偵測

Plugin Release Notes

WAS Plugin Feed202312061345

Dec 6, 2023, 1:45 PM

Modified Detection
  • 112615OpenAPI File Detected
  • 113059OPcache UI Detected
  • 113310Blind XPath Injection (differential analysis)
  • 113520Kibana 7.14.0 HTML Injection
  • 113521Kibana 7.10.2 < 7.14.1 Code Execution
  • 113522Kibana 7.9.0 < 7.14.1 Path Traversal
  • 113550Zoho ManageEngine SAML SSO Remote Code Execution
  • 114117OwnCloud graphapi 0.2.x < 0.2.1 / 0.3.x < 0.3.1 Sensitive Informations Disclosure
  • 114122Appwrite Server-Side Request Forgery
  • 114123Atlassian Confluence 4.x < 7.19.17 Template Injection
  • 114124Atlassian Confluence 8.x < 8.4.5 Template Injection
  • 114125Atlassian Confluence 8.5.x < 8.5.4 Template Injection
  • 114126Atlassian Confluence 8.6.x < 8.6.2 Template Injection
  • 114127Atlassian Confluence 8.7.x < 8.7.1 Template Injection
  • 98117Blind SQL Injection (differential analysis)
  • 98119Blind NoSQL Injection (differential analysis)
  • 98203WordPress User Enumeration
  • 98936Joomla! 2.5.x < 3.9.14 Multiple Vulnerabilities
New
  • 114118OwnCloud 10.6.x < 10.13.1 WebDav Authentication Bypass
  • 114119Apache Tomcat 10.1.0-M1 < 10.1.16 Request Smuggling
  • 114120Apache Tomcat 9.0.0-M1 < 9.0.83 Request Smuggling
  • 114121Apache Tomcat 8.5.x < 8.5.96 Request Smuggling
WAS Plugin Feed202312010605

Dec 1, 2023, 6:05 AM

Modified Detection
  • 113136Wordpress Administration Panel Login Form Bruteforced
  • 114117OwnCloud graphapi 0.2.x < 0.2.1 / 0.3.x < 0.3.1 Sensitive Informations Disclosure
  • 98129Credit Card Number Disclosure
  • 98780Java Object Deserialization
New
  • 114114WS_FTP Server Remote Code Execution
  • 114116XML Injection
WAS Plugin Feed202311220755

Nov 22, 2023, 7:55 AM

Modified Detection
  • 98084Directory Listing
  • 98098Source Code Disclosure
  • 98143Selenium Crawl Succeeded
  • 98145Selenium Crawl Failed
  • 98212WordPress Directory Listing
  • 98213Drupal Directory Listing
  • 98214Joomla! Directory Listing
  • 98986Magento Directory Listing
New
  • 114111SAP NetWeaver KW Reflected Cross-Site Scripting
  • 114113Keycloak Reflected Cross-Site Scripting
WAS Plugin Feed202311170804

Nov 17, 2023, 8:04 AM

Modified Detection
  • 112798Session Cookies Detected
  • 112804phpBB User Enumeration
  • 112809GraphQL Detected
  • 113393Performance Telemetry
  • 98000Scan Information
  • 98007URI Blocked Due to Exclusion Rule
  • 98008Web Application Firewall Detected
  • 98009Web Application Sitemap
  • 98019Network Timeout Encountered
  • 98047Allowed HTTP Methods
  • 98059Technologies Detected
  • 98061Cookies Collected
  • 98077Private IP Address Disclosure
  • 98078E-mail Address Disclosure
  • 98111DOM Elements Excluded
  • 98208Joomla! User Enumeration
  • 98209Drupal User Enumeration
  • 98671CVS Entries Detected
  • 98772Fetch/XHR Detected
New
  • 114110Atlassian SAML Single Sign-On Bypass
  • 114112SysAid On-Premise < 23.3.36 Path Traversal
WAS Plugin Feed202311150725

Nov 15, 2023, 7:25 AM

Modified Detection
  • 112476Prototype < 1.6.0.2 Cross-Site Ajax Request
  • 112697JSON Web Token Weak Secret
  • 113900Cross-Site Request Forgery Token Validation Bypass
  • 113987PHP 8.1.x < 8.1.22 Multiple Vulnerabilities
  • 113988PHP 8.0.x < 8.0.30 Multiple Vulnerabilities
  • 114007PHP 8.2.x < 8.2.9 Multiple Vulnerabilities
  • 114055Simple Membership Plugin For WordPress < 4.3.6 Reflected Cross-Site Scripting
  • 114090Apache 2.4.x < 2.4.58 Multiple Vulnerabilities
  • 114092Royal Elementor Addons and Templates Plugin for WordPress < 1.3.79 Arbitrary File Upload
  • 114101Atlassian Confluence 7.x < 7.19.16 Improper Authorization
  • 114102Atlassian Confluence 8.x < 8.3.4 Improper Authorization
  • 114103Atlassian Confluence 8.4.x < 8.4.4 Improper Authorization
  • 114104Atlassian Confluence 8.5.x < 8.5.3 Improper Authorization
  • 114105Atlassian Confluence 8.6.x < 8.6.1 Improper Authorization
  • 114108Strapi < 4.8.0 Private Fields Sensitive Information Disclosure
  • 98806PHP 5.6.x < 5.6.14 Multiple Vulnerabilities
New
  • 114106ServiceNow Widgets Data Exposure
  • 114107Metabase GeoJSON Remote Code Execution
  • 114109Atlassian Confluence Improper Authorization
WAS Plugin Feed202311071717

