Bash Command Injection (Shellshock) |
Critical |
Code Execution via File Upload |
Critical |
Code Injection |
Critical |
Code Injection (Apache Struts) |
Critical |
Code Injection (ASP) |
Critical |
Code Injection (Node.js) |
Critical |
Code Injection (Perl) |
Critical |
Code Injection (PHP) |
Critical |
Code Injection (Python) |
Critical |
Code Injection (Ruby) |
Critical |
Command Injection |
Critical |
Command Injection (Blind) |
Critical |
Oracle WebLogic Server Administration Console |
Critical |
Remote File Inclusion |
Critical |
Server Side Template Injection |
Critical |
Server Side Template Injection (doT) |
Critical |
Server Side Template Injection (EJS) |
Critical |
Server Side Template Injection (ERB) |
Critical |
Server Side Template Injection (Freemarker) |
Critical |
Server Side Template Injection (Jinja) |
Critical |
Server Side Template Injection (Mako) |
Critical |
Server Side Template Injection (Marko) |
Critical |
Server Side Template Injection (Nunjucks) |
Critical |
Server Side Template Injection (Pug) |
Critical |
Server Side Template Injection (Slim) |
Critical |
Server Side Template Injection (Smarty) |
Critical |
Server Side Template Injection (Tornado) |
Critical |
Server Side Template Injection (Twig) |
Critical |
Server Side Template Injection (Velocity) |
Critical |
SQL Injection |
Critical |
SQL Injection (Blind) |
Critical |
SQL Injection (Boolean) |
Critical |
Code Evaluation via Local File Inclusion |
High |
Code Repository |
High |
Code Repository (CVS) |
High |
Code Repository (Git) |
High |
Code Repository (SVN) |
High |
Cross-site Scripting |
High |
Cross-site Scripting (DOM based) |
High |
Cross-site Scripting (Reflected) |
High |
elmah.axd Detected |
High |
File Inclusion |
High |
Local File Inclusion |
High |
Macromedia Dreamweaver database scripts |
High |
Misconfigured CORS |
High |
Second Order Injection |
High |
Sensitive Data over HTTP |
High |
trace.axd Detected |
High |
Unrestricted File Upload |
High |
XML External Entity Injection |
High |
XPath Injection |
High |
Apache perl-status Enabled |
Medium |
Apache server-info Enabled |
Medium |
Apache server-status Enabled |
Medium |
apc.php page |
Medium |
AWStats script |
Medium |
Backup File |
Medium |
Backup Folder |
Medium |
Base Tag Hijacking |
Medium |
Basic Authentication over HTTP |
Medium |
Configuration File |
Medium |
Configuration File (Grunt) |
Medium |
Configuration File (Laravel) |
Medium |
Configuration File (Rails Database) |
Medium |
Configuration File (Rake) |
Medium |
Configuration File (Ruby Gem) |
Medium |
Configuration File (Travis CI) |
Medium |
Configuration File (Vagrant) |
Medium |
Configuration File (Wordpress) |
Medium |
Core dump checker PHP script |
Medium |
Directory Listing |
Medium |
External Script Injection |
Medium |
Form Hijacking |
Medium |
Frame Injection |
Medium |
HTML Injection |
Medium |
JetBrains .idea project directory |
Medium |
Laravel log file |
Medium |
Mixed Content |
Medium |
Mixed Content (Active) |
Medium |
phpinfo page |
Medium |
Possible Cross-site Scripting (DOM based) |
Medium |
Readable .htaccess file |
Medium |
Sensitive Data in Query String |
Medium |
Short File Naming Enabled |
Medium |
Source Code Disclosure |
Medium |
URL Redirection to Untrusted Site |
Medium |
Webalizer script |
Medium |
.DS_Store file |
Low |
Apache MultiViews Enabled |
Low |
Autocomplete Enabled |
Low |
Error Message |
Low |
Error Message (ASP.NET) |
Low |
Error Message (MySQL) |
Low |
Error Message (PHP) |
Low |
Error Message (SQLite) |
Low |
External CSS Injection |
Low |
External Object Injection |
Low |
Forbidden Resource |
Low |
HTTP Response Splitting |
Low |
Image Injection |
Low |
Insecure iFrame |
Low |
Internal Server Error |
Low |
Long Redirect Response |
Low |
Missing X-Frame-Options Header |
Low |
Mixed Content (Passive) |
Low |
Multiple Choices Enabled |
Low |
Not Http-Only Cookie |
Low |
Not Secure Cookie |
Low |
OPTIONS Method Enabled |
Low |
Predictable Resource Location |
Low |
Server Error |
Low |
Stack Trace |
Low |
Stack Trace (ASP.NET) |
Low |
Stack Trace (Java) |
Low |
Stack Trace (Node.js) |
Low |
Stack Trace (PHP) |
Low |
Stack Trace (Python) |
Low |
Undefined Content-Type Header |
Low |
Administration page |
Information |
Administration page (JBoss JMX) |
Information |
Administration page (phpMyAdmin) |
Information |
