Vulnerabilities

 Articles

Read about the latest security vulnerabilities that Cybercriminals often exploit to compromise websites, infect users, and gain illicit access to their sensitive data.

Information Disclosure - Suspicious Comments in XML via WebSocket

The 'Information Disclosure - Suspicious Comments in XML via WebSocket' vulnerability typically arises when sensitive information or comments are inadvertently exposed in XML payloads sent over a WebSocket connection, making it accessible to malicious attackers.

Vulnerabilities
2
 min read

Username Hash Found in WebSocket message

The 'Username Hash Found in WebSocket message' vulnerability means that the username or a related hash is being sent and exposed through WebSocket messages, which can be intercepted and exploited by attackers.

Vulnerabilities
2
 min read

Private IP Disclosure via WebSocke

The 'Private IP Disclosure via WebSocke' vulnerability typically arises when an attacker can easily collect sensitive information, such as internal IP addresses, from WebSocket responses. When an attacker identifies internal IP addresses through WebSocket responses, they can potentially target your internal network.

Vulnerabilities
2
 min read

Personally Identifiable Information via WebSocket

The 'PII via WebSocket' vulnerability occurs when sensitive user information (such as names, email addresses, or personal data) is transmitted insecurely over a WebSocket connection, making it accessible to potential attackers.

Vulnerabilities
2
 min read

Email address found in WebSocket message

The 'Email address found in WebSocket message’ vulnerability indicates that sensitive information, such as email addresses, is being exposed or leaked through WebSocket messages in your web application which can be intercepted or accessed by malicious attackers, leading to data breaches or privacy violations.

Vulnerabilities
2
 min read

Information Disclosure - Debug Error Messages via WebSocket

The 'Information Disclosure - Debug Error Messages via WebSocket' vulnerability involves WebSocket communication revealing debug error messages. These messages often contain sensitive information that can be exposed and exploited by potential attackers.

Vulnerabilities
2
 min read

Base64 Disclosure in WebSocket message

The 'Base64 Disclosure in WebSocket message' is a web application vulnerability that could potentially expose sensitive information. It occurs when sensitive information is sent in a WebSocket message without proper encryption or obfuscation and can easily be intercepted and decoded by attackers.

Vulnerabilities
2
 min read

Server Side Template Injection (Blind)

Server Side Template Injection (SSTI) is a critical security vulnerability that allows attackers to execute arbitrary code on your web server. When it's detected in a blind form, it means that the vulnerability is not immediately visible through direct error messages or responses from the server.

Vulnerabilities
2
 min read

Server Side Template Injection

Server-Side Template Injection (SSTI) is a serious security vulnerability that occurs when an attacker can inject malicious code into a server-side template engine. This can lead to remote code execution, data leakage, and other security issues.

Vulnerabilities
2
 min read

Cloud Metadata Potentially Exposed

The 'Cloud Metadata Potentially Exposed' vulnerability typically involves the exposure of sensitive information in cloud metadata services. Attackers can exploit this information to gain unauthorized access or escalate privileges.

Vulnerabilities
2
 min read

Loosely Scoped Cookie

The 'Loosely Scoped Cookie' vulnerability can lead to various security risks, including session hijacking and unauthorized access to sensitive information. This occurs when a web application sets cookies with overly permissive scope or path attributes. This means that the cookie can be accessed by pages or scripts that it should not be accessible to.

Vulnerabilities
2
 min read

SOAP XML Injection

SOAP (Simple Object Access Protocol) is a widely used protocol for exchanging structured information in web services. A SOAP XML Injection vulnerability occurs when an attacker can manipulate the XML input to the web service in such a way that it leads to unintended behavior or reveals sensitive information.

Vulnerabilities
2
 min read

Insecure HTTP Method

The 'Insecure HTTP Method' vulnerability can expose your application to various risks, including unauthorized access, data manipulation, and more. It occurs when your web application uses HTTP methods in an insecure or unintended manner.

Vulnerabilities
2
 min read

Cookie Slack Detector

The 'Cookie Slack Detector' vulnerability occurs when your web application unintentionally exposes sensitive data in the HTTP response headers, typically through cookies. Attackers can exploit this to gain unauthorized access or gather sensitive information about your application.