Nov 7, 2023, 5:17 PM

Modified Detection
  • 113224Kerberos Authentication Succeeded
  • 113225Kerberos Authentication Failed
  • 114056Atlassian Confluence 8.x < 8.3.3 Privilege Escalation
  • 114057Atlassian Confluence 8.4.x < 8.4.3 Privilege Escalation
  • 114058Atlassian Confluence 8.5.x < 8.5.2 Privilege Escalation
  • 114101Atlassian Confluence 7.x < 7.19.16 Improper Authorization
  • 114102Atlassian Confluence 8.x < 8.3.4 Improper Authorization
  • 114103Atlassian Confluence 8.4.x < 8.4.4 Improper Authorization
  • 114104Atlassian Confluence 8.5.x < 8.5.3 Improper Authorization
  • 114105Atlassian Confluence 8.6.x < 8.6.1 Improper Authorization
  • 98779Source Code Passive Disclosure
WAS Plugin Feed202310301031

Oct 30, 2023, 10:31 AM

Modified Detection
  • 113987PHP 8.1.x < 8.1.22 Multiple Vulnerabilities
  • 113988PHP 8.0.x < 8.0.30 Multiple Vulnerabilities
  • 114007PHP 8.2.x < 8.2.9 Multiple Vulnerabilities
  • 114012Prometheus Sensitive Endpoint Detected
  • 114056Atlassian Confluence 8.x < 8.3.3 Privilege Escalation
  • 114057Atlassian Confluence 8.4.x < 8.4.3 Privilege Escalation
  • 114058Atlassian Confluence 8.5.x < 8.5.2 Privilege Escalation
  • 114060Apache Tomcat 11.0.0-M1 < 11.0.0-M12 Multiple Vulnerabilities
  • 114061Apache Tomcat 10.1.0-M1 < 10.1.14 Multiple Vulnerabilities
  • 114062Apache Tomcat 9.0.70 < 9.0.81 Multiple Vulnerabilities
  • 114063Apache Tomcat 8.5.85 < 8.5.94 Multiple Vulnerabilities
  • 114099Microsoft SharePoint Server 2019 build < 16.0.10399.20005 Elevation of Privilege
  • 98779Source Code Passive Disclosure
  • 98806PHP 5.6.x < 5.6.14 Multiple Vulnerabilities
  • 98828PHP 5.6.x < 5.6.5 Multiple Vulnerabilities
  • 98831PHP 5.6.x < 5.6.8 Multiple Vulnerabilities
  • 98901Apache 2.4.x < 2.4.3 Multiple Vulnerabilities
  • 98959Nginx < 1.7.5 SSL Session Reuse
  • 98960Nginx < 1.6.2 SSL Session Reuse
New
  • 114098Sitecore Remote Code Execution
  • 114100Citrix Gateway / ADC Sensitive Information Exposure
WAS Plugin Feed202310250932

Oct 25, 2023, 9:32 AM

Modified Detection
  • 114065Pimcore Administration Panel Login Form Detected
  • 114066WordPress 4.1.x < 4.1.39 Multiple Vulnerabilities
  • 114067WordPress 4.2.x < 4.2.36 Multiple Vulnerabilities
  • 114068WordPress 4.3.x < 4.3.32 Multiple Vulnerabilities
  • 114069WordPress 4.4.x < 4.4.31 Multiple Vulnerabilities
  • 114070WordPress 4.5.x < 4.5.30 Multiple Vulnerabilities
  • 114071WordPress 4.6.x < 4.6.27 Multiple Vulnerabilities
  • 114072WordPress 4.7.x < 4.7.27 Multiple Vulnerabilities
  • 114073WordPress 4.8.x < 4.8.23 Multiple Vulnerabilities
  • 114074WordPress 4.9.x < 4.9.24 Multiple Vulnerabilities
  • 114075WordPress 5.0.x < 5.0.20 Multiple Vulnerabilities
  • 114076WordPress 5.1.x < 5.1.17 Multiple Vulnerabilities
  • 114077WordPress 5.2.x < 5.2.19 Multiple Vulnerabilities
  • 114078WordPress 5.3.x < 5.3.16 Multiple Vulnerabilities
  • 114079WordPress 5.4.x < 5.4.14 Multiple Vulnerabilities
  • 114080WordPress 5.5.x < 5.5.13 Multiple Vulnerabilities
  • 114081WordPress 5.6.x < 5.6.12 Multiple Vulnerabilities
  • 114082WordPress 5.7.x < 5.7.10 Multiple Vulnerabilities
  • 114083WordPress 5.8.x < 5.8.8 Multiple Vulnerabilities
  • 114084WordPress 5.9.x < 5.9.8 Multiple Vulnerabilities
  • 114085WordPress 6.0.x < 6.0.6 Multiple Vulnerabilities
  • 114086WordPress 6.1.x < 6.1.4 Multiple Vulnerabilities
  • 114087WordPress 6.2.x < 6.2.3 Multiple Vulnerabilities
  • 114088WordPress 6.3.x < 6.3.2 Multiple Vulnerabilities
  • 114089Pimcore User Enumeration
  • 114090Apache 2.4.x < 2.4.58 Multiple Vulnerabilities
  • 114092Royal Elementor Addons and Templates Plugin for WordPress < 1.3.79 Arbitrary File Upload
  • 114093HandlebarsJS < 4.7.7 Multiple Vulnerabilities
  • 114094HandlebarsJS 4.x < 4.5.5 Regular Expression Denial Of Service
  • 114095HandlebarsJS < 3.0.8 Arbitrary Code Execution
  • 114096HandlebarsJS 4.x < 4.5.3 Arbitrary Code Execution
  • 114097HandlebarsJS < 4.3.0 Prototype Pollution
  • 98115SQL Injection
  • 98203WordPress User Enumeration
New
  • 114091WordPress WPEngine Configuration Detected
WAS Plugin Feed202310170831

