remote attackers to inject arbitrary javascript or HTML content via the CMSBodyClass cookie variable. No source data...

Kibana 7.x < 7.2.1 Multiple Vulnerabilities

According to its self-reported version number, the Kibana application running on the remote host is prior to 6.8.2 or 7.x prior to 7.2.1. It is, therefore, affected by : - A prototype pollution vulnerability in lodash. CVE-2019-10744 - A server-side request forgery SSRF vulnerability in the...

Fetch/XHR Detected

The scan detected that the web application makes requests that appear to be using Fetch or XMLHTTPRequests XHRs to communicate with a backend API server. Fetchs/XHRs allow retrieval of data from an API without triggering a page reload, making them especially useful for Single Page Applications. N...

Magento Cacheleak

Magento 1 cache files are stored in the public directory of Magento installation. Misconfigured authorisation for /var directory has been detected. As cache filenames can be predicted they could be accessed and then exposed critical information like database login/password for example. No source...

Magento API Anonymous Access

Sensitive Magento 2 API can be accessed by anonymous users. Therefore, confidential merchant information can be exposed like offline products, stock information or store configuration for example. No source data...

JetBrains .idea Directory Detected

A JetBrains .idea Directory has been detected. This directory contains project specific settings in xml format. These configuration files may include sensitive information such as server configuration settings, component module information, compiler information, credentials, project history and...