| 2 |
Private IP Disclosure |
release |
Low |
Passive |
| 3-1 |
Session ID in URL Rewrite |
release |
Medium |
Passive |
| 3-2 |
Session ID in URL Rewrite |
release |
Medium |
Passive |
| 3-3 |
Referer Exposes Session ID |
release |
Medium |
Passive |
| 10023 |
Information Disclosure - Debug Error Messages |
release |
Low |
Passive |
| 10024 |
Information Disclosure - Sensitive Information in URL |
release |
Informational |
Passive |
| 10025 |
Information Disclosure - Sensitive Information in HTTP Referrer Header |
release |
Informational |
Passive |
| 10027 |
Information Disclosure - Suspicious Comments |
release |
Informational |
Passive |
| 10037 |
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) |
release |
Low |
Passive |
| 10044-1 |
Big Redirect Detected (Potential Sensitive Information Leak) |
release |
Low |
Passive |
| 10044-2 |
Multiple HREFs Redirect Detected (Potential Sensitive Information Leak) |
release |
Low |
Passive |
| 10052 |
X-ChromeLogger-Data (XCOLD) Header Information Leak |
release |
Medium |
Passive |
| 10056 |
X-Debug-Token Information Leak |
release |
Low |
Passive |
| 10062 |
PII Disclosure |
release |
High |
Passive |
| 10094-1 |
ASP.NET ViewState Disclosure |
alpha |
Informational |
Passive |
| 10094-2 |
ASP.NET ViewState Integrity |
alpha |
High |
Passive |
| 10094-3 |
Base64 Disclosure |
alpha |
Informational |
Passive |
| 10095 |
Backup File Disclosure |
beta |
Medium |
Active |
| 10096 |
Timestamp Disclosure - Unix |
release |
Low |
Passive |
| 10097-1 |
Hash Disclosure - LanMan / DES |
release |
High |
Passive |
| 10097-2 |
Hash Disclosure - Kerberos AFS DES |
release |
High |
Passive |
| 10097-3 |
Hash Disclosure - OpenBSD Blowfish |
release |
High |
Passive |
| 10097-4 |
Hash Disclosure - MD5 Crypt |
release |
High |
Passive |
| 10097-5 |
Hash Disclosure - SHA-256 Crypt |
release |
High |
Passive |
| 10097-6 |
Hash Disclosure - SHA-512 Crypt |
release |
High |
Passive |
| 10097-7 |
Hash Disclosure - BCrypt |
release |
High |
Passive |
| 10097-8 |
Hash Disclosure - NTLM |
release |
High |
Passive |
| 10097-9 |
Hash Disclosure - Salted SHA-1 |
release |
Low |
Passive |
| 10097-10 |
Hash Disclosure - SHA-512 |
release |
Low |
Passive |
| 10097-11 |
Hash Disclosure - SHA-384 |
release |
Low |
Passive |
| 10097-12 |
Hash Disclosure - SHA-256 |
release |
Low |
Passive |
| 10097-13 |
Hash Disclosure - SHA-224 |
release |
Low |
Passive |
| 10097-14 |
Hash Disclosure - SHA-1 |
release |
Low |
Passive |
| 10097-15 |
Hash Disclosure - LanMan |
release |
Low |
Passive |
| 10097-16 |
Hash Disclosure - MD4 / MD5 |
release |
Low |
Passive |
| 10105-1 |
Authentication Credentials Captured |
release |
Medium |
Passive |
| 10105-2 |
Weak Authentication Method |
release |
Medium |
Passive |
| 10205-1 |
HTTPS Configuration |
alpha |
Informational |
Active |
| 10205-2 |
HTTPS Security Configuration Issues |
alpha |
High |
Active |
| 90004-1 |
Cross-Origin-Resource-Policy Header Missing or Invalid |
beta |
Low |
Passive |
| 90004-2 |
Cross-Origin-Embedder-Policy Header Missing or Invalid |
beta |
Low |
Passive |
| 90004-3 |
Cross-Origin-Opener-Policy Header Missing or Invalid |
beta |
Low |
Passive |