Vulnerabilities
2
 min read

SOAP Action Spoofing

SOAP (Simple Object Access Protocol) is a protocol used for exchanging structured information in the implementation of web services. SOAP Action Spoofing is a security vulnerability that can occur when an attacker manipulates the SOAP action in a web service request to execute unintended actions or gain unauthorized access to a web application.

Vulnerabilities
2
 min read

Expression Language Injection

Expression Language Injection (EL Injection) is a serious security vulnerability that can allow attackers to execute arbitrary code on your web application server. It occurs when an application allows user input to be directly evaluated as an expression in the underlying programming language, typically in web templates or within dynamically generated content.

Vulnerabilities
2
 min read

Expression Language Injection

Expression Language Injection (EL Injection) is a serious security vulnerability that can allow attackers to execute arbitrary code on your web application server. It occurs when an application allows user input to be directly evaluated as an expression in the underlying programming language, typically in web templates or within dynamically generated content.

Vulnerabilities
2
 min read

Generic Padding Oracle

The ‘Generic Padding Oracle' vulnerability typically occurs in cryptographic implementations that use padding schemes, and an attacker can exploit this weakness to decrypt encrypted data by making a series of requests and analyzing the server's responses.

Vulnerabilities
2
 min read

XML External Entity Attack

XML External Entity (XXE) attacks occur when an attacker is able to manipulate XML input to include external entities that can lead to data disclosure, denial of service, and potentially remote code execution.

Vulnerabilities
2
 min read

Application Error Disclosure

The 'Application Error Disclosure' vulnerability occurs when your web application exposes sensitive information in error messages, stack traces, or debug mode. Attackers can use this information to gain insights into your application's architecture and potentially exploit vulnerabilities.

Vulnerabilities
2
 min read

XPath Injection

XPath Injection is a web application vulnerability that occurs when an attacker manipulates user input to modify the XPath query in a way not intended by the application developer. This type of vulnerability can lead to unauthorized access to sensitive data, data manipulation, and even denial of service attacks.

Vulnerabilities
1
 min read

Remote OS Command Injection

A 'Remote OS Command Injection' is a web application vulnerability that occurs when an attacker can inject malicious operating system commands into a web application, potentially leading to unauthorized access or data breaches.

Vulnerabilities
2
 min read

Server Side Code Injection - ASP Code Injection

The 'ASP Code Injection' vulnerability occurs when an attacker can manipulate the application to execute arbitrary ASP code on the server. This can happen if your application does not properly validate or sanitize user input, allowing attackers to inject malicious ASP code into the application.

Vulnerabilities
2
 min read

Server Side Code Injection - PHP Code Injection

A 'Server-Side Code Injection' vulnerability, specifically a PHP Code Injection, can allow attackers to execute arbitrary PHP code on your server, potentially leading to data breaches, server compromise, and other security issues.

Vulnerabilities
2
 min read

Server Side Code Injection

The 'Server-Side Code Injection' vulnerability occurs when an application allows untrusted input to be executed as code on the server-side. Attackers can manipulate user inputs to inject malicious code, often in the form of scripting languages like PHP, Python, or JavaScript.

Vulnerabilities
2
 min read

Advanced SQL Injection

SQL injection is a common and dangerous attack vector that can lead to unauthorized access, data breaches, and other security issues. This occurs when an attacker is able to manipulate SQL queries executed by your application to gain unauthorized access to the database or perform malicious actions.

Vulnerabilities
2
 min read

XSLT Injection

XSLT (Extensible Stylesheet Language Transformations) Injection is a critical web application vulnerability that can allow attackers to execute malicious code within your application. This can lead to various security risks, including data exposure, unauthorized access, and even a complete compromise of your web application.

Vulnerabilities
2
 min read

Charset Mismatch

The 'Charset Mismatch' vulnerability typically occurs when there's a mismatch between the declared character encoding in the HTTP response headers and the actual character encoding used in the response content. Attackers can exploit this discrepancy to conduct various attacks, including Cross-Site Scripting (XSS).

Vulnerabilities
2
 min read

Insufficient Site Isolation Against Spectre Vulnerability

The 'Insufficient Site Isolation Against Spectre' vulnerability exploits the speculative execution mechanism in modern processors to leak sensitive data across different browser tabs or processes, potentially leading to the leakage of sensitive data from one context to another, such as from one tab to another in a browser.

