Knowledge Base - Issues

Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.
The vulnerability concerning the accessibility of systems unrelated to the organization within the internal network refers to a situation where external systems or devices not belonging to the organization can connect to and access resources or services within the organization's internal network. This vulnerability may occur due to misconfigurations, weak...

/ Account Provisioning

Account Provisioning is an IT vulnerability of the category Identity Management, which occurs in Web and API. This vulnerability involves the ability to create and manage user accounts, allowing malicious actors to gain unauthorized access. According to the Common Weakness Enumeration (CWE) directory, Account Provisioning is a vulnerability that involves...

/ Active Directory - Blank passwords

A blank password can be specified for an account with the PASSWD_NOTREQD option. This option is set through the account's UserAccountControl attribute. This is possible during account creation or when the password is reset by an administrator. The 'User must change password at next logon' option is not affected by this...
Local user or computer accounts with indirect control over an object in Active Directory refer to accounts that, while not explicitly assigned permissions on an object within Active Directory, have a level of control or influence over that object through group memberships, group policies, or other means. This indirect control...
Groups are the standard way of providing access to resources in an environment. Therefore group membership should be treated with utmost care. A less known Active Directory feature can be used for the same purpose: Primary Group ID. This is a mechanism that was created to support legacy UNIX applications,...
Remote access to the Spooler service from the domain controller presents a security issue where the Print Spooler service on an Active Directory domain controller (DC) is exposed to remote access from external sources or unauthorised devices. The Print Spooler service is responsible for managing print jobs in Windows environments,...
Unresolved SIDs (Security Identifiers) in Active Directory refer to SIDs that cannot be mapped to valid user or group accounts within the domain or forest. SIDs are unique identifiers assigned to security principals (users, groups, and computers) in Windows environments. When an SID is unresolved, it means that Active Directory...
This refers to a situation in which individuals or entities within an organization possess administrative privileges or elevated access rights within the Active Directory (AD) domain but are not officially designated as administrators. This can occur due to misconfigurations, insufficient monitoring, or the inappropriate delegation of permissions, allowing unauthorized personnel...
Admin account(s) which do not have the flag "this account is sensitive and cannot be delegated" is an IT vulnerability that falls within the category of Identity Management. This vulnerability occurs in Infrastructure when an administrator account is created without the sensitive flag, allowing users to access the account and...

/ Admin Interface Identified

Admin interface identified is a vulnerability related to information gathering. It is categorized under CWE-200 and is classified as an ‘Incomplete Information’ type vulnerability. This vulnerability arises when an attacker is able to identify and access the administrative interface of a web application or API without the user’s authorization. This...

/ Ajax Request Header Manipulation

Ajax request header manipulation (CWE-20) is a type of client side vulnerability in web and API applications that can be exploited by manipulating the request headers sent from the client. This attack can be used to gain access to restricted resources, bypass authentication or authorization mechanisms, or modify data stored...
Apache Solr local parameter injection is an input validation vulnerability (CWE-20) which occurs when user input is not properly sanitized and validated. This vulnerability can be exploited to inject local parameters into the application, which can then be used to execute malicious code on the server. This vulnerability is most...
When a web application is accessible using arbitrary HTTP Host headers, it can be vulnerable to a security issue known as Host Header Injection. This vulnerability occurs when an attacker can manipulate the Host header in an HTTP request to trick the server into processing the request as if it...

/ ASP.net Debugging Enabled

ASP.NET debugging enabled is a configuration management vulnerability (CWE-534) that occurs in web and API applications. It