Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Vulnerability Name
Classification
Severity
ASP.NET Tracing Is Enabled
ASP.NET Tracing Is Enabled
High
Arbitrary File Creation Detected
Arbitrary File Creation Detected
High
Arbitrary File Deletion Detected
Arbitrary File Deletion Detected
High
Authentication Bypass in Fortra's GoAnywhere MFT (CVE-2024-0204)
Authentication Bypass in Fortra's GoAnywhere MFT (CVE-2024-0204)
High
Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)
Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)
High
Backup Source Code Detected
Backup Source Code Detected
High
Basic Authorization over HTTP
Basic Authorization over HTTP
High
Blind Cross-site Scripting
Blind Cross-site Scripting
High
Blind MongoDB Injection
Blind MongoDB Injection
High
Boolean Based MongoDB Injection
Boolean Based MongoDB Injection
High
Certificate is Signed Using a Weak Signature Algorithm
Certificate is Signed Using a Weak Signature Algorithm
High
Cross-site Scripting
Cross-site Scripting
High
Cross-site Scripting (DOM based)
Cross-site Scripting (DOM based)
High
Cross-site Scripting via File Upload
Cross-site Scripting via File Upload
High
Cross-site Scripting via Remote File Inclusion
Cross-site Scripting via Remote File Inclusion
High
Database User Has Admin Privileges
Database User Has Admin Privileges
High
Elmah.axd / Errorlog.axd Detected
Elmah.axd / Errorlog.axd Detected
High
Error-Based MongoDB Injection
Error-Based MongoDB Injection
High
Expression Language Injection
Expression Language Injection
High
F5 Big-IP Local File Inclusion (CVE-2020-5902)
F5 Big-IP Local File Inclusion (CVE-2020-5902)
High
Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)
Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)
High
Insecure Transportation Security Protocol Supported (SSLv2)
Insecure Transportation Security Protocol Supported (SSLv2)
High
Insecure Transportation Security Protocol Supported (SSLv3)
Insecure Transportation Security Protocol Supported (SSLv3)
High
Insecure Transportation Security Protocol Supported (TLS 1.0)
Insecure Transportation Security Protocol Supported (TLS 1.0)
High
JBoss Web Console JMX Invoker
JBoss Web Console JMX Invoker
High
JWT Forgery via Chaining Jku Parameter with Open Redirect
JWT Forgery via Chaining Jku Parameter with Open Redirect
High
JWT Forgery via Path Traversal
JWT Forgery via Path Traversal
High
JWT Forgery via SQL Injection
JWT Forgery via SQL Injection
High
JWT Forgery via unvalidated jku parameter
JWT Forgery via unvalidated jku parameter
High
JWT Signature Bypass via None Algorithm
JWT Signature Bypass via None Algorithm
High
JWT Signature is not Verified
JWT Signature is not Verified
High
Local File Inclusion
Local File Inclusion
High
Local File Inclusion (IAST)
Local File Inclusion (IAST)
High
MongoDB Operator Injection
MongoDB Operator Injection
High
No SAML Response Signature Check
No SAML Response Signature Check
High
Oracle WebLogic Authentication Bypass (CVE-2020-14883)
Oracle WebLogic Authentication Bypass (CVE-2020-14883)
High
Out of Band SAML Consumer Service XML Entity Injection
Out of Band SAML Consumer Service XML Entity Injection
High
Out of Band SAML Consumer Service XSLT Injection
Out of Band SAML Consumer Service XSLT Injection
High
Out of Band XML External Entity Injection
Out of Band XML External Entity Injection
High
Out-of-date Version (HSQLDB)
Out-of-date Version (HSQLDB)
High
Out-of-date Version (Microsoft SQL Server)
Out-of-date Version (Microsoft SQL Server)
High
Out-of-date Version (MongoDb)
Out-of-date Version (MongoDb)
High
Out-of-date Version (MySQL)
Out-of-date Version (MySQL)
High
Out-of-date Version (Oracle)
Out-of-date Version (Oracle)
High
Out-of-date Version (PostgreSQL)
Out-of-date Version (PostgreSQL)
High
Out-of-date Version (SQLite)
Out-of-date Version (SQLite)
High
Password Transmitted over HTTP
Password Transmitted over HTTP
High
Polyfill.io Supply Chain Attack
Polyfill.io Supply Chain Attack
High
Progress MOVEit Transfer SQL Injection
Progress MOVEit Transfer SQL Injection
High
ROBOT Attack Detected (Strong Oracle)
ROBOT Attack Detected (Strong Oracle)
High
ROBOT Attack Detected (Weak Oracle)
ROBOT Attack Detected (Weak Oracle)
High
Ruby on Rails File Content Disclosure (CVE-2019-5418)
Ruby on Rails File Content Disclosure (CVE-2019-5418)
High
SAML Response Signature Exclusion
SAML Response Signature Exclusion
High
SAML Response Without Signature
SAML Response Without Signature
High
SVN Detected
SVN Detected
High
Server-Side Request Forgery (AWS)
Server-Side Request Forgery (AWS)
High
Server-Side Request Forgery (Apache Server Status)
Server-Side Request Forgery (Apache Server Status)
High
Server-Side Request Forgery (MySQL)
Server-Side Request Forgery (MySQL)
High
Server-Side Request Forgery (SSH)
Server-Side Request Forgery (SSH)
High
Server-Side Request Forgery (elmah MVC)
Server-Side Request Forgery (elmah MVC)
High
Server-Side Request Forgery (elmah)
Server-Side Request Forgery (elmah)
High
Server-Side Template Injection (IAST)
Server-Side Template Injection (IAST)
High
Stored Cross-site Scripting
Stored Cross-site Scripting
High
TorchServe Management API Publicly Exposed
TorchServe Management API Publicly Exposed
High
Trace.axd Detected
Trace.axd Detected
High
Unrestricted File Upload
Unrestricted File Upload
High
Weak Basic Authentication Credentials
Weak Basic Authentication Credentials
High
Weak Secret is Used to Sign JWT
Weak Secret is Used to Sign JWT
High
WebDAV Directory Has Write Permissions
WebDAV Directory Has Write Permissions
High
WebDAV Directory Has Write Permissions (IIS)
WebDAV Directory Has Write Permissions (IIS)
High
XML External Entity Injection
XML External Entity Injection
High
XML External Entity Injection (IAST)
XML External Entity Injection (IAST)
High
XPath Injection (IAST)
XPath Injection (IAST)
High