Main Content

Vulnerability Templates

Reused Local Administrator Password

Information Disclosure Verbose Error Messages

JSONP Insufficient Origin Validation

Insecure Direct Object Reference

Weak Domain Administrator Passwords

LM Password Hash Storage

Weak Domain User Passwords

Group Policy Preferences Password Disclosure

WPAWPA2 Brute Force Vulnerability

Insufficient Application Whitelisting

Insufficient Local and Domain Account Lockout Policy

Insufficient Restrictions on Windows Features

Information Disclosure Username Enumeration

Missing XSS Protection Security Header

Frameable URL Could Allow Clickjacking Attacks

Missing Cross-Site Request Forgery Protection: Sensitive Function

Missing Cross-Site Request Forgery Protection: Non-sensitive Function


Missing Nosniff Security Header

Missing Strict-Transport-Security Header

Unvalidated Cross-Site Request Forgery Protection

Password Field With Auto-complete Enabled

Information Disclosure Expose_Php

Information Disclosure Mac OS ds_store Directory Listing

Unencrypted Protocol Detected

XML External Entity Injection

Administrative Login Interface Exposed

Internet Key Exchange v1 Aggressive Mode-Enabled

Information Disclosure IIS/Exchange Internal IP Address Disclosure

Missing HTTP Security Headers

IPMI v2-0 Password Hash Disclosure

Microsoft Exchange Client Access Server Information Disclosure

User Account Enumeration NULL session

Weak Domain Trusts

Information Disclosure HTTP Response Headers

Administrative Login Prompt Accessible

Java Deserialization Vulnerability

Insecure Terminal Service Configuration

Insecure SSL Certificate Detected

Insecure SSL/TLS Ciphers Supported

Outdated Software Java/Flash/Adobe Reader

Open URL Redirect

Account Takeover: Password Reset

Whitelisting is Cheating