Vulnerabilities
2
 min read

Sub Resource Integrity Attribute Missing

The 'Sub Resource Integrity Attribute Missing' vulnerability occurs when your web application includes external resources, such as scripts and stylesheets, without verifying their integrity. Attackers can exploit this by manipulating or injecting malicious code into these resources, leading to potential security breaches.

Vulnerabilities
2
 min read

Insecure JSF ViewState

The ViewState in JSF is a critical component that stores the state of the UI components and their values. An insecure ViewState can expose sensitive information or allow attackers to modify the state, potentially leading to security breaches.

Vulnerabilities
2
 min read

Text4shell (CVE-2022-42889)

The Text4shell vulnerability (CVE-2022-42889) is a security flaw that affects web applications and enables attackers to execute malicious shell commands remotely. This vulnerability arises from improper handling of user-generated text inputs that are executed as shell commands without proper validation.

Vulnerabilities
2
 min read

Server Side Request Forgery

Server Side Request Forgery (SSRF) is a critical security vulnerability that allows attackers to manipulate a web application to make unintended requests to internal resources, often leading to unauthorized access to sensitive data or services.

Vulnerabilities
2
 min read

Exponential Entity Expansion (Billion Laughs Attack)

The 'Exponential Entity Expansion' vulnerability, also known as the 'Billion Laughs Attack' is a common vulnerability that can compromise the security and performance of your web application. This attack leverages XML entity expansion to exhaust system resources and cause denial-of-service (DoS) conditions.

Vulnerabilities
2
 min read

Log4Shell (CVE-2021-45046)

The Log4Shell vulnerability (CVE-2021-45046) is a critical security flaw that affects the Apache Log4j library, which is commonly used in Java-based web applications for logging purposes. This vulnerability allows remote attackers to execute arbitrary code on the targeted server, potentially leading to a complete compromise of the application and the underlying system.

Vulnerabilities
2
 min read

Log4Shell (CVE-2021-44228)

The Log4Shell vulnerability (CVE-2021-44228) is a critical security flaw that affects the Apache Log4j library, a popular Java-based logging framework. Exploiting this vulnerability could lead to remote code execution, giving attackers full control over the affected system.

Vulnerabilities
2
 min read

Log4Shell

The 'Log4Shell' vulnerability refers to a critical flaw in the Apache Log4j library, which could allow remote attackers to execute arbitrary code on a target system.

Vulnerabilities
2
 min read

File Upload

File upload vulnerabilities are a common type of security issue that can leave your web application exposed to various forms of attacks. These vulnerabilities occur when improper validation or sanitization of user-uploaded files allows malicious files to be uploaded, leading to potential compromise of your application and server.

Vulnerabilities
2
 min read

CORS Header

Cross-Origin Resource Sharing (CORS) is a security feature implemented in web browsers to prevent unauthorized access to resources on different domains. The 'CORS Header' vulnerability indicates that your web application is not properly configured to enforce the necessary CORS policies. This may lead to potential security risks, such as cross-site request forgery (CSRF) and data leakage.

Vulnerabilities
2
 min read

Web Cache Deception

'Web Cache Deception' is a critical vulnerability that occurs when an attacker manipulates the caching mechanisms of a web server to serve cached content meant for one user to another user. This could lead to unauthorized access, exposure of sensitive data, and potential security breaches.

Vulnerabilities
2
 min read

Bypassing 403

The 'Bypassing 403' vulnerability occurs when an attacker finds a way to bypass the HTTP 403 Forbidden response, gaining unauthorized access to restricted resources.

Vulnerabilities
2
 min read

JWT Scan Rule

JSON Web Tokens (JWT) are widely used for authentication and authorization in web applications. However, improper implementation or configuration of JWT can lead to the 'JWT Scan Rule' vulnerability that attackers can exploit.

Vulnerabilities
2
 min read

Hidden File Found

The 'Hidden File Found' vulnerability occurs when sensitive files or directories within your web application are inadvertently exposed to unauthorized users. These files or directories may contain information such as configuration files, database credentials, or other sensitive data.

Vulnerabilities
2
 min read

.env Information Leak

Web applications often rely on configuration files to store sensitive information. These files are commonly named '.env' (short for environment) and are meant to be kept confidential. However, vulnerabilities in your application's code or server configuration can expose these files, leading to unauthorized access and potential data leaks.