Oct 17, 2023, 8:31 AM

Modified Detection
  • 112290Apache Tomcat 9.0.0.M1 < 9.0.10 Multiple Vulnerabilities
  • 112295Apache Tomcat 9.0.0.M1 < 9.0.0.M22 Multiple Vulnerabilities
  • 112354lighttpd < 1.4.28 Insecure Temporary File Creation
  • 112358lighttpd < 1.4.35 Multiple Vulnerabilities
  • 112476Prototype < 1.6.0.2 Cross-Site Ajax Request
  • 112501Sitefinity < 10.0.6412.0 Multiple Vulnerabilities
  • 112520Magento Unsupported Version
  • 112529Missing 'X-Content-Type-Options' Header
  • 112543HTTPS Not Detected
  • 112544HTTP to HTTPS Redirect Not Enabled
  • 112551Missing Content Security Policy
  • 112552Deprecated Content Security Policy
  • 112553Missing 'Cache-Control' Header
  • 112554Permissive Content Security Policy Detected
  • 112582Microsoft SharePoint Server 2016 < 16.0.5056.1001 Multiple Vulnerabilities
  • 112583Microsoft SharePoint Server 2019 < 16.0.10366.12106 Multiple Vulnerabilities
  • 112584Microsoft SharePoint Server 2013 < 15.0.5275.1001 Multiple Vulnerabilities
  • 112585Microsoft SharePoint Server 2010 < 14.0.7260.5000 Multiple Vulnerabilities
  • 112586Microsoft SharePoint Server 2016 < 16.0.5044.1000 Multiple Vulnerabilities
  • 112587Microsoft SharePoint Server 2013 < 15.0.5267.1000 Multiple Vulnerabilities
  • 112588Microsoft SharePoint Server 2019 < 16.0.10364.20001 Multiple Vulnerabilities
  • 112589Microsoft SharePoint Server 2010 < 14.0.7256.5000 Multiple Vulnerabilities
  • 112673Resin < 4.0.40 Incorrect Unicode Transformations
  • 112697JSON Web Token Weak Secret
  • 112703JSON Web Token None Hashing Algorithm
  • 112705Oracle WebLogic 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.4.0 / 14.1.1.0.0 Authentication Bypass
  • 112730Microsoft SharePoint Server 2016 < 16.0.5095.1000 Multiple Vulnerabilities
  • 112731Microsoft SharePoint Server 2019 < 16.0.10369.20000 Multiple Vulnerabilities
  • 112732Microsoft SharePoint Server 2010 < 14.0.7263.5000 Multiple Vulnerabilities
  • 112733Microsoft SharePoint Server 2010 < 14.0.7262.5000 Multiple Vulnerabilities
  • 112734Microsoft SharePoint Server 2019 < 16.0.10368.20022 Multiple Vulnerabilities
  • 112735Microsoft SharePoint Server 2013 < 15.0.5293.1000 Multiple Vulnerabilities
  • 112736Microsoft SharePoint Server 2016 < 16.0.5083.1000 Multiple Vulnerabilities
  • 112737Microsoft SharePoint Server 2010 < 14.0.7261.5000 Multiple Vulnerabilities
  • 112738Microsoft SharePoint Server 2019 < 16.0.10367.20000 Multiple Vulnerabilities
  • 112739Microsoft SharePoint Server 2016 < 16.0.5071.1000 Multiple Vulnerabilities
  • 112740Microsoft SharePoint Server 2013 < 15.0.5285.1000 Multiple Vulnerabilities
  • 112804phpBB User Enumeration
  • 112926Microsoft SharePoint Server 2019 < 16.0.10376.20001 Multiple Vulnerabilities
  • 112927Microsoft SharePoint Server 2016 < 16.0.5188.1000 Multiple Vulnerabilities
  • 112928Microsoft SharePoint Server 2013 < 15.0.5363.1000 Multiple Vulnerabilities
  • 112940Microsoft SharePoint Server 2019 < 16.0.10370.20001 Multiple Vulnerabilities
  • 112941Microsoft SharePoint Server 2016 < 16.0.5110.1000 Multiple Vulnerabilities
  • 112942Microsoft SharePoint Server 2010 < 14.0.7264.5000 Multiple Vulnerabilities
  • 112943Microsoft SharePoint Server 2013 < 15.0.5311.1000 Multiple Vulnerabilities
  • 113029Microsoft IIS Unsupported Version
  • 113059OPcache UI Detected
  • 113075Apache Log4j Remote Code Execution (Log4Shell)
  • 113078AngularJS Unsupported Version
  • 113088Microsoft SharePoint Server 2019 < 16.0.10377.20001 Multiple Vulnerabilities
  • 113089Microsoft SharePoint Server 2013 < 15.0.5371.1000 Multiple Vulnerabilities
  • 113090Microsoft SharePoint Server 2016 < 16.0.5200.1000 Multiple Vulnerabilities
  • 113117Magento Administration Panel Login Form Bruteforced
  • 113136Wordpress Administration Panel Login Form Bruteforced
