Vulnerabilities Knowledge Base

How To Enable Content Sniffing?

How To Disable OPTIONS Method?

Clickjacking: X-Frame-Options Header Missing

Error Page Discloses Web Server Version

How To Disable Web Dav Extensions?

How To Configure Access-Control-Allow-Origin Header?

How To Disable Custom Errors At Webroot?

Excessive-Information-In-Headers

Protect Server Against Heartbleed OpenSSL Vulnerability

Data Being Sent In Plain Text In the URL Can Be Manipulated

Directory Listing Is Enabled Leading to Further Attacks

Vulnerability - Frontpage Extensions Are Enabled

Vulnerability - Anonymous FTP Access Is Enabled

Vulnerability - Host Header Attack Is Possible

Old SSL or Weak SSL Cipher Being Used

Outdated PHP Apache OpenSSL Stack being used

Strict Transport Security Header Missing Vulnerability

Vulnerable WordPress Version is installed

Session Cookie Found Without Secure Flag Set.

Session Cookie Found Without HTTPOnly Set

TRACE Method Is Enabled

Web Server Default Welcome Page

How To Disable Autocomplete?

Protect Server Against POODLE SSLv3 Vulnerability

Custom_errors

How To Encrypt Viewstates In Dotnet?

Excessive Information About The Server And Web Layer Are Visible In The Response Headers.

Firewall Admin Interface Is Externally Open

Cacheable HTTPS Response Vulnerability

Vulnerabile HTTP DELETE Method Enabled

Vulnerabile HTTP PUT Method Enabled

Insecure transition from HTTPS to HTTP observed

Internal IP Address Disclosure Vulnerability

Internal Code Path Disclosure Vulnerability

System infected with Conflickr Worm/Virus

Vulnerability - X-XSS-Protection Header Missing

SQL Injection Vulnerabilities

CSRF (Cross Site Request Forging) Vulnerability

Session Vulnerabilities in Web Applications

File Upload Attack

Plain text credentials vulnerability

Privilege Escalation Vulnerability

Wordpress vulnerabilities

How To Implement Content Security Policy

How To Prevent Authentication Bypass Attacks

How To Prevent Cookie Injection Attacks

How To Prevent Cryptographic Attacks

How To Prevent Header Data Lekage

How To Prevent Local Remote File Inclusion Attacks

How To Prevent Osrf Attacks

How To Prevent Payment Gateway Vulnerabilities

How To Protect From Captcha Attacks

How To Protect From Cross Site Scripting Vulnerability Attack

How To Protect From Phpmyadmin Exposure Attack

How To Protect From Vulnerable Forgot Password Link Attack

Multi Tenancy Vulnerability For Web App

How To Fix Captcha Bypass Vulnerability From Missing Server Side Validation

How To Fix Vulnerable Jquery Javascript Library

How To Prevent Log Poisoning Via Crlf Injection Attacks

How To Prevent Sensitive Information Disclosure In Source Code

How To Protect Against Server Side Request Forgery Ssrf Vulnerabilities

How To Secure Exposed AWS S3 Buckets Prevent Data Leaks Breaches

Improper Server Side Error Handling and its Security Implications

Insecure Data Manipulation Via HTTP Get Requests and How To Fix It

Missing or Misconfigured Rate Limiting

Non Time Bound and Reusable otps

Prevent Unencrypted Transmission Of Sensitive User Data

Prevent Unprivileged Access To Privileged Urls In Post Requests

Resolve Client Side otp Validation Bypass Vulnerability

Security Misconfiguration

Client Side otp Generation

Disclosure Of Default Wordpress Pages

Information Disclosure In http Response Headers

OTP Is Sent In a Response To The otp Request

Path Traversal Attack In Applications

User Enumeration in Wordpress

Wordpress wp-cron.php Vulnerability

Why Write External Storage and Read External Storage Are Security Risks in Android Apps

Ping of Death Attack How It Targets IPs and How to Prevent It

S3 Buckets Are Exposed Externally Without Any Authorization or Authentication

Log Poisoning via CRLF Injection Risks Impact and Prevention

missing-http-security-headers

Local File Inclusion LFI Vulnerability Risks Impact and Fixation

JWT Weak Encryption Key Vulnerability HMAC Security Risks and Fixes

Internally Open Ports The Hidden Security Risk Inside Your Network

insecure-otp-implementation-risks-of-client-side-otp-generation-and-how-to-fix-it

Insecure Data Submission Risks of Using HTTP GET Instead of POST

Insecure Content Type Handling XML Accepted for JSON Endpoints Risks Fixes

HTTP HEAD Method Vulnerability Risks Impact and How to Disable

Formula Injection in Spreadsheets Risks Impact and Prevention

Externally Open Ports Risks Threats and How to Secure Them

Cross Site Scripting XSS via File Upload Risks Impact and Prevention

JWT Alg None Vulnerability Authentication Bypass Prevention Guide

Missing Root Detection in Mobile Applications Why It Matters and How to Fix It

Unprivileged Access of Privilege URLs Is Found for GET POST Requests

Unnecessary Permissions Declared in AndroidManifest.xml

Strong Password Policy Is Not Found to Be Implemented

Server Side Request Forgery Vulnerability and Fixation

SQL Injection Leading to Authentication Bypass a Hidden Entry Point

Sensitive Information Exposure via System Logs

Avoid Storing Sensitive Data in Plaintext on Android Devices

Path Traversal Attack Its Fixation

Password Is Either Being Sent in Plain Text Non Encrypted or Weakly Hashed Format

Login Page Password Guessing Attack Is Possible

Cross Site Request Forgery CSRF via File Upload Risks Prevention

Cleartext Traffic Enabled in AndroidManifest.xml Security Risks and Fixes

Broken Authentication OTP in API Response Vulnerability Risks Impact Fix

Outdated TLS Versions Detected Why TLS 1.0 and 1.1 Must Be Disabled

Outdated Software Versions a Persistent and Preventable Security Risk

Android Allow Backup Enabled Vulnerability Risk Impact and Fix

Backend API Access via HTTP Vulnerability Risks Impact HTTPS Fix Guide

Session Token Validation Vulnerability Broken Authentication Risk Fix

OS Command Injection Vulnerability and Fixation

Android App Vulnerability Supporting Insecure or Outdated Android Versions

Vulnerability Older Vulnerable jQuery Version Detected

OAuth Access Token Without Expiry

DAR Vulnerability Android Debuggable True Security Risk Fix Guide