Vulnerabilities
2
 min read

.htaccess Information Leak

The '.htaccess Information Leak' vulnerability is a security issue that occurs when sensitive configuration information is leaked through the '.htaccess' file in your web application's directory. This file is used to configure various settings for the Apache web server, and if it contains sensitive data, it can potentially be accessed by unauthorized users.

Vulnerabilities
2
 min read

Out of Band XSS

'Out of Band XSS' is a type of cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into a web application and trigger a request to an external domain. This vulnerability can lead to various security risks, including data theft, session hijacking, and unauthorized access to sensitive information.

Vulnerabilities
2
 min read

Trace.axd Information Leak

The 'Trace.axd Information Leak' vulnerability is a common security issue found in web applications running on the ASP.NET framework. This vulnerability occurs when sensitive information is exposed through the Trace.axd handler. Attackers can exploit this weakness to gather valuable information about your application's internals.

Vulnerabilities
1
 min read

ELMAH Information Leak

The ELMAH (Error Logging Modules and Handlers) Information Leak vulnerability is a common issue in web applications that utilize ELMAH for error logging and handling. If the ELMAH is not configured correctly, it can expose sensitive information to potential attackers.

Vulnerabilities
1
 min read

SQL Injection - MsSQL

SQL Injection is a severe security vulnerability that allows attackers to manipulate a web application's database queries by inserting malicious SQL code. The vulnerability 'SQL Injection - MsSQL' refers to this vulnerability when using Microsoft SQL Server (MsSQL) as the database management system in your web application.

Vulnerabilities
2
 min read

Proxy Disclosure

Proxy Disclosure is a security vulnerability that arises when a web application fails to properly handle proxy headers. Attackers can exploit this weakness to bypass security controls, access sensitive information, or launch various attacks.

Vulnerabilities
2
 min read

SQL Injection - SQLite

SQL Injection is a critical web application vulnerability that allows attackers to manipulate or extract data from a database. SQLite, being a popular database engine, is also prone to SQL Injection attacks.

Vulnerabilities
1
 min read

Possible Username Enumeration

The 'Possible Username Enumeration' vulnerability occurs when an attacker can determine valid usernames on a web application by exploiting the differences in responses for valid and invalid usernames during the login process. This information can be used to conduct brute-force attacks and gain unauthorized access.

Vulnerabilities
2
 min read

SQL Injection - PostgreSQL

SQL injection is a serious vulnerability that allows attackers to manipulate your web application's database queries and gain unauthorized access to data or perform malicious actions. 'SQL Injection - PostgreSQL' refers specifically to this vulnerability in PostgreSQL databases.

Vulnerabilities
2
 min read

SQL Injection - Oracle

SQL injection is a serious security vulnerability that occurs when malicious actors can manipulate an application's database queries to execute unauthorized SQL commands. The 'SQL Injection - Oracle' vulnerability refers specifically to this vulnerability in Oracle databases used in web applications.

Vulnerabilities
 min read

SQL Injection - Hypersonic SQL

SQL Injection is a severe security vulnerability that allows attackers to manipulate an application's database by injecting malicious SQL code, which can potentially lead to unauthorized access, data breaches, and data manipulation. This vulnerability occurs when user-supplied data is concatenated directly into SQL queries without proper validation or parameterization.

Vulnerabilities
2
 min read

SQL Injection

SQL injection is a serious security vulnerability that occurs when an attacker can manipulate input data to execute arbitrary SQL commands on your web application's backend database. This can lead to data breaches, unauthorized access, and potential loss of sensitive information.

Vulnerabilities
2
 min read

Cross Site Scripting (Persistent) - Spider

Cross-Site Scripting (XSS) is a common web application vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. 'Cross-Site Scripting (Persistent) - Spider' occurs when user-supplied data is improperly handled and stored, leading to malicious code execution when that data is retrieved and displayed, potentially compromising user data or performing unauthorized actions.

Vulnerabilities
2
 min read

Cross Site Scripting (Persistent) - Prime

Cross-Site Scripting (XSS) is a common web application vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. Persistent XSS specifically refers to vulnerabilities where the malicious code persists beyond a single request.