  • 113158Package Dependencies Detected
  • 113165Apache mod_negotiation Alternative Filename Disclosure
  • 113168Docker Compose Configuration Detected
  • 113211HTTP Verb Tampering
  • 113242Java Psychic Signatures
  • 113338Web Cache Poisoning
  • 113420Nginx < 1.22.1 Multiple Vulnerabilities
  • 113421Nginx 1.23.x < 1.23.2 Multiple Vulnerabilities
  • 113458Yoast SEO Plugin for WordPress < 1.5.7 Multiple Vulnerabilities
  • 113459Yoast SEO Plugin for WordPress 1.6.x < 1.6.4 Multiple Vulnerabilities
  • 113460Yoast SEO Plugin for WordPress 1.7.x < 1.7.4 Multiple Vulnerabilities
  • 113467WP DBManager Plugin for WordPress < 2.7.2 Multiple Vulnerabilities
  • 113472WP EasyCart Plugin for WordPress < 3.0.9 Unrestricted File Upload
  • 113473WP Photo Album Plus Plugin for WordPress < 6.1.3 Multiple Cross-Site Scripting
  • 113474WP-Print Plugin for WordPress < 2.52 Cross-Site Request Forgery
  • 113475WP eCommerce Plugin for WordPress < 3.8.7.6 SQL Injection
  • 113476WP-PostViews Plugin for WordPress < 1.63 Cross-Site Request Forgery
  • 113478All In One WP Security & Firewall Plugin for WordPress < 3.8.8 SQL Injection
  • 113479All In One WP Security & Firewall Plugin for WordPress < 3.8.3 Multiple SQL Injection
  • 113488Advanced Dewplayer Plugin for WordPress < 1.3 Path Traversal
  • 113489WordPress Classifieds Plugin Plugin for WordPress < 3.0 SQL Injection
  • 113490WordPress Mobile Pack Plugin for WordPress < 2.0.2 Sensitive Information Disclosure
  • 113491WP Easy Post Types Plugin for WordPress < 1.4.4 Cross-Site Scripting
  • 113492Apptha WordPress Video Gallery Plugin for WordPress < 2.8.0 SQL Injection
  • 113493Cross-RSS Plugin for WordPress Arbitrary Files Read
  • 113494WP Ultimate Email Marketer Plugin for WordPress Multiple Vulnerabilities
  • 113495WP Cron Dashboard Plugin for WordPress < 1.1.6 Cross-Site Scripting
  • 113496WP RESTful Plugin for WordPress Multiple Cross-Site Scripting
  • 113497Social Invitations Plugin for WordPress < 1.4.4.3 Cross-Site Scripting
  • 113498WP e-Commerce Shop Styling Plugin for WordPress < 1.8 Code Injection
  • 113499WP Symposium Plugin for WordPress < 15.8 SQL Injection
  • 113503WordPress < 2.1 Cross-Site Request Forgery
  • 113504Slimstat Analytics Plugin for WordPress < 3.9.2 Cross-site Scripting
  • 113520Kibana 7.14.0 HTML Injection
  • 113521Kibana 7.10.2 < 7.14.1 Code Execution
  • 113522Kibana 7.9.0 < 7.14.1 Path Traversal
  • 113545Apache 2.4.x < 2.4.55 Multiple Vulnerabilities
  • 113550Zoho ManageEngine SAML SSO Remote Code Execution
  • 113580Web Cache Deception
  • 113584Joomla! 4.0.0 < 4.2.8 Broken Access Control
  • 113715Atlassian Jira < 3.13.1 Cross-Site Scripting
  • 113816Atlassian Jira < 6.0.4 Directory Traversal In Issue Collector
  • 113817Atlassian Jira < 6.0.5 Multiple Vulnerabilities
  • 113818Atlassian Jira < 3.7.1 Giffy Plugin Arbitrary File Read
  • 113819Atlassian Jira < 6.4.3.1 / 6.5.x < 6.5.0.2 / 7.x < 7.0.3 Software Tempo Plugin Xml Denial Of Service
  • 113820Atlassian Jira 6.5.x < 6.5.0.2 Software Tempo Plugin Xml Denial Of Service
  • 113821Atlassian Jira 7.x < 7.0.3 Software Tempo Plugin Xml Denial Of Service
  • 113823Atlassian Jira < 3.12.1 Xss In 500 Page
  • 113853Customer Reviews for WooCommerce Plugin for WordPress < 5.17.0 Cross-Site Scripting
  • 113855GiveWP Plugin for WordPress < 2.24.1 SQL Injection
  • 113871DotNetNuke User Enumeration
  • 113900Cross-Site Request Forgery Token Validation Bypass
  • 113904Sitecore Unauthenticated User Enumeration
  • 113938CA SiteMinder WebAgent Cross-Site Scripting
  • 113959GeoServer SQL Injection
  • 113987PHP 8.1.x < 8.1.22 Multiple Vulnerabilities
  • 113988PHP 8.0.x < 8.0.30 Multiple Vulnerabilities
  • 114006Web Cache Poisoning Denial of Service
  • 114007PHP 8.2.x < 8.2.9 Multiple Vulnerabilities
  • 114012Prometheus Sensitive Endpoint Detected
