AngularJS < 1.6.9 Cross-Site Scripting

According to its self-reported version number, AngularJS is prior to 1.6.9. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability through SVG files if enableSvg is set. Note that the scanner has not tested for these issues but has instead relied only on the application's...

Apache Tomcat 7.0.41 < 7.0.79 Cache Poisoning Vulnerability

The version of Apache Tomcat installed on the remote host is 7.0.41 or later but prior to 7.0.79. It is, therefore, affected by a flaw in the CORS filter where the HTTP Vary header is not properly added. This allows a remote attacker to conduct client-side and server-side cache poisoning attacks...

Microsoft IIS Default Index Page

The remote web server uses the default Microsoft IIS index page. This page may contain some sensitive data like the server root and installation paths. This could potentially leak useful information about the server installation to a remote, unauthenticated attacker. No source data...

Lighttpd Default Index Page

The remote web server uses the default Lighttpd index page. This page may contain some sensitive data like the server root and installation paths. This could potentially leak useful information about the server installation to a remote, unauthenticated attacker. No source data...

TLS 1.0 Weak Protocol

The remote server offers deprecated TLS 1.0 protocol which can lead to weaknesses. No source data...

CVE-2018-12848

creationtimestamp| type| source ---|---|--- 2018-09-20 17:44:18+00:00| seen| MISP/5ba3dbe8-344c-4c2b-b38e-4e460a021402 2025-08-31 03:01:34+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d 2025-08-31 03:13:11+00:00| seen| MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57...

Apache Struts 2 OGNL Console Detected

Apache Struts 2 installed on the remote host is running a OGNL console. While this environment can help speed up development of web applications, it can leak information about the underlying web applications as well as the installation of Struts, Java, and other related items on the remote host a...

Apache Struts 2 DevMode Enabled

Apache Struts 2 installed on the remote host is configured to operate in development mode devMode. While this environment can help speed up development of web applications, it can leak information about the underlying web applications as well as the installation of Struts, Java, and other related...

Apache Tomcat Unsupported Version

The installation of Apache Tomcat detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...

ASP.NET DEBUG Method Enabled

It is possible to send debug statements to the remote ASP scripts via the http DEBUG method. A remote, unauthenticated attacker may leverage this to alter the runtime of the remote scripts. No source data...

Nginx Default Index Page

The scanner has detected Nginx default index pages on the remote web server. This could potentially leak useful information about the server installation to a remote, unauthenticated attacker. No source data...

Apache Unsupported Version

The installation of Apache detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...

PHP Unsupported Version

The installation of PHP detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...

Microsoft IIS Unsupported Version

The installation of Microsoft Internet Information Services IIS detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...

Joomla! Unsupported Version

The installation of Joomla! detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...

Drupal Unsupported Version

The installation of Drupal detected on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. No source data...

Drupal RESTWS Module Page Callback RCE

The version of Drupal running on the remote web server is affected by a remote code execution vulnerability in the bundled RESTful Web services RESTWS module due to a flaw in how default page callbacks for Drupal entities are altered when handling specially crafted requests. An unauthenticated,...

CVE-2006-0987

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/dns/dnsamp.rb 2025-02-06 03:13:38+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:08:15+00:00| seen|...

CVE-2013-0653

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/scada/geproficysubstitutetraversal.rb 2025-02-06 03:13:41+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:09:12+00:0...

WordPress XML-RPC Interface Detected

A public facing WordPress XML-RPC interface has been detected. An attacker may be able to launch attacks against the web server Via XML-RPC including: - Login into WordPress backend Administrative interface - Brute force user credentials - Use pingbacks for scanning or fingerprinting for example ...