Vulnerabilities

 Articles

Read about the latest security vulnerabilities that Cybercriminals often exploit to compromise websites, infect users, and gain illicit access to their sensitive data.

Server Leaks Information via 'X-Powered-By' HTTP Response Header Field(s)

The web/application server is leaking information via one or more “X-Powered-By” HTTP response headers.

Vulnerabilities
1
 min read

Strict-Transport-Security Header

HTTP Strict Transport Security (HSTS).

Vulnerabilities
1
 min read

Heartbleed OpenSSL Vulnerability (Indicative)

The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets.

Vulnerabilities
1
 min read

Directory Browsing

It is possible to view a listing of the directory contents.

Vulnerabilities
1
 min read

Split Viewstate in Use

This website uses ASP.NET's Viewstate, and its value is split into several chunks.

Vulnerabilities
1
 min read

Viewstate without MAC Signature (Sure)

This website uses ASP.NET's Viewstate but without any MAC.

Vulnerabilities
1
 min read

Viewstate without MAC Signature (Unsure)

This website uses ASP.NET's Viewstate but maybe without any MAC.

Vulnerabilities
1
 min read

Old Asp.Net Version in Use

This website uses ASP.NET version 1.0 or 1.1.

Vulnerabilities
1
 min read

Emails Found in the Viewstate

Potential email addresses were found to be serialized in the ViewState field.

Vulnerabilities
1
 min read

Potential IP Addresses Found in the Viewstate

Potential IP addresses were found to be serialized in the ViewState field.

Vulnerabilities
1
 min read

User Controllable HTML Element Attribute (Potential XSS)

This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled.

Vulnerabilities
1
 min read

User Controllable Charset

If an attacker can control the response charset, they could manipulate the HTML to perform XSS or other attacks.

Vulnerabilities
1
 min read

Cookie Poisoning

A cookie poisoning attack and becomes exploitable when an attacker can manipulate the cookie in various ways.

Vulnerabilities
1
 min read

Open Redirect

This check looks at user-supplied input in query string parameters and POST data to identify where open redirects might be possible.

Vulnerabilities
1
 min read

Information Disclosure - Suspicious Comments

The response appears to contain suspicious comments which may help an attacker.

Vulnerabilities
1
 min read

HTTP Parameter Override

Unspecified form action: HTTP parameter override attack potentially possible.

Vulnerabilities
1
 min read

Information Disclosure - Sensitive Information in HTTP Referrer Header

The HTTP header may have leaked a potentially sensitive parameter to another domain.

Vulnerabilities
1
 min read

Information Disclosure - Sensitive Information in URL

The request appeared to contain sensitive information leaked in the URL.

Vulnerabilities
1
 min read

Information Disclosure - Debug Error Messages

The response appeared to contain common error messages.

Vulnerabilities
1
 min read

X-Content-Type-Options Header Missing

The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ‘nosniff’.

Vulnerabilities
1
 min read

X-Frame-Options Setting Malformed

An X-Frame-Options header was present in the response but the value was not correctly set.

Vulnerabilities
1
 min read

X-Frame-Options Defined via META (Non-compliant with Spec)

An X-Frame-Options (XFO) META tag was found, defining XFO via a META tag is explicitly not supported by the spec (RFC 7034).

Vulnerabilities
1
 min read

Multiple X-Frame-Options Header Entries

X-Frame-Options (XFO) headers were found, a response with multiple XFO header entries may not be predictably treated by all user-agents.

Vulnerabilities
1
 min read

X-Frame-Options Header Not Set

X-Frame-Options header is not included in the HTTP response to protect against ‘ClickJacking’ attacks.

Vulnerabilities
1
 min read

Content-Type Header Missing

The Content-Type header was either missing or empty.

Vulnerabilities
1
 min read

Cross-Domain JavaScript Source File Inclusion

The page includes one or more script files from a third-party domain.

Vulnerabilities
2
 min read

Incomplete or No Cache-control Header Set

The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content.

Vulnerabilities
1
 min read

Cookie Without Secure Flag

A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.

Vulnerabilities
1
 min read

Cookie No HttpOnly Flag

A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript.

Vulnerabilities
1
 min read

In Page Banner Information Leak

The server returned a version banner string in the response content. Such information leaks may allow attackers to further target specific issues impacting the product and version in use.

Vulnerabilities
1
 min read

Vulnerable JS Library

The identified library ExampleJSLibrary, version x.y.z is vulnerable.

Vulnerabilities
1
 min read

Source Code Disclosure - File Inclusion

Inclusion of Sensitive Information in an Include File.

Vulnerabilities
5
 min read

Source Code Disclosure - SVN

The source code for the current page was disclosed by the web server.

Vulnerabilities
1
 min read

Source Code Disclosure - Git

The source code for the current page was disclosed by the web server.

Vulnerabilities
1
 min read

Remote File Inclusion

Remote File Include (RFI) is an attack technique used to exploit “dynamic file include” mechanisms in web applications.

Vulnerabilities
5
 min read

Path Traversal

The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory.

Vulnerabilities
5
 min read

Session ID in URL Rewrite

URL rewrite is used to track user session ID. The session ID may be disclosed via cross-site referer header.

Vulnerabilities
1
 min read

Private IP Disclosure

A private IP (such as 10.x.x.x, 172.x.x.x, 192.168.x.x) or an Amazon EC2 private hostname (for example, ip-10-0-56-78) has been found in the HTTP response body.

Vulnerabilities
1
 min read

Directory Browsing

A directory listing provides an attacker with the complete index of all the resources located inside of the directory.

Vulnerabilities
1
 min read

Secure Your Startup. Today.

We make your startup secure and compliant by implementing and managing the security controls your customers require.

Get Started