  • 114026WP EasyCart Plugin for WordPress < 2.0.6 Sensitive Information Disclosure
  • 114027WP Fastest Cache Plugin for WordPress < 1.1.3 Multiple Vulnerabilities
  • 114041Strapi Cognito Provider Authentication Bypass
  • 114042Adobe ColdFusion Remote Code Execution
  • 114043Adobe ColdFusion Improper Access Control
  • 114047Drupal 10.1.x < 10.1.4 Cache Poisoning
  • 114048Drupal 10.0.x < 10.0.11 Cache Poisoning
  • 114049Drupal 8.7.x < 9.5.11 Cache Poisoning
  • 114055Simple Membership Plugin For WordPress < 4.3.6 Reflected Cross-Site Scripting
  • 114056Atlassian Confluence 8.x < 8.3.3 Privilege Escalation
  • 114057Atlassian Confluence 8.4.x < 8.4.3 Privilege Escalation
  • 114058Atlassian Confluence 8.5.x < 8.5.2 Privilege Escalation
  • 114060Apache Tomcat 11.0.0-M1 < 11.0.0-M12 Multiple Vulnerabilities
  • 114061Apache Tomcat 10.1.0-M1 < 10.1.14 Multiple Vulnerabilities
  • 114062Apache Tomcat 9.0.70 < 9.0.81 Multiple Vulnerabilities
  • 114063Apache Tomcat 8.5.85 < 8.5.94 Multiple Vulnerabilities
  • 114065Pimcore Administration Panel Login Form Detected
  • 115540Cookie Without SameSite Flag Detected
  • 98056Missing HTTP Strict Transport Security Policy
  • 98057Insecure 'Access-Control-Allow-Origin' Header
  • 98060Missing 'X-Frame-Options' Header
  • 98067Insecure Cross-Domain Policy (allow-access-from)
  • 98068Insecure Cross-Domain Policy (allow-http-request-headers-from)
  • 98084Directory Listing
  • 98095Misconfiguration in LIMIT directive of .htaccess file
  • 98097Backdoor Detection
  • 98098Source Code Disclosure
  • 98107Cross-Site Scripting (XSS) in path
  • 98112Cross-Site Request Forgery
  • 98129Credit Card Number Disclosure
  • 98146Password Submitted Using GET Method
  • 98200Drupal Administration Panel Login Form Detected
  • 98203WordPress User Enumeration
  • 98208Joomla! User Enumeration
  • 98209Drupal User Enumeration
  • 98212WordPress Directory Listing
  • 98213Drupal Directory Listing
  • 98214Joomla! Directory Listing
  • 98227WordPress Unsupported Version
  • 98228Drupal Unsupported Version
  • 98229Joomla! Unsupported Version
  • 98230PHP Unsupported Version
  • 98231Apache Unsupported Version
  • 98232Apache Tomcat Unsupported Version
  • 98237MediaElement.js < 2.11.2 Cross-Site Scripting
  • 98398JK Status Manager Information Disclosure
  • 98538Environment Configuration File Detected
  • 98607Ultimate Member Plugin for WordPress < 2.0.46 Multiple Vulnerabilities
  • 98618HTTP Header Information Disclosure
  • 98642Magento Administration Panel Login Form Detected
  • 98648Missing 'Content-Type' Header
  • 98671CVS Entries Detected
  • 98679Webmin < 1.730 Read Mail Symlink Vulnerability
  • 98703Magento API Anonymous Access
  • 98715Permissive HTTP Strict Transport Security Policy Detected
  • 98779Source Code Passive Disclosure
  • 98780Java Object Deserialization
  • 98806PHP 5.6.x < 5.6.14 Multiple Vulnerabilities
  • 98828PHP 5.6.x < 5.6.5 Multiple Vulnerabilities
  • 98831PHP 5.6.x < 5.6.8 Multiple Vulnerabilities
  • 98901Apache 2.4.x < 2.4.3 Multiple Vulnerabilities
  • 98936Joomla! 2.5.x < 3.9.14 Multiple Vulnerabilities
  • 98950Nginx < 1.4.1 ngx_http_proxy_module.c Multiple Vulnerabilities
  • 98951Nginx < 1.2.9 ngx_http_proxy_module.c Multiple Vulnerabilities
  • 98952Nginx < 1.5.7 ngx_parse_http Security Bypass
  • 98953Nginx < 1.4.4 ngx_parse_http Security Bypass
  • 98957Nginx < 1.7.4 SMTP STARTTLS Command Injection
  • 98958Nginx < 1.6.1 SMTP STARTTLS Command Injection
  • 98959Nginx < 1.7.5 SSL Session Reuse
  • 98960Nginx < 1.6.2 SSL Session Reuse
  • 98986Magento Directory Listing
  • 98995Kentico CMS 8.2.x < 8.2.41 Open Redirect
  • 98996Kentico CMS < 9.0.51 Cross-Site Scripting
New
  • 114059Pimcore Admin Login Cross-Site Scripting
  • 114064MediaWiki Status Module Information Disclosure
WAS Plugin Feed202310060725

