Web Application Vulnerabilities Index

This page lists X vulnerabilities classified as 164.308(a) that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
ActiveMQ - Remote Code Execution (CVE-2023-46604)
ActiveMQ - Remote Code Execution (CVE-2023-46604)
PCI v3.2-6.5.1
, 
CAPEC-242
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
, 
Critical
Administration Page Detected
Administration Page Detected
PCI v3.2-6.5.8
, 
CAPEC-87
, 
CWE-425
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.9.4.1
, 
WASC-34
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
, 
Information
Backup File Disclosure
Backup File Disclosure
PCI v3.2-6.5.8
, 
CAPEC-87
, 
CWE-530
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-34
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
Low
Backup Source Code Detected
Backup Source Code Detected
PCI v3.2-6.5.8
, 
CAPEC-87
, 
CWE-530
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-34
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
, 
High
Bash Command Injection Vulnerability (Shellshock Bug)
Bash Command Injection Vulnerability (Shellshock Bug)
PCI v3.2-6.5.1
, 
CAPEC-88
, 
CWE-78
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-31
, 
OWASP 2013-A1
, 
OWASP 2017-A9
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C
, 
Critical
Blind Command Injection
Blind Command Injection
PCI v3.2-6.5.1
, 
CAPEC-88
, 
CWE-78
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-31
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
Critical
Blind MongoDB Injection
Blind MongoDB Injection
PCI v3.2-6.5.1
, 
CWE-943
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
High
Blind SQL Injection
Blind SQL Injection
PCI v3.2-6.5.1
, 
CAPEC-66
, 
CWE-89
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-19
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
Critical
Boolean Based SQL Injection
Boolean Based SQL Injection
PCI v3.2-6.5.1
, 
CAPEC-66
, 
CWE-89
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-19
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Code Evaluation (Apache Struts)
Code Evaluation (Apache Struts)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/RL:O
, 
Critical
Code Evaluation (Apache Struts S02-53)
Code Evaluation (Apache Struts S02-53)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Code Evaluation (Apache Struts) S2-016
Code Evaluation (Apache Struts) S2-016
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/RL:O
, 
Critical
Code Evaluation (Apache Struts) S2-045
Code Evaluation (Apache Struts) S2-045
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/RL:O
, 
Critical
Code Evaluation (Apache Struts) S2-046
Code Evaluation (Apache Struts) S2-046
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/RL:O
, 
Critical
Code Evaluation (ASP)
Code Evaluation (ASP)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
Critical
Code Evaluation (Node.js)
Code Evaluation (Node.js)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
Critical
Drupal Core - Remote Code Execution (CVE-2019-6340)
Drupal Core - Remote Code Execution (CVE-2019-6340)
PCI v3.2-6.5.1
, 
CAPEC-242
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
, 
Critical
Elmah.axd / Errorlog.axd Detected
Elmah.axd / Errorlog.axd Detected
PCI v3.2-6.5.6
, 
CAPEC-347
, 
CWE-16
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
High
Exception Report Disclosure (Tomcat)
Exception Report Disclosure (Tomcat)
PCI v3.2-6.5.5
, 
CAPEC-214
, 
CWE-248
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-14
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
HTTP Header Injection
HTTP Header Injection
PCI v3.2-6.5.1
, 
CAPEC-105
, 
CWE-93
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-24
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
, 
Medium
HTTP Header Injection (IAST)
HTTP Header Injection (IAST)
PCI v3.2-6.5.1
, 
CAPEC-105
, 
CWE-93
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-24
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
, 
Medium
Installation File Detected
Installation File Detected
PCI v3.2-6.5.8
, 
CAPEC-87
, 
CWE-425
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-34
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
Information
Internal Path Disclosure (*nix)
Internal Path Disclosure (*nix)
CAPEC-118
, 
CWE-200
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.9.4.1
, 
WASC-13
, 
OWASP 2017-A6
, 
Information
Internal Path Disclosure (Windows)
Internal Path Disclosure (Windows)
CAPEC-118
, 
CWE-200
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.8.1.1
, 
WASC-13
, 
Information
