Download

Alert Tag: POLICY_PENTEST

Alert Tags > POLICY_PENTEST

POLICY_PENTEST

All of the alerts which use this tag:
Tag Link
.env Information Leak
.htaccess Information Leak
Absence of Anti-CSRF Tokens
Advanced SQL Injection
Anti-CSRF Tokens Check
Application Error Disclosure
ASP.NET ViewState Disclosure
ASP.NET ViewState Integrity
Authentication Credentials Captured
Backup File Disclosure
Base64 Disclosure
Big Redirect Detected (Potential Sensitive Information Leak)
Buffer Overflow
Bypassing 403
Charset Mismatch
Charset Mismatch (Header Versus Meta Charset)
Charset Mismatch (Header Versus Meta Content-Type Charset)
Charset Mismatch (Meta Charset Versus Meta Content-Type Charset)
Cloud Metadata Potentially Exposed
Content Security Policy (CSP) Header Not Set
Content Security Policy (CSP) Report-Only Header Found
Content-Type Header Empty
Content-Type Header Missing
Cookie No HttpOnly Flag
Cookie Poisoning
Cookie Slack Detector
Cookie with Invalid SameSite Attribute
Cookie with SameSite Attribute None
Cookie without SameSite Attribute
Cookie Without Secure Flag
CORS Header
CORS Misconfiguration
CORS Misconfiguration
CRLF Injection
Cross Site Scripting (Persistent)
Cross Site Scripting (Persistent) - Prime
Cross Site Scripting (Persistent) - Spider
Cross Site Scripting (Reflected)
Cross-Domain JavaScript Source File Inclusion
Cross-Domain Misconfiguration
Cross-Domain Misconfiguration - Adobe - Read
Cross-Domain Misconfiguration - Adobe - Send
Cross-Domain Misconfiguration - Silverlight
CSP: Failure to Define Directive with No Fallback
CSP: Header & Meta
CSP: Malformed Policy (Non-ASCII)
CSP: Meta Policy Invalid Directive
CSP: Notices
CSP: script-src unsafe-eval
CSP: script-src unsafe-hashes
CSP: script-src unsafe-inline
CSP: style-src unsafe-hashes
CSP: style-src unsafe-inline
CSP: Wildcard Directive
CSP: X-Content-Security-Policy
CSP: X-WebKit-CSP
Dangerous JS Functions
Deprecated Feature Policy Header Set
Directory Browsing
Directory Browsing
ELMAH Information Leak
Emails Found in the Viewstate
Exponential Entity Expansion (Billion Laughs Attack)
Expression Language Injection
External Redirect
External Redirect
External Redirect
External Redirect
Format String Error
Full Path Disclosure
Generic Padding Oracle
GET for POST
Hash Disclosure - MD4 / MD5
Heartbleed OpenSSL Vulnerability
Heartbleed OpenSSL Vulnerability (Indicative)
Hidden File Found
HTTP Only Site
HTTP Parameter Override
HTTP Parameter Pollution
HTTP to HTTPS Insecure Transition in Form Post
Httpoxy - Proxy Header Misuse
HTTPS Content Available via HTTP
HTTPS to HTTP Insecure Transition in Form Post
Image Exposes Location or Privacy Data
In Page Banner Information Leak
Information Disclosure - Debug Error Messages
Information Disclosure - Sensitive Information in HTTP Referrer Header
Information Disclosure - Sensitive Information in URL
Information Disclosure - Suspicious Comments
Insecure HTTP Method
Insecure JSF ViewState
Insufficient Site Isolation Against Spectre Vulnerability
Insufficient Site Isolation Against Spectre Vulnerability
Insufficient Site Isolation Against Spectre Vulnerability
Integer Overflow Error
Java Serialization Object
LDAP Injection
Log4Shell (CVE-2021-44228)
Log4Shell (CVE-2021-45046)
Loosely Scoped Cookie
Missing Anti-clickjacking Header
Modern Web Application
Multiple HREFs Redirect Detected (Potential Sensitive Information Leak)
Multiple X-Frame-Options Header Entries
Non-Storable Content
NoSQL Injection - MongoDB
NoSQL Injection - MongoDB (Time Based)
Obsolete Content Security Policy (CSP) Header Found
Off-site Redirect
Old Asp.Net Version in Use
Out of Band XSS
Parameter Tampering
Path Traversal
Path Traversal
Path Traversal
Path Traversal
Path Traversal
Permissions Policy Header Not Set
PII Disclosure
Possible Username Enumeration
Potential IP Addresses Found in the Viewstate