Oct 6, 2023, 7:25 AM

Modified Detection
  • 112824Atlassian Jira < 8.5.12 Cookie Without Secure Flag
  • 112825Atlassian Jira 8.6.x < 8.13.4 Cookie Without Secure Flag
  • 112826Atlassian Jira 8.14.x < 8.15.0 Cookie Without Secure Flag
  • 112929Microsoft SharePoint Server 2019 < 16.0.10375.20000 Multiple Vulnerabilities
  • 112930Microsoft SharePoint Server 2013 < 15.0.5353.1000 Multiple Vulnerabilities
  • 112931Microsoft SharePoint Server 2016 < 16.0.5173.1000 Multiple Vulnerabilities
  • 113070UAParser.js 0.7.29 Embedded Malware
  • 113072UAParser.js 1.0.0 Embedded Malware
  • 113085Microsoft SharePoint Server 2019 < 16.0.10379.20000 Multiple Vulnerabilities
  • 113086Microsoft SharePoint Server 2016 < 16.0.5227.1000 Multiple Vulnerabilities
  • 113087Microsoft SharePoint Server 2013 < 15.0.5389.1000 Multiple Vulnerabilities
  • 113115Adobe ColdFusion 11 < 11 Update 15 / 2016 < 2016 Update 7 / 2018 < 2018 Update 1 Arbitrary File Upload
  • 113116Adobe ColdFusion 2016 < 2016 Update 17 / 2018 < 2018 Update 11 / 2021 < 2021 Update 1 Cross-Site Scripting
  • 113165Apache mod_negotiation Alternative Filename Disclosure
  • 113247Google Web Toolkit Detected
  • 113258OpenAPI Permissive Input Validation
  • 113430Disclosed European Personal Data Number
  • 113452WordPress Plugins Detected
  • 113545Apache 2.4.x < 2.4.55 Multiple Vulnerabilities
  • 113550Zoho ManageEngine SAML SSO Remote Code Execution
  • 113838WooCommerce Payments Plugin for WordPress 5.6.x < 5.6.2 Authentication Bypass
  • 113903Adobe ColdFusion ComponentFilter Remote Code Execution
  • 113987PHP 8.1.x < 8.1.22 Multiple Vulnerabilities
  • 113988PHP 8.0.x < 8.0.30 Multiple Vulnerabilities
  • 114006Web Cache Poisoning Denial of Service
  • 114007PHP 8.2.x < 8.2.9 Multiple Vulnerabilities
  • 114024WP Data Access Plugin for WordPress < 5.3.8 Privilege Escalation
  • 114030CraftCMS < 4.4.15 Remote Code Execution
  • 114031WooCommerce Payments Plugin for WordPress 6.3.x < 6.3.2 Authentication Bypass
  • 114032WooCommerce Payments Plugin for WordPress 6.2.x < 6.2.2 Authentication Bypass
  • 114033WooCommerce Payments Plugin for WordPress 5.5.x < 5.5.2 Authentication Bypass
  • 114034WooCommerce Payments Plugin for WordPress 5.4.x < 5.4.1 Authentication Bypass
  • 114035WooCommerce Payments Plugin for WordPress 5.3.x < 5.3.1 Authentication Bypass
  • 114036WooCommerce Payments Plugin for WordPress 5.2.x < 5.2.2 Authentication Bypass
  • 114037WooCommerce Payments Plugin for WordPress 5.1.x < 5.1.3 Authentication Bypass
  • 114038WooCommerce Payments Plugin for WordPress 5.0.x < 5.0.4 Authentication Bypass
  • 114039WooCommerce Payments Plugin for WordPress 4.9.x < 4.9.1 Authentication Bypass
  • 114040WooCommerce Payments Plugin for WordPress 4.8.x < 4.8.2 Authentication Bypass
  • 114041Strapi Cognito Provider Authentication Bypass
  • 114042Adobe ColdFusion Remote Code Execution
  • 114043Adobe ColdFusion Improper Access Control
  • 114044Atlassian Confluence 7.13.15 < 7.13.19 Tomcat Dependancy Vulnerability
  • 114047Drupal 10.1.x < 10.1.4 Cache Poisoning
  • 114048Drupal 10.0.x < 10.0.11 Cache Poisoning
  • 114049Drupal 8.7.x < 9.5.11 Cache Poisoning
  • 114055Simple Membership Plugin For WordPress < 4.3.6 Reflected Cross-Site Scripting
  • 114056Atlassian Confluence 8.x < 8.3.3 Privilege Escalation
  • 114057Atlassian Confluence 8.4.x < 8.4.3 Privilege Escalation
  • 114058Atlassian Confluence 8.5.x < 8.5.2 Privilege Escalation
  • 98070Common Administration Interfaces Detection
  • 98084Directory Listing
  • 98129Credit Card Number Disclosure
  • 98212WordPress Directory Listing
  • 98213Drupal Directory Listing
  • 98214Joomla! Directory Listing
  • 98784WordPress 3.7.x < 3.7.32 Multiple Vulnerabilities
  • 98785WordPress 3.8.x < 3.8.32 Multiple Vulnerabilities
  • 98786WordPress 3.9.x < 3.9.30 Multiple Vulnerabilities
  • 98787WordPress 4.0.x < 4.0.29 Multiple Vulnerabilities
  • 98788WordPress 4.1.x < 4.1.29 Multiple Vulnerabilities
  • 98789WordPress 4.2.x < 4.2.26 Multiple Vulnerabilities
  • 98790WordPress 4.3.x < 4.3.22 Multiple Vulnerabilities
  • 98791WordPress 4.4.x < 4.4.21 Multiple Vulnerabilities
  • 98792WordPress 4.5.x < 4.5.20 Multiple Vulnerabilities
  • 98793WordPress 4.6.x < 4.6.17 Multiple Vulnerabilities
  • 98794WordPress 4.7.x < 4.7.16 Multiple Vulnerabilities
  • 98795WordPress 4.8.x < 4.8.12 Multiple Vulnerabilities
  • 98796WordPress 4.9.x < 4.9.13 Multiple Vulnerabilities
  • 98797WordPress 5.0.x < 5.0.8 Multiple Vulnerabilities
  • 98798WordPress 5.1.x < 5.1.4 Multiple Vulnerabilities
  • 98799WordPress 5.2.x < 5.2.5 Multiple Vulnerabilities
  • 98885WordPress 5.3.x < 5.3.1 Multiple Vulnerabilities
  • 98986Magento Directory Listing
New
  • 113976Simple Membership Plugin For WordPress < 4.0.9 Arbitary Member Deletion
  • 114045Atlassian Confluence 7.19.7 < 7.19.11 Tomcat Dependancy Vulnerabilty
  • 114046Atlassian Confluence 8.1.1 < 8.4.1 Tomcat Dependancy Vulnerabilty
  • 114050Simple Membership Plugin For WordPress < 4.1.0 Arbitary Transaction Deletion
  • 114051Simple Membership Plugin For WordPress < 4.1.1 Reflected Cross-Site Scripting
  • 114052Simple Membership Plugin For WordPress < 4.1.3 Multiple Vulnerabilities
  • 114053Simple Membership Plugin For WordPress < 4.2.2 Authenticated Cross-Site Scripting
  • 114054Simple Membership Plugin For WordPress < 4.3.5 Multiple Vulnerabilities
WAS Plugin Feed202309200615