Vulnerabilities
1
 min read

LDAP Injection

LDAP (Lightweight Directory Access Protocol) is a widely used protocol for accessing and maintaining directory information services. LDAP Injection is a type of security vulnerability that occurs when an attacker can manipulate user inputs to construct malicious LDAP queries. These queries can lead to unauthorized access, data leakage, and even complete compromise of the application and its underlying infrastructure.

Vulnerabilities
1
 min read

Cross Site Scripting (Persistent)

Cross Site Scripting (Persistent) occurs when user-supplied input is not properly validated or sanitized, allowing malicious code to be stored persistently on the server-side and later displayed to other users. This malicious code can be executed by unsuspecting users, leading to various attacks, such as session hijacking, data theft, or defacement.

Vulnerabilities
1
 min read

Session Fixation

Session fixation is a vulnerability that occurs when an attacker forces a user's session identifier to a known value. This vulnerability can lead to unauthorized access and session hijacking, compromising the security of a web application.

Vulnerabilities
2
 min read

Cross Site Scripting (Reflected)

'Cross-Site Scripting (XSS)' is a common web application vulnerability that allows attackers to inject malicious scripts into web pages viewed by users. Reflected XSS occurs when user-supplied data is not properly validated or sanitized, leading to the execution of malicious code in the user's browser.

Vulnerabilities
2
 min read

Server Side Include

The 'Server Side Include' vulnerability is a security weakness that allows an attacker to inject malicious code into a web application through improperly configured or unprotected server-side includes (SSI). This vulnerability can lead to unauthorized access, data leakage, and remote code execution.

Vulnerabilities
2
 min read

Parameter Tampering

The Parameter tampering vulnerability occurs when an attacker manipulates parameters sent to a web application to gain unauthorized access, alter data, or exploit vulnerabilities.

Vulnerabilities
1
 min read

CRLF Injection

CRLF (Carriage Return Line Feed) injection is a type of web application vulnerability that allows an attacker to manipulate the HTTP response headers by injecting unauthorized line breaks. This can lead to various security risks, such as HTTP response splitting attacks, session hijacking, cross-site scripting (XSS), and more.

Vulnerabilities
1
 min read

Integer Overflow Error

The 'Integer Overflow Error' vulnerability occurs when an integer value exceeds its maximum limit, leading to unexpected behavior and potential security risks, including memory corruption, crashes, and security exploits.

Vulnerabilities
1
 min read

Buffer Overflow

Buffer overflow is a common vulnerability that occurs when a program tries to write data beyond the boundaries of a fixed-size buffer. This can lead to overwriting adjacent memory areas, potentially allowing attackers to inject malicious code and gain control over the application.

Vulnerabilities
1
 min read

External Redirect

The 'External Redirect' vulnerability poses a significant risk to web applications, potentially leading to phishing attacks or unauthorized redirection of users to malicious websites. This vulnerability occurs when an application allows user-controlled input to be used in redirecting to external URLs. Attackers can exploit this by crafting malicious URLs and tricking users into visiting harmful websites.

Vulnerabilities
1
 min read

Remote Code Execution - CVE-2012-1823

The Remote Code Execution vulnerability identified as CVE-2012-1823 poses a significant security risk to web applications. This vulnerability allows an attacker to execute arbitrary code on a vulnerable server, potentially leading to unauthorized access, data breaches, or even a complete compromise of the system.

Vulnerabilities
2
 min read

Heartbleed OpenSSL Vulnerability

The Heartbleed OpenSSL vulnerability allows an attacker to exploit a flaw in OpenSSL's implementation of the Transport Layer Security (TLS) heartbeat extension, leading to the leakage of sensitive data from the server's memory.

Vulnerabilities
1
 min read

HTTP Parameter Pollution

'HTTP Parameter Pollution' (HPP), which occurs when the parameters passed in an HTTP request are manipulated or polluted. Attackers can exploit this vulnerability to bypass security controls, inject malicious code, or extract sensitive information.

Vulnerabilities
2
 min read

Absence of Anti-CSRF Tokens

The absence of Anti-CSRF (Cross-Site Request Forgery) tokens is a common vulnerability that leaves web applications exposed to unauthorized actions. CSRF attacks occur when a malicious actor tricks a victim into performing unintended actions on a web application.

