PHP 7.0.x < 7.0.30 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.30. It is, therefore, affected by multiple vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No...

PHP 7.2.x < 7.2.3 Stack Buffer Overflow

According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.3. It is, therefore, affected by a stack buffer overflow vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

Sitefinity Administration Panel Login Form Detected

Sitefinity Administration Panel has been detected on the target web application. This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary Attack, allowing an attacker to gain access to administrative functionality. No...

Full Path Disclosure

The remote web server contains an application which is affected by a path disclosure issue. It may be possible for an attacker to view full path names and conduct further attacks. No source data...

Disabled 'X-XSS-Protection' Header

The HTTP 'X-XSS-Protection' response header is a feature of modern browsers that allows websites to control their XSS auditors. The server did not return a correct 'X-XSS-Protection' header, which means that this website could be at risk of a Cross-Site Scripting XSS attack. If legacy browsers...

SSL/TLS Certificate Expired

The remote server presents an expired SSL/TLS certificate. No source data...

jQuery File Upload < 9.22.1 Arbitrary File Upload

According to its self-reported version number, jQuery File Upload is prior to 9.22.1. Therefore, it may be affected by an arbitrary file upload vulnerability. An unauthenticated attacker could leverage this vulnerability to gain access to the host in the context of the web application user. Note...

lighttpd 1.4.31 http_request_split_value Function Header Handling DoS

According to its banner, the version of lighttpd running on the remote host is 1.4.31. It is, therefore, affected by a denial of service vulnerability. An error in the httprequestsplitvalue function in 'src/request.c' can cause the application to enter an endless loop when handling specially...

Joomla! 1.7.x < 3.8.9 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - Local file inclusion with PHP 5.3 affects Joomla 2.5.0 through 3.8.8 - XSS vulnerability in language switcher module affects Joomla 1.6.0 through 3.8.8 Note that the scanner...

WordPress 4.8.x < 4.8.6 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Localhost is treated as same host by default. - Unsafe redirects are used when redirecting the login page if SSL is forced. - The version string is not correctly escaped f...

Joomla! 3.4.x < 3.8.2 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by an authentication bypass and multiple information disclosure vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

Joomla! 2.5.x < 3.8.2 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by an authentication bypass and multiple information disclosure vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

YUI 2.4.0 < 3.0.0 Cross-site Scripting

According to its self-reported version number, YUI is at least 2.4.0 and prior to 3.0.0. Therefore, it may be affected by a cross-site scripting vulnerability via YUI .swf files. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...

Nginx < 1.5.7 ngx_parse_http Security Bypass

According to the self-reported version in the Server response header, the installed version of nginx is greater than 0.8.41 but prior to 1.4.4 / 1.5.7. It is, therefore, affected by a security bypass vulnerability in 'ngxhttpparse.c' when a file with a space at the end of the URI is requested. No...

Joomla! 1.7.x < 3.8.2 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by an authentication bypass and multiple information disclosure vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

WordPress 4.0.x < 4.0.24 Arbitrary File Deletion

According to its self-reported version number, the detected WordPress application is affected by issue that could allow a user who is able to edit uploaded media to attempt to delete files outside the uploads directory. Note that the scanner has not tested for these issues but has instead relied...

Joomla! 3.2.x < 3.8.9 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - Local file inclusion with PHP 5.3 affects Joomla 2.5.0 through 3.8.8 - XSS vulnerability in language switcher module affects Joomla 1.6.0 through 3.8.8 Note that the scanner...

Apache Tomcat 9.0.0.M1 < 9.0.5 Security Constraint Weakness

The version of Apache Tomcat installed on the remote host is 9.0.x prior to 9.0.5. It is, therefore, affected by security constraints flaws which could expose resources to unauthorized users. Note that the scanner has not tested for these issues but has instead relied only on the application's...

Apache Tomcat 7.0.0 < 7.0.85 Security Constraint Weakness

The version of Apache Tomcat installed on the remote host is 7.0.x prior to 7.0.85. It is, therefore, affected by a security constraints flaw which could expose resources to unauthorized users. Note that the scanner has not tested for these issues but has instead relied only on the application's...

YUI 3.0.0 < 3.10.1 Cross-site Scripting

According to its self-reported version number, YUI is at least 3.0.0 and prior to 3.10.1 or 3.10.2. Therefore, it may be affected by a cross-site scripting vulnerability via YUI io.swf file. Note that the scanner has not tested for these issues but has instead relied only on the application's...