Web Vulnerability & Security Check

Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category

Select Vulnerability

Vulnerability Name

Classification

Severity

Mustachejs Identified

Information

Information

NTLM Authorization Required

Information

Next.js React Framework Identified

Information

Nexus Repository OSS Identified

Information

Nginx Web Server Identified

Information

No SAML Response Signature Check

High

No Script Block Detected with the Hash Value Declared in Content Security Policy (CSP)

Information

Node.js Web Application does not handle uncaughtException

Medium

Node.js Web Application does not handle unhandledRejection

Medium

Nonce Usage Detected in Content Security Policy (CSP) Directive

Information

NuSOAP Identified

Information

OPTIONS Method Enabled

Information

Information

Open Policy Crossdomain.xml Detected

Medium

Open Redirection

Medium

Open Redirection (DOM based)

Medium

Open Redirection in POST method

Low

Open Silverlight Client Access Policy

Medium

OpenCart Detected

Information

OpenResty Web Platform Identified

Information

OpenSSL Heartbleed

Critical

OpenSSL Identified

Information

OpenSearch.xml Detected

Information

OpenVPN Access Server Identified

Information

Oracle Application Server Identified

Information

Oracle EBS - Unauthenticated Remote Code Execution

Critical

Oracle HTTP Server Identified

Information

Oracle WebLogic Authentication Bypass (CVE-2020-14883)

High

Oracle WebLogic Remote Code Execution (CVE-2020-14882)

Critical

Out of Band Code Evaluation (ASP)

Critical

Out of Band Code Evaluation (Apache Struts 2)

Critical

Out of Band Code Evaluation (Apache Struts 2) S2-053

Critical

Out of Band Code Evaluation (Log4j)

Critical

Out of Band Code Evaluation (Node.js)

Critical

Out of Band Code Evaluation (PHP)

Critical

Out of Band Code Evaluation (Perl)

Critical

Out of Band Code Evaluation (Python)

Critical

Out of Band Code Evaluation (RoR - JSON)

Critical

Out of Band Code Evaluation (RoR)

Critical

Out of Band Code Evaluation (Ruby)

Critical

Out of Band Code Execution via SSTI

Critical

Out of Band Code Execution via SSTI (Java FreeMarker)

Critical

Out of Band Code Execution via SSTI (Java Velocity)

Critical

Out of Band Code Execution via SSTI (Node.js Dot)

Critical

Out of Band Code Execution via SSTI (Node.js EJS)

Critical

Out of Band Code Execution via SSTI (Node.js Marko)

Critical

Out of Band Code Execution via SSTI (Node.js Nunjucks)

Critical

Out of Band Code Execution via SSTI (Node.js Pug (Jade))

Critical

Out of Band Code Execution via SSTI (PHP Smarty)

Critical

Out of Band Code Execution via SSTI (PHP Twig)

Critical

Out of Band Code Execution via SSTI (Python Jinja)

Critical

Out of Band Code Execution via SSTI (Python Mako)

Critical

Out of Band Code Execution via SSTI (Python Tornado)

Critical

Out of Band Command Injection

Critical

Out of Band Remote File Inclusion

Critical

Out of Band SAML Consumer Service XML Entity Injection

High

Out of Band SAML Consumer Service XSLT Injection

High

Out of Band SQL Injection

Critical

Out of Band XML External Entity Injection

High

Out-of-Date (Bootstrap Select)

Information

Out-of-Date (Bootstrap Table)

Information

Out-of-Date (Bootstrap Typeahead)

Information

Out-of-Date (JQuery placeholder.js)

Information

Out-of-Date Version (Lua)

Information

Out-of-date (ASP.NET MVC)

Information

Out-of-date (FrontPage)

Information

Out-of-date (Mongrel)

Information

Out-of-date (Oracle Application Server)

Information

Out-of-date (Phusion Passenger)

Information

Out-of-date (SharePoint)

Information

Out-of-date (Taleo Web Server)

Information

Out-of-date (Varnish)

Information

Out-of-date Component ({applicationName})

Low