Vulnerabilities
1
 min read

Authentication Request Identified

The 'Authentication Request Identified' vulnerability refers to a potential security weakness in the authentication mechanism of a web application. This vulnerability can be exploited by attackers to gain unauthorized access to sensitive information or perform malicious actions.

Vulnerabilities
2
 min read

Dangerous JS Functions

The 'Dangerous JS Functions' vulnerability is a web application security issue that can expose sensitive information or enable malicious activities due to the use of certain JavaScript functions that can be exploited by attackers.

Vulnerabilities
1
 min read

Modern Web Application

The 'Modern Web Application' vulnerability is a broad term used by external vulnerability scanners to highlight potential security weaknesses in web applications. It refers to a wide range of potential vulnerabilities, such as Cross-Site Scripting (XSS), SQL Injection, Cross-Site Request Forgery (CSRF), and more.

Vulnerabilities
1
 min read

Reverse Tabnabbing

"Reverse Tabnabbing" is a vulnerability that allows an attacker to deceive users by tampering with links, leading to potential phishing attacks or the disclosure of sensitive information.

Vulnerabilities
1
 min read

Httpoxy - Proxy Header Misuse

The Httpoxy vulnerability is a security issue that occurs due to a misconfiguration in the handling of proxy headers by web applications. This vulnerability allows an attacker to manipulate HTTP request headers, potentially leading to various attacks such as Remote Code Execution (RCE) or Information Disclosure.

Vulnerabilities
1
 min read

HTTP Only Site

The 'HTTP Only Site' vulnerability is a security concern that can expose your web application to potential attacks. By not enforcing the secure HTTPS protocol, sensitive information transmitted between the web server and the user's browser becomes vulnerable to interception and manipulation.

Vulnerabilities
1
 min read

User Agent Fuzzer

The 'User Agent Fuzzer' vulnerability is a security issue that can affect web applications. It involves manipulating the user agent string to exploit weaknesses in the application's handling of user agent information. This vulnerability can potentially lead to unauthorized access, data breaches, and other malicious activities.

Vulnerabilities
1
 min read

Image Exposes Location or Privacy Data

The 'Image Exposes Location or Privacy Data' vulnerability is a critical issue that can potentially expose sensitive information to unauthorized individuals. This vulnerability occurs when images in a web application contain embedded location or privacy data, which can be accessed by attackers.

Vulnerabilities
1
 min read

Source Code Disclosure

Source Code Disclosure is a critical vulnerability that occurs when an attacker gains access to the source code of a web application. This exposure can lead to severe consequences, including information leakage, unauthorized access, and potential exploitation of security vulnerabilities.

Vulnerabilities
1
 min read

Cross-Domain Misconfiguration

Cross-Domain Misconfiguration is a common vulnerability that can expose your web application to various security risks, including cross-site scripting (XSS) attacks, clickjacking, and data leakage. It occurs when a web application allows unauthorized cross-domain communication, enabling malicious entities to access sensitive information or perform unauthorized actions.

Vulnerabilities
1
 min read

Hash Disclosure

The 'Hash Disclosure' vulnerability is a critical security issue that can expose sensitive information, such as user passwords or other confidential data, stored in a web application's hashes.

Vulnerabilities
2
 min read

Timestamp Disclosure

The 'Timestamp Disclosure' vulnerability refers to the disclosure of sensitive system information, such as the timestamp of the server or the underlying technology stack used, which can aid potential attackers in exploiting weaknesses.

Vulnerabilities
1
 min read

Backup File Disclosure

The 'Backup File Disclosure' vulnerability is a critical security issue that can expose sensitive information about your web application. Attackers may exploit this vulnerability to gain unauthorized access to backup files, which can contain sensitive data, configuration files, or even source code.

Vulnerabilities
1
 min read

Base64 Disclosure

The 'Base64 Disclosure' vulnerability occurs when sensitive information is encoded using Base64 and then unintentionally exposed or disclosed within the application's source code or response data.

Vulnerabilities
1
 min read

Use of SAML

SAML is an XML-based standard used for exchanging authentication and authorization data between identity providers and service providers. The 'Use of SAML' vulnerability refers to incorrect usage or misconfigurations of SAML, which can introduce vulnerabilities that can be exploited by attackers.

Vulnerabilities
2
 min read

Deprecated Feature Policy Header Set

The 'Deprecated Feature Policy Header Set' vulnerability refers to the usage of deprecated features in web applications. Deprecated features are those that have been marked as outdated or obsolete and may pose security risks.