Administration page (Tomcat Manager) |
Information |
Administration page (Wordpress) |
Information |
Application Disclosure |
Information |
Application Fingerprinting |
Information |
CDN Detected |
Information |
CDN Detected (Akamai China CDN) |
Information |
CDN Detected (Akamai) |
Information |
CDN Detected (Alimama) |
Information |
CDN Detected (Amazon CloudFront) |
Information |
CDN Detected (Ananke) |
Information |
CDN Detected (Aryaka) |
Information |
CDN Detected (AT&T) |
Information |
CDN Detected (Azion) |
Information |
CDN Detected (BelugaCDN) |
Information |
CDN Detected (Bison Grid) |
Information |
CDN Detected (BitGravity) |
Information |
CDN Detected (Blue Hat Network) |
Information |
CDN Detected (BO.LT) |
Information |
CDN Detected (BunnyCDN) |
Information |
CDN Detected (Cachefly) |
Information |
CDN Detected (Caspowa) |
Information |
CDN Detected (CDN77) |
Information |
CDN Detected (CDNetworks) |
Information |
CDN Detected (CDNify) |
Information |
CDN Detected (CDNsun) |
Information |
CDN Detected (CDNvideo) |
Information |
CDN Detected (ChinaCache) |
Information |
CDN Detected (ChinaNetCenter) |
Information |
CDN Detected (Cloudflare) |
Information |
CDN Detected (Cotendo CDN) |
Information |
CDN Detected (cubeCDN) |
Information |
CDN Detected (EdgeCast) |
Information |
CDN Detected (Facebook) |
Information |
CDN Detected (Fastly) |
Information |
CDN Detected (G-core) |
Information |
CDN Detected (GoCache) |
Information |
CDN Detected (Google) |
Information |
CDN Detected (Hibernia) |
Information |
CDN Detected (Highwinds) |
Information |
CDN Detected (Hosting4CDN) |
Information |
CDN Detected (Incapsula) |
Information |
CDN Detected (Instart Logic) |
Information |
CDN Detected (Internap) |
Information |
CDN Detected (jsDelivr) |
Information |
CDN Detected (KeyCDN) |
Information |
CDN Detected (Kingsoft) |
Information |
CDN Detected (LeaseWeb CDN) |
Information |
CDN Detected (Level 3) |
Information |
CDN Detected (Limelight) |
Information |
CDN Detected (MediaCloud) |
Information |
CDN Detected (Medianova) |
Information |
CDN Detected (Microsoft Azure) |
Information |
CDN Detected (Mirror Image) |
Information |
CDN Detected (NetDNA) |
Information |
CDN Detected (Netlify) |
Information |
CDN Detected (NGENIX) |
Information |
CDN Detected (NYI FTW) |
Information |
CDN Detected (OnApp) |
Information |
CDN Detected (Optimal CDN) |
Information |
CDN Detected (PageRain) |
Information |
CDN Detected (QUANTIL) |
Information |
CDN Detected (Rackspace) |
Information |
CDN Detected (Reapleaf) |
Information |
CDN Detected (Reflected Networks) |
Information |
CDN Detected (ReSRC.it) |
Information |
CDN Detected (Rev Software) |
Information |
CDN Detected (Roast.io) |
Information |
CDN Detected (section.io) |
Information |
CDN Detected (SFR) |
Information |
CDN Detected (Simple CDN) |
Information |
CDN Detected (StackPath) |
Information |
CDN Detected (SwiftCDN) |
Information |
CDN Detected (SwiftServe) |
Information |
CDN Detected (Taobao) |
Information |
CDN Detected (Tata communications) |
Information |
CDN Detected (Telefonica) |
Information |
CDN Detected (Telenor) |
Information |
CDN Detected (TRBCDN) |
Information |
CDN Detected (TurboBytes) |
Information |
CDN Detected (Twitter) |
Information |
CDN Detected (UnicornCDN) |
Information |
CDN Detected (VoxCDN) |
Information |
CDN Detected (WordPress) |
Information |
CDN Detected (Yahoo) |
Information |
CDN Detected (Yottaa) |
Information |
CDN Detected (Zenedge) |
Information |
Content Security Policy |
Information |
crossdomain.xml Detected |
Information |
Database Connection String |
Information |
Email Disclosure |
Information |
GraphQL Endpoint Detected |
Information |
Help file |
Information |
Information Leakage |
Information |
Internal IP Address Disclosure |
Information |
Internal Path |
Information |
Internal Path (Linux) |
Information |
Internal Path (Windows) |
Information |
Joomla Detected |
Information |
Out-of-date Version |
Information |
Out-of-date Version (Joomla) |
Information |
Out-of-date Version (WordPress) |
Information |
Reflected Value in HTTP Header |
Information |
Reflected-Filtered Inputs |
Information |
robots.txt Detected |
Information |
Silverlight Client Access Policy |
Information |
Sitemap Detected |
Information |
Username Disclosure |
Information |
Web Backdoor |
Information |
WordPress Detected |
Information |