Ivanti ICS and IPS Command Injection - CVE-2024-21887
Ivanti ICS and IPS Command Injection - CVE-2024-21887
PCI v3.2-6.5.1
, 
CAPEC-88
, 
CWE-78
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-31
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
LDAP Injection (IAST)
LDAP Injection (IAST)
PCI v3.2-6.5.1
, 
CAPEC-66
, 
CWE-89
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-19
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Log File Detected
Log File Detected
PCI v3.2-6.5.8
, 
CAPEC-87
, 
CWE-425
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-34
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
Information
Mail Header Injection (IAST)
Mail Header Injection (IAST)
PCI v3.2-6.5.1
, 
CAPEC-66
, 
CWE-20
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-19
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
, 
Critical
Microsoft IIS Log File Detected
Microsoft IIS Log File Detected
PCI v3.2-6.5.8
, 
CAPEC-87
, 
CWE-425
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-34
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
Low
MongoDB Injection (IAST)
MongoDB Injection (IAST)
PCI v3.2-6.5.1
, 
CAPEC-66
, 
CWE-89
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-19
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Oracle WebLogic Remote Code Execution (CVE-2020-14882)
Oracle WebLogic Remote Code Execution (CVE-2020-14882)
PCI v3.2-6.5.1
, 
CAPEC-242
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
, 
Critical
Out of Band Code Evaluation (Apache Struts 2)
Out of Band Code Evaluation (Apache Struts 2)
PCI v3.2-6.5.1
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O
, 
Critical
Out of Band Code Evaluation (Apache Struts 2) S2-053
Out of Band Code Evaluation (Apache Struts 2) S2-053
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band Code Evaluation (ASP)
Out of Band Code Evaluation (ASP)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band Code Evaluation (Log4j)
Out of Band Code Evaluation (Log4j)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-502
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band Code Evaluation (Node.js)
Out of Band Code Evaluation (Node.js)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band Code Evaluation (Perl)
Out of Band Code Evaluation (Perl)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band Code Evaluation (PHP)
Out of Band Code Evaluation (PHP)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band Code Evaluation (Python)
Out of Band Code Evaluation (Python)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band Code Evaluation (RoR)
Out of Band Code Evaluation (RoR)
PCI v3.2-6.5.1
, 
CAPEC-356
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-23
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/RL:O
, 
Critical
Out of Band Code Evaluation (RoR - JSON)
Out of Band Code Evaluation (RoR - JSON)
PCI v3.2-6.5.1
, 
CAPEC-356
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-23
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
, 
Critical
Out of Band Code Evaluation (Ruby)
Out of Band Code Evaluation (Ruby)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band Code Execution via SSTI
Out of Band Code Execution via SSTI
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band Code Execution via SSTI (Java FreeMarker)
Out of Band Code Execution via SSTI (Java FreeMarker)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band Code Execution via SSTI (Java Velocity)
Out of Band Code Execution via SSTI (Java Velocity)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band Code Execution via SSTI (Node.js Dot)
Out of Band Code Execution via SSTI (Node.js Dot)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band Code Execution via SSTI (Node.js EJS)
Out of Band Code Execution via SSTI (Node.js EJS)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band Code Execution via SSTI (Node.js Marko)
Out of Band Code Execution via SSTI (Node.js Marko)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band Code Execution via SSTI (Node.js Nunjucks)
Out of Band Code Execution via SSTI (Node.js Nunjucks)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band Code Execution via SSTI (Node.js Pug (Jade))
Out of Band Code Execution via SSTI (Node.js Pug (Jade))
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band Code Execution via SSTI (PHP Smarty)
Out of Band Code Execution via SSTI (PHP Smarty)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band Code Execution via SSTI (PHP Twig)
Out of Band Code Execution via SSTI (PHP Twig)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band Code Execution via SSTI (Python Jinja)