Vulnerabilities
1
 min read

Permissions Policy Header Not Set

The 'Permissions Policy Header Not Set' vulnerability is a common issue that affects many web applications. It occurs when the web application does not set the appropriate permissions policy header, which can allow unauthorized access or exploitation of the application.

Vulnerabilities
1
 min read

PII Disclosure

PII (Personally Identifiable Information) disclosure is a serious security vulnerability that occurs when sensitive information, such as name, address, social security number, or other sensitive data, is exposed to unauthorized individuals. The consequences of PII disclosure can be significant, including identity theft, financial fraud, and other security breaches.

Vulnerabilities
1
 min read

X-AspNet-Version Response Header

The 'X-AspNet-Version Response Header' vulnerability is a common security issue that affects web applications built on the ASP.NET framework. This vulnerability occurs when the web server reveals the version of ASP.NET in the response headers, which can potentially provide valuable information to attackers.

Vulnerabilities
1
 min read

GET for POST

The 'GET for POST' vulnerability occurs when a web application uses the GET method to perform actions that should be restricted to the POST method. This vulnerability can expose sensitive data and lead to various security risks.

Vulnerabilities
 min read

Username Hash Found

The 'Username Hash Found' vulnerability occurs when the username of a user is found in a hash format, which can be easily decoded by an attacker. This can lead to a potential data breach, as attackers can gain access to user accounts and sensitive information.

Vulnerabilities
 min read

X-Debug-Token Information Leak

X-Debug-Token Information Leak is a vulnerability that can allow attackers to obtain sensitive information about the application's environment and configuration, which could potentially be used to launch further attacks.

Vulnerabilities
2
 min read

CSP: Header & Meta

CSP is a security mechanism for web applications to prevent cross-site scripting (XSS) attacks, clickjacking, and other code injection attacks. CSP allows web developers to define the sources from which web resources can be loaded and executed. The vulnerability 'CSP: Header & Meta' refers to the absence of a CSP header or the presence of an insecure policy. This can allow the loading of resources from arbitrary sources, making it easier for attackers to inject malicious code into the web application.

Vulnerabilities
1
 min read

CSP: Meta Policy Invalid Directive

CSP is a browser security mechanism that helps protect against various types of attacks, including cross-site scripting (XSS) and data injection. The CSP: Meta Policy Invalid Directive vulnerability occurs when the CSP meta policy contains invalid directives, which can weaken the security posture of the application.

Vulnerabilities
2
 min read

CSP: script-src unsafe-eval

CSP allows website administrators to control the resources that a browser can load from a web page. This is designed to protect websites from code injection attacks. The 'CSP: script-src unsafe-eval' vulnerability is a type of CSP violation that occurs when a website allows the use of the 'unsafe-eval' keyword in the script-src directive, which allows JavaScript code to be executed from strings, which can then be used by attackers to inject malicious code into a web page.

Vulnerabilities
2
 min read

CSP: Malformed Policy (Non-ASCII)

CSP is an important security mechanism that helps prevent web-based attacks. It does so by defining a set of rules that govern the behavior of web browsers when loading and executing resources from external sources. The 'CSP: Malformed Policy (Non-ASCII)' vulnerability is when CSP is misconfigured or malformed, leaving your web application vulnerable to various types of attacks.

Vulnerabilities
1
 min read

CSP: style-src unsafe-hashes

CSP is a powerful feature that helps prevent attacks such as Cross-Site Scripting (XSS) and code injection. The 'CSP: style-src unsafe-hashes' vulnerability allows any inline style to be injected, including malicious styles. This vulnerability can allow attackers to execute XSS attacks, inject malicious code, and steal sensitive information.

Vulnerabilities
1
 min read

CSP: script-src unsafe-hashes

CSP is a security mechanism that helps mitigate various types of attacks by defining which resources are allowed to be loaded by the browser. The ‘CSP: script-src unsafe-hashes' vulnerability arises due to the use of 'unsafe-hashes' in the 'script-src' directive, which poses a potential risk, as it allows inline scripts that may be susceptible to various attacks.

Vulnerabilities
 min read

Achieve SOC2 Compliance

We make your startup SOC2 compliant by implementing and managing the required security controls for you.

Get Started