Apache Struts 2 DevMode Enabled

Apache Struts 2 installed on the remote host is configured to operate in development mode devMode. While this environment can help speed up development of web applications, it can leak information about the underlying web applications as well as the installation of Struts, Java, and other related...

ASP.NET DEBUG Method Enabled

It is possible to send debug statements to the remote ASP scripts via the http DEBUG method. A remote, unauthenticated attacker may leverage this to alter the runtime of the remote scripts. No source data...

Nginx Default Index Page

The scanner has detected Nginx default index pages on the remote web server. This could potentially leak useful information about the server installation to a remote, unauthenticated attacker. No source data...

PHP Unsupported Version

The installation of PHP detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...

Joomla! Unsupported Version

The installation of Joomla! detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...

Drupal Unsupported Version

The installation of Drupal detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...

WordPress XML-RPC Interface Detected

A public facing WordPress XML-RPC interface has been detected. An attacker may be able to launch attacks against the web server Via XML-RPC including: - Login into WordPress backend Administrative interface - Brute force user credentials - Use pingbacks for scanning or fingerprinting for example ...

Drupal Directory Listing

The scanner has detected publicly accessible Drupal directory index on the target web application. This may expose information relating to the web server to an attacker which may allow for further exploitation techniques to be leveraged, possibly leading to a compromise of the target server No...

WordPress Configuration Backup Files Detected

The scanner has detected publicly accessible WordPress configuration files on the target web application. These files likely contains extremely sensitive server information including administrative database credentials. This may present an attacker with an exploit vector which could be leveraged...

WordPress User Registration Form Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible WordPress User Registration Form on the target application. This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictiona...

Scan Aborted After Being Logged Out

This plugin is raised when the scanner has been logged out and has not been able to authenticate back against the web application using the options provided in the scan policy. This may be due to some links accessed by the scanner during the scan that could have invalidated the session used by th...

Scan Logged-out Intermittently

This plugin is raised when the scanner detected that it has been logged out during the scan, but has been able to authenticate back against the web application using the options provided in the scan policy. Such case may occur if the scanner accesses a link that led the session to be closed. Chec...

Drupal User Registration Form Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Drupal User Registration Form on the target application. This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary...

Selenium Crawl Succeeded

This is an informational notice that the scanner was able to successfully perform the crawling scripts provided in the policy. No source data...

Selenium Crawl Failed

This plugin is raised when the scanner has not been able to crawl the web application using the Selenium scripts provided in the scan policy. Check the output of the plugin to get an explanation of the issue encountered by the scan. No source data...

HTTP Server Authentication Succeeded

This is an informational notice that the scanner was able to successfully authenticate against the web server using HTTP server credentials provided in the scan policy. No source data...

WordPress Administration Panel Login Form Detected

WordPress Administration Panel has been detected on the target web application. This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary Attack, allowing an attacker to gain access to administrative functionality. No...

Selenium Authentication Succeeded

This is an informational notice that the scanner was able to successfully authenticate against the web application using the Selenium script provided in the scan policy. No source data...

Selenium Authentication Failed

This plugin is raised when the scanner has not been able to authenticate against the web application using the Selenium script provided in the scan policy. Check the output of the plugin to get an explanation of the issue encountered by the scan. No source data...

Joomla! Administration Panel Login Form Detected

Joomla! Administration Panel has been detected on the target web application. This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary Attack, allowing an attacker to gain access to administrative functionality. No...