🚀 Invicti Acquires Kondukto to Deliver Proof-Based Application Security Posture Management
100% Signal 0% Noise
Platform
Platform Overview
ASPM
APIÂ Security
DAST
SAST
SCA
Container Security
AI-Powered AppSec
Features
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Case Studies
Invicti Learn
Live Training
Partners
Documentation
Get a demo
Web Application Vulnerabilities Index
This page lists
144
vulnerabilities categorized as medium severity that can be detected by Invicti.
Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Vulnerability Name
Classification
Severity
(Deprecated) Version Disclosure (mod_ssl)
(Deprecated) Version Disclosure (mod_ssl)
Low
.DS_Store File Found
.DS_Store File Found
Low
.dockerignore File Detected
.dockerignore File Detected
Low
.htaccess File Detected
.htaccess File Detected
Information
AEM Detected
AEM Detected
Information
ASP.NET Cookieless Authentication Is Enabled
ASP.NET Cookieless Authentication Is Enabled
Medium
ASP.NET Cookieless Session State Is Enabled
ASP.NET Cookieless Session State Is Enabled
Medium
ASP.NET CustomErrors Is Disabled
ASP.NET CustomErrors Is Disabled
Medium
ASP.NET Debugging Enabled
ASP.NET Debugging Enabled
Information
ASP.NET Identified
ASP.NET Identified
Information
ASP.NET Login Credentials Stored In Plain Text
ASP.NET Login Credentials Stored In Plain Text
Medium
ASP.NET MVC Identified
ASP.NET MVC Identified
Information
ASP.NET Tracing Is Enabled
ASP.NET Tracing Is Enabled
High
ASP.NET ValidateRequest Is Globally Disabled
ASP.NET ValidateRequest Is Globally Disabled
Medium
ASP.NET ViewStateUserKey Is Not Set
ASP.NET ViewStateUserKey Is Not Set
Low
ASP.NET: Failure To Require SSL For Authentication Cookies
ASP.NET: Failure To Require SSL For Authentication Cookies
Medium
ATutor Detected
ATutor Detected
Information
AWS Dockerrun Configuration File Detected
AWS Dockerrun Configuration File Detected
Low
AWStats Detected
AWStats Detected
Information
AbanteCart Detected
AbanteCart Detected
Information
Active Mixed Content over HTTPS
Active Mixed Content over HTTPS
Medium
ActiveMQ - Remote Code Execution (CVE-2023-46604)
ActiveMQ - Remote Code Execution (CVE-2023-46604)
Critical
Adminer Detected
Adminer Detected
Information
Administration Page Detected
Administration Page Detected
Information
Ampache Detected
Ampache Detected
Information
An Unsafe Content Security Policy (CSP) Directive in Use
An Unsafe Content Security Policy (CSP) Directive in Use
Information
Angular Identified
Angular Identified
Information
Angularjs Identified
Angularjs Identified
Information
Anonymous Ciphers Supported
Anonymous Ciphers Supported
Medium
Apache Coyote Identified
Apache Coyote Identified
Information
Apache Module Identified
Apache Module Identified
Information
Apache MultiViews Enabled
Apache MultiViews Enabled
Low
Apache Multiple Choices Enabled
Apache Multiple Choices Enabled
Low
Apache Server-Info Detected
Apache Server-Info Detected
Medium
Apache Server-Status Detected
Apache Server-Status Detected
Medium
Apache Shiro Identified
Apache Shiro Identified
Information
Apache Traffic Server Identified
Apache Traffic Server Identified
Information
Apache Web Server Identified
Apache Web Server Identified
Information
Apple’s App-Site Association (AASA) Detected
Apple’s App-Site Association (AASA) Detected
Information
Arbitrary File Creation Detected
Arbitrary File Creation Detected
High
Arbitrary File Deletion Detected
Arbitrary File Deletion Detected
High
Artifactory DevOps Solution Identified
Artifactory DevOps Solution Identified
Information
AspNetSignalR Identified
AspNetSignalR Identified
Information
Atlassian Confluence Identified
Atlassian Confluence Identified
Information
Atlassian Jira Identified
Atlassian Jira Identified
Information
Atlassian Proxy Identified
Atlassian Proxy Identified
Information
Authentication Bypass in Fortra's GoAnywhere MFT (CVE-2024-0204)
Authentication Bypass in Fortra's GoAnywhere MFT (CVE-2024-0204)
High
Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)
Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)
High
Authorization Required
Authorization Required
Information
Autocomplete Enabled (Password Field)
Autocomplete Enabled (Password Field)
Information
Autocomplete is Enabled
Autocomplete is Enabled
Low
Axios Identified
Axios Identified
Information
Axis Development Mode Enabled in WEB-INF/server-config.wsdd
Axis Development Mode Enabled in WEB-INF/server-config.wsdd
Medium
Axis system configuration listing enabled in WEB-INF/server-config.wsdd
Axis system configuration listing enabled in WEB-INF/server-config.wsdd
Medium
Axway Secure Transport Detected
Axway Secure Transport Detected
Information
Axway SecureTransport Server Identified
Axway SecureTransport Server Identified
Information
B.R.E.A.C.H. Attack Detected
B.R.E.A.C.H. Attack Detected
Medium
BREACH Attack Detected
BREACH Attack Detected
Medium
Backbonejs Identified
Backbonejs Identified
Information
Backup File Disclosure
Backup File Disclosure
Low
Backup Source Code Detected
Backup Source Code Detected
High
Base Tag Hijacking
Base Tag Hijacking
Medium
Bash Command Injection Vulnerability (Shellshock Bug)
Bash Command Injection Vulnerability (Shellshock Bug)
Critical
Basic Authorization Required
Basic Authorization Required
Information
Basic Authorization over HTTP
Basic Authorization over HTTP
High
BitNinja Captcha Server Identified
BitNinja Captcha Server Identified
Information
Blind Command Injection
Blind Command Injection
Critical
Blind Cross-site Scripting
Blind Cross-site Scripting
High
Blind MongoDB Injection
Blind MongoDB Injection
High
Blind SQL Injection
Blind SQL Injection
Critical
Bluebird Identified
Bluebird Identified
Information
Bomgar Remote Support Software Detected
Bomgar Remote Support Software Detected
Information
Boolean Based MongoDB Injection
Boolean Based MongoDB Injection
High
Boolean Based SQL Injection
Boolean Based SQL Injection
Critical
1