Out of Band Code Execution via SSTI (Python Jinja)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band Code Execution via SSTI (Python Mako)
Out of Band Code Execution via SSTI (Python Mako)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band Code Execution via SSTI (Python Tornado)
Out of Band Code Execution via SSTI (Python Tornado)
PCI v3.2-6.5.1
, 
CAPEC-23
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band Command Injection
Out of Band Command Injection
PCI v3.2-6.5.1
, 
CAPEC-88
, 
CWE-78
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-31
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band SAML Consumer Service XML Entity Injection
Out of Band SAML Consumer Service XML Entity Injection
PCI v3.2-6.5.1
, 
CAPEC-376
, 
CWE-611
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-43
, 
OWASP 2013-A1
, 
OWASP 2017-A4
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H
, 
High
Out of Band SAML Consumer Service XSLT Injection
Out of Band SAML Consumer Service XSLT Injection
PCI v3.2-6.5.1
, 
CAPEC-376
, 
CWE-611
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-43
, 
OWASP 2013-A1
, 
OWASP 2017-A4
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H
, 
High
Out of Band SQL Injection
Out of Band SQL Injection
PCI v3.2-6.5.1
, 
CAPEC-66
, 
CWE-89
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-19
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical
Out of Band XML External Entity Injection
Out of Band XML External Entity Injection
PCI v3.2-6.5.1
, 
CAPEC-376
, 
CWE-611
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-43
, 
OWASP 2013-A1
, 
OWASP 2017-A4
, 
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H
, 
High
Out-of-date Component ({applicationName})
Out-of-date Component ({applicationName})
CAPEC-170
, 
CWE-205
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
PossibleBlindMongoDB
PossibleBlindMongoDB
PCI v3.2-6.5.1
, 
CAPEC-66
, 
CWE-89
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-19
, 
OWASP 2013-A1
, 
Critical
Possible Boolean Mongo Db Injection
Possible Boolean Mongo Db Injection
PCI v3.2-6.5.1
, 
CAPEC-66
, 
CWE-89
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-19
, 
OWASP 2013-A1
, 
Critical
Programming Error Message
Programming Error Message
PCI v3.2-6.5.5
, 
CAPEC-118
, 
CWE-210
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Programming Error Message (Ruby)
Programming Error Message (Ruby)
PCI v3.2-6.5.5
, 
CAPEC-118
, 
CWE-210
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-13
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
Low
Progress MOVEit Transfer SQL Injection
Progress MOVEit Transfer SQL Injection
PCI v3.2-6.5.1
, 
CAPEC-66
, 
CWE-89
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-19
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
High
Readme/Help File Detected
Readme/Help File Detected
PCI v3.2-6.5.8
, 
CAPEC-87
, 
CWE-425
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.18.1.3
, 
WASC-34
, 
OWASP 2013-A7
, 
OWASP 2017-A5
, 
Information
RegreSSHion Attack (CVE-2024-6387)
RegreSSHion Attack (CVE-2024-6387)
PCI v3.2-6.5.1
, 
CAPEC-26
, 
CWE-366
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A9
, 
OWASP 2017-A9
, 
Critical
Remote Code Execution and DoS in HTTP.sys (IIS)
Remote Code Execution and DoS in HTTP.sys (IIS)
PCI v3.2-6.5.1
, 
CAPEC-340
, 
CWE-20
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-7
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:W/RC:C
, 
Critical
Remote Code Execution (Spring4Shell)
Remote Code Execution (Spring4Shell)
PCI v3.2-6.5.1
, 
CAPEC-242
, 
CWE-94
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
, 
Critical
Server-Side Request Forgery (elmah)
Server-Side Request Forgery (elmah)
PCI v3.2-6.5.6
, 
CAPEC-347
, 
CWE-918
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
High
Server-Side Request Forgery (elmah MVC)
Server-Side Request Forgery (elmah MVC)
PCI v3.2-6.5.6
, 
CAPEC-347
, 
CWE-918
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
High
Server-Side Request Forgery (trace.axd)
Server-Side Request Forgery (trace.axd)
PCI v3.2-6.5.6
, 
CAPEC-347
, 
CWE-918
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
WASC-15
, 
OWASP 2013-A5
, 
OWASP 2017-A6
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
, 
Critical
Server-Side Template Injection
Server-Side Template Injection
PCI v3.2-6.5.1
, 
CWE-74
, 
HIPAA-164.306(a)
, 
164.308(a)
, 
ISO27001-A.14.2.5
, 
OWASP 2013-A1
, 
OWASP 2017-A1
, 
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
, 
Critical