Sep 20, 2023, 6:15 AM

Modified Detection
  • 113580Web Cache Deception
  • 113855GiveWP Plugin for WordPress < 2.24.1 SQL Injection
  • 114006Web Cache Poisoning Denial of Service
  • 114013Download Manager Plugin for WordPress < 3.2.34 Multiple Vulnerabilities
  • 114014Easy WP SMTP Plugin for WordPress < 1.5.2 Multiple Vulnerabilities
  • 114015Events Manager Plugin for WordPress < 5.9.6 Stored Cross-Site Scripting
  • 114016Events Manager Plugin for WordPress < 5.9.5 Stored Cross-Site Scripting
  • 114017Everest Forms Plugin for WordPress < 1.8.0 Reflected Cross-Site Scripting
  • 114018GiveWP Plugin for WordPress < 2.3.1 Cross-Site Scripting
  • 114019WPBrigade LoginPress Plugin for WordPress < 1.6.3 Broken Access Control
  • 114020WPBrigade LoginPress Plugin for WordPress < 1.5.12 Reflected Cross-Site Scripting
  • 114021Ocean Extra Plugin for WordPress < 2.6.5 Insecure Deserialization
  • 114022WooCommerce PDF Invoices & Packing Slips Plugin for WordPress < 3.0.1 Reflected Cross-Site Scripting
  • 114023WooCommerce PDF Invoices & Packing Slips Plugin for WordPress < 2.10.5 Reflected Cross-Site Scripting
  • 114024WP Data Access Plugin for WordPress < 5.3.8 Privilege Escalation
  • 114025WP EasyCart Plugin for WordPress < 5.4.3 Local File Inclusions
  • 114026WP EasyCart Plugin for WordPress < 2.0.6 Sensitive Information Disclosure
  • 114027WP Fastest Cache Plugin for WordPress < 1.1.3 Multiple Vulnerabilities
  • 114028Backup and Staging by WP Time Capsule Plugin for WordPress < 1.21.16 Authentication Bypass
  • 114030CraftCMS < 4.4.15 Remote Code Execution
  • 98070Common Administration Interfaces Detection
  • 98129Credit Card Number Disclosure
New
  • 114029Well-Known URIs Detected
WAS Plugin Feed202309110655

Sep 11, 2023, 6:55 AM

Modified Detection
  • 114012Prometheus Sensitive Endpoint Detected
WAS Plugin Feed202309060822

Sep 6, 2023, 8:22 AM

Modified Detection
  • 112805JSONP Injection
  • 113987PHP 8.1.x < 8.1.22 Multiple Vulnerabilities
  • 113988PHP 8.0.x < 8.0.30 Multiple Vulnerabilities
  • 114007PHP 8.2.x < 8.2.9 Multiple Vulnerabilities
  • 114008Apache Tomcat 11.0.0-M1 < 11.0.0-M11 Open Redirect
  • 114009Apache Tomcat 10.1.0-M1 < 10.1.13 Open Redirect
  • 114010Apache Tomcat 9.0.0-M1 < 9.0.80 Open Redirect
  • 114011Apache Tomcat 8.5.x < 8.5.93 Open Redirect
  • 98115SQL Injection
WAS Plugin Feed202308300900

Aug 30, 2023, 9:00 AM

Modified Detection
  • 113162MySQLjs SQL Injection Authentication Bypass
  • 113337NoSQL Injection Authentication Bypass
  • 113338Web Cache Poisoning
  • 114006Web Cache Poisoning Denial of Service
WAS Plugin Feed202308290659

Aug 29, 2023, 6:59 AM

Modified Detection
  • 112615OpenAPI File Detected
  • 112686JSON Web Token Detected
  • 112703JSON Web Token None Hashing Algorithm
  • 112808Rails Mass Assignment
  • 98103Unvalidated DOM redirect
  • 98109DOM-based Cross-Site Scripting (XSS)
  • 98110DOM-based Cross-Site Scripting (XSS) in attribute context
  • 98117Blind SQL Injection (differential analysis)
  • 98119Blind NoSQL Injection (differential analysis)
New
  • 113978ActivityPub Username Enumeration
WAS Plugin Feed202308091456

Aug 9, 2023, 2:56 PM

Modified Detection
  • 112439Server-Side Request Forgery
  • 113338Web Cache Poisoning
  • 113634Server-Side Inclusion Injection
  • 113964PHP 8.2.x < 8.2.7 Information Disclosure
  • 113965PHP 8.1.x < 8.1.20 Information Disclosure
  • 113966PHP 8.0.x < 8.0.29 Information Disclosure
  • 113986Ninja Forms Plugin for WordPress < 3.6.26 Multiple Vulnerabilities
  • 113987PHP 8.1.x < 8.1.22 Multiple Vulnerabilities
  • 113988PHP 8.0.x < 8.0.30 Multiple Vulnerabilities
  • 113989MediaWiki < 1.38.2 Unlimited Lexeme Length Denial Of Service
  • 113990MediaWiki < 1.35.5 Multiple Vulnerabilities
  • 113991MediaWiki 1.36.x < 1.36.3 Multiple Vulnerabilities
  • 113992MediaWiki 1.37.x < 1.37.1 Multiple Vulnerabilities
  • 113993MediaWiki < 1.37.0 Multiple Vulnerabilities
  • 113994MediaWiki < 1.36.0 Invalid MediaWiki Abusefilter-blocker Breaks Filters
  • 113995MediaWiki < 1.35.2 Oauth Overlength Rsa Key
  • 113996MediaWiki < 1.37.3 Multiple Vulnerabilities
  • 113997MediaWiki < 1.31.12 Special Contributions Hidden User Leakage
  • 113998MediaWiki 1.32.x < 1.35.2 Special Contributions Hidden User Leakage
  • 113999MediaWiki < 1.35.0 Multiple Vulnerabilities
  • 114000MediaWiki < 1.23.16 Wiki Visitor IP Leakage
  • 114001MediaWiki 1.24.x < 1.27.2 Wiki Visitor IP Leakage
  • 114002MediaWiki 1.28.x < 1.28.1 Wiki Visitor IP Leakage
  • 114003MediaWiki < 1.17.2 Deleted Text Exposure
  • 114004MediaWiki 1.18.x < 1.18.1 Deleted Text Exposure
  • 98100Path Traversal
  • 98116NoSQL Injection
  • 98123Operating System Command Injection
  • 98125Local File Inclusion
  • 98127LDAP Injection
  • 98779Source Code Passive Disclosure
New
  • 114005AYS Popup Box Plugin for WordPress < 3.1.3 Cross-Site Scripting
WAS Plugin Feed202308020802

