Vulnerabilities

 Articles

Read about the latest security vulnerabilities that Cybercriminals often exploit to compromise websites, infect users, and gain illicit access to their sensitive data.

Server Leaks Information via 'X-Powered-By' HTTP Response Header Field(s)

The web/application server is leaking information via one or more “X-Powered-By” HTTP response headers.

Vulnerabilities
1
 min read

Strict-Transport-Security Header

HTTP Strict Transport Security (HSTS).

Vulnerabilities
1
 min read

Heartbleed OpenSSL Vulnerability (Indicative)

The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets.

Vulnerabilities
1
 min read

Directory Browsing

It is possible to view a listing of the directory contents.

Vulnerabilities
1
 min read

Split Viewstate in Use

This website uses ASP.NET's Viewstate, and its value is split into several chunks.

Vulnerabilities
1
 min read

Viewstate without MAC Signature (Sure)

This website uses ASP.NET's Viewstate but without any MAC.

Vulnerabilities
1
 min read

Viewstate without MAC Signature (Unsure)

This website uses ASP.NET's Viewstate but maybe without any MAC.

Vulnerabilities
1
 min read

Old Asp.Net Version in Use

This website uses ASP.NET version 1.0 or 1.1.

Vulnerabilities
1
 min read

Emails Found in the Viewstate

Potential email addresses were found to be serialized in the ViewState field.

Vulnerabilities
1
 min read

Potential IP Addresses Found in the Viewstate

Potential IP addresses were found to be serialized in the ViewState field.

Vulnerabilities
1
 min read

User Controllable HTML Element Attribute (Potential XSS)

This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled.

Vulnerabilities
1
 min read

User Controllable Charset

If an attacker can control the response charset, they could manipulate the HTML to perform XSS or other attacks.

Vulnerabilities
1
 min read

Cookie Poisoning

A cookie poisoning attack and becomes exploitable when an attacker can manipulate the cookie in various ways.

Vulnerabilities
1
 min read

Open Redirect

This check looks at user-supplied input in query string parameters and POST data to identify where open redirects might be possible.

Vulnerabilities
1
 min read

Information Disclosure - Suspicious Comments

The response appears to contain suspicious comments which may help an attacker.

Vulnerabilities
1
 min read

HTTP Parameter Override

Unspecified form action: HTTP parameter override attack potentially possible.

Vulnerabilities
1
 min read

Information Disclosure - Sensitive Information in HTTP Referrer Header

The HTTP header may have leaked a potentially sensitive parameter to another domain.

Vulnerabilities
1
 min read

Information Disclosure - Sensitive Information in URL

The request appeared to contain sensitive information leaked in the URL.

Vulnerabilities
1
 min read

Information Disclosure - Debug Error Messages

The response appeared to contain common error messages.

Vulnerabilities
1
 min read

X-Content-Type-Options Header Missing

The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ‘nosniff’.

Vulnerabilities
1
 min read

X-Frame-Options Setting Malformed

An X-Frame-Options header was present in the response but the value was not correctly set.

Vulnerabilities
1
 min read

X-Frame-Options Defined via META (Non-compliant with Spec)

An X-Frame-Options (XFO) META tag was found, defining XFO via a META tag is explicitly not supported by the spec (RFC 7034).

Vulnerabilities
1
 min read

Multiple X-Frame-Options Header Entries

X-Frame-Options (XFO) headers were found, a response with multiple XFO header entries may not be predictably treated by all user-agents.

Vulnerabilities
1
 min read

X-Frame-Options Header Not Set

X-Frame-Options header is not included in the HTTP response to protect against ‘ClickJacking’ attacks.

Vulnerabilities
1
 min read

Content-Type Header Missing

The Content-Type header was either missing or empty.

Vulnerabilities
1
 min read

Cross-Domain JavaScript Source File Inclusion

The page includes one or more script files from a third-party domain.

Vulnerabilities
2
 min read

Incomplete or No Cache-control Header Set

The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content.

Vulnerabilities
1
 min read

Cookie Without Secure Flag

A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.

Vulnerabilities
1
 min read

Cookie No HttpOnly Flag

A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript.

Vulnerabilities
1
 min read

In Page Banner Information Leak

The server returned a version banner string in the response content. Such information leaks may allow attackers to further target specific issues impacting the product and version in use.

Vulnerabilities
1
 min read

Vulnerable JS Library

The identified library ExampleJSLibrary, version x.y.z is vulnerable.

Vulnerabilities
1
 min read

Source Code Disclosure - File Inclusion

Inclusion of Sensitive Information in an Include File.

Vulnerabilities
5
 min read

Source Code Disclosure - SVN

The source code for the current page was disclosed by the web server.

Vulnerabilities
1
 min read

Source Code Disclosure - Git

The source code for the current page was disclosed by the web server.

Vulnerabilities
1
 min read

Remote File Inclusion

Remote File Include (RFI) is an attack technique used to exploit “dynamic file include” mechanisms in web applications.

Vulnerabilities
5
 min read

Path Traversal

The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory.

Vulnerabilities
5
 min read

Session ID in URL Rewrite

URL rewrite is used to track user session ID. The session ID may be disclosed via cross-site referer header.

Vulnerabilities
1
 min read

Private IP Disclosure

A private IP (such as 10.x.x.x, 172.x.x.x, 192.168.x.x) or an Amazon EC2 private hostname (for example, ip-10-0-56-78) has been found in the HTTP response body.

Vulnerabilities
1
 min read

Directory Browsing

A directory listing provides an attacker with the complete index of all the resources located inside of the directory.

Vulnerabilities
1
 min read

Managed Cybersecurity Services tailored to your Startup

We make your startup secure and compliant by implementing and managing the security controls your customers deserve.

Thank you for registering!
Oops! Something went wrong.