Private IP Disclosure
Properties File Disclosure - /WEB-INF folder
Proxy Disclosure
Re-examine Cache-control Directives
Referer Exposes Session ID
Relative Path Confusion
Remote Code Execution - CVE-2012-1823
Remote Code Execution - Shell Shock
Remote Code Execution - Shell Shock
Remote File Inclusion
Remote OS Command Injection
Remote OS Command Injection (Time Based)
Retrieved from Cache
Retrieved from Cache
Reverse Tabnabbing
Script Served From Malicious Domain (polyfill)
Script Served From Malicious Domain (polyfill)
Sec-Fetch-Dest Header Has an Invalid Value
Sec-Fetch-Dest Header is Missing
Sec-Fetch-Mode Header Has an Invalid Value
Sec-Fetch-Mode Header is Missing
Sec-Fetch-Site Header Has an Invalid Value
Sec-Fetch-Site Header is Missing
Sec-Fetch-User Header Has an Invalid Value
Sec-Fetch-User Header is Missing
Secure Pages Include Mixed Content
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
Server Leaks its Webserver Application via "Server" HTTP Response Header Field
Server Leaks Version Information via "Server" HTTP Response Header Field
Server Side Code Injection - ASP Code Injection
Server Side Code Injection - PHP Code Injection
Server Side Include
Server Side Request Forgery
Server Side Template Injection
Server Side Template Injection (Blind)
Session Fixation
Session ID in URL Rewrite
Session ID in URL Rewrite
SOAP Action Spoofing
SOAP XML Injection
Source Code Disclosure - /WEB-INF Folder
Source Code Disclosure - CVE-2012-1823
Source Code Disclosure - File Inclusion
Source Code Disclosure - Git
Source Code Disclosure - PHP
Source Code Disclosure - SVN
Split Viewstate in Use
Spring Actuator Information Leak
Spring4Shell
SQL Injection
SQL Injection - Hypersonic SQL (Time Based)
SQL Injection - MsSQL (Time Based)
SQL Injection - MySQL (Time Based)
SQL Injection - Oracle (Time Based)
SQL Injection - PostgreSQL (Time Based)
SQL Injection - SQLite (Time Based)
Storable and Cacheable Content
Storable but Non-Cacheable Content
Strict-Transport-Security Defined via META (Non-compliant with Spec)
Strict-Transport-Security Disabled
Strict-Transport-Security Header Not Set
Strict-Transport-Security Header on Plain HTTP Response
Strict-Transport-Security Malformed Content (Non-compliant with Spec)
Strict-Transport-Security Max-Age Malformed (Non-compliant with Spec)
Strict-Transport-Security Missing Max-Age (Non-compliant with Spec)
Strict-Transport-Security Multiple Header Entries (Non-compliant with Spec)
Sub Resource Integrity Attribute Missing
Suspicious Input Transformation - Arithmetic Evaluation
Suspicious Input Transformation - EL Evaluation
Suspicious Input Transformation - Expression Evaluation
Suspicious Input Transformation - Quote Consumption
Suspicious Input Transformation - Template Evaluation
Suspicious Input Transformation - Unicode Byte Truncation
Suspicious Input Transformation - Unicode Case Conversion
Suspicious Input Transformation - Unicode Combining Diacritic
Suspicious Input Transformation - Unicode Normalisation
Suspicious Input Transformation - URL Decoding Error
Text4shell (CVE-2022-42889)
Timestamp Disclosure - Unix
Trace.axd Information Leak
User Agent Fuzzer
User Controllable Charset
User Controllable HTML Element Attribute (Potential XSS)
User Controllable JavaScript Event (XSS)
Username Hash Found
Viewstate without MAC Signature (Sure)
Viewstate without MAC Signature (Unsure)
Vulnerable JS Library
Weak Authentication Method
Web Cache Deception
WSDL File Detection
X-AspNet-Version Response Header
X-Backend-Server Header Information Leak
X-ChromeLogger-Data (XCOLD) Header Information Leak
X-Content-Type-Options Header Missing
X-Debug-Token Information Leak
X-Frame-Options Defined via META (Non-compliant with Spec)
X-Frame-Options Setting Malformed
XML External Entity Attack
XPath Injection
XSLT Injection