Aug 2, 2023, 8:02 AM

Modified Detection
  • 112501Sitefinity < 10.0.6412.0 Multiple Vulnerabilities
  • 112705Oracle WebLogic 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.4.0 / 14.1.1.0.0 Authentication Bypass
  • 113075Apache Log4j Remote Code Execution (Log4Shell)
  • 113115Adobe ColdFusion 11 < 11 Update 15 / 2016 < 2016 Update 7 / 2018 < 2018 Update 1 Arbitrary File Upload
  • 113550Zoho ManageEngine SAML SSO Remote Code Execution
  • 113903Adobe ColdFusion ComponentFilter Remote Code Execution
  • 113979Atlassian Confluence < 7.13.17 Read Only User Attachment Uploads Service
  • 113980Atlassian Confluence 7.14.x < 7.19.9 Read Only User Attachment Uploads
  • 113981Atlassian Confluence 7.20.x < 8.2.2 Read Only User Attachment Uploads
  • 113982Atlassian Confluence 8.x < 8.3.2 Remote Code Execution
  • 113983Atlassian Confluence 6.1.x < 7.13.20 Remote Code Execution
  • 113984Atlassian Confluence 7.14.0 < 7.19.8 < Remote Code Execution
  • 113985Atlassian Confluence 8.x < 8.2.0 Remote Code Execution
New
  • 113976Simple Membership Plugin For WordPress < 4.0.9 Arbitary Member Deletion
WAS Plugin Feed202307311300

Jul 31, 2023, 1:00 PM

Modified Detection
  • 112550Full Path Disclosure
  • 112614Server-Side Template Injection
  • 98779Source Code Passive Disclosure
New
  • 113976Simple Membership Plugin For WordPress < 4.0.9 Arbitary Member Deletion
WAS Plugin Feed202307240920

Jul 24, 2023, 9:20 AM

Modified Detection
  • 112501Sitefinity < 10.0.6412.0 Multiple Vulnerabilities
  • 112705Oracle WebLogic 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.4.0 / 14.1.1.0.0 Authentication Bypass
  • 113075Apache Log4j Remote Code Execution (Log4Shell)
  • 113115Adobe ColdFusion 11 < 11 Update 15 / 2016 < 2016 Update 7 / 2018 < 2018 Update 1 Arbitrary File Upload
  • 113335DotNetNuke 5.x < 9.1.1 Remote Code Execution
  • 113550Zoho ManageEngine SAML SSO Remote Code Execution
  • 113903Adobe ColdFusion ComponentFilter Remote Code Execution
  • 113971Citrix Gateway / ADC Cross-Site Scripting
  • 113973Web Services Description Language (WSDL) File Detected
  • 98008Web Application Firewall Detected
  • 98060Missing 'X-Frame-Options' Header
  • 98072Common Directories Detection
  • 98611Error Message
  • 98612Missing 'Expect-CT' Header (deprecated)
  • 98779Source Code Passive Disclosure
  • 98828PHP 5.6.x < 5.6.5 Multiple Vulnerabilities
New
  • 113972OpenID Connect Anonymous Account
  • 113974Web Application Description Language (WADL) File Detected
  • 113975PHP Debug Bar Enabled
  • 113977Odoo < 16.2022.12.24 Cross-Site Scripting
WAS Plugin Feed202307130817

Jul 13, 2023, 8:17 AM

Modified Detection
  • 112540SSL/TLS Certificate RSA Keys Less Than 2048 bits
  • 113075Apache Log4j Remote Code Execution (Log4Shell)
  • 113335DotNetNuke 5.x < 9.1.1 Remote Code Execution
  • 113422DotNetNuke Administration Panel Login Form Detected
  • 113449WordPress Cron Enabled
  • 113716Atlassian Jira < 3.13.2 WebWork 1 Parameter Injection Hole
  • 113904Sitecore Unauthenticated User Enumeration
  • 113905Sitecore Unauthenticated Arbitrary File Read
  • 113960Apache Tomcat 11.0.0-M5 Information Disclosure
  • 113961Apache Tomcat 10.1.8 Information Disclosure
  • 113962Apache Tomcat 9.0.74 Information Disclosure
  • 113963Apache Tomcat 8.5.88 Information Disclosure
  • 113971Citrix Gateway / ADC Cross-Site Scripting
  • 98054Unvalidated Redirection
  • 98126Remote File Inclusion
  • 98649Invalid Subresource Integrity
  • 98681Sitemap.xml File Detected
WAS Plugin Feed202307060627

Jul 6, 2023, 6:27 AM

Modified Detection
  • 112719Client-Side Prototype Pollution
  • 113069SQL Injection Authentication Bypass
  • 113162MySQLjs SQL Injection Authentication Bypass
  • 113309XPath Injection Authentication Bypass
  • 113317Expression Language Injection
  • 113331LDAP Injection Authentication Bypass
  • 113337NoSQL Injection Authentication Bypass
  • 113903Adobe ColdFusion ComponentFilter Remote Code Execution
  • 98042Login Form Bruteforced
  • 98109DOM-based Cross-Site Scripting (XSS)
  • 98139Cookie Authentication Succeeded
  • 98681Sitemap.xml File Detected
New
  • 113969Social Login and Register for WordPress < 7.6.5 Authentication Bypass
  • 113970Nuxt.js 3.4.x < 3.4.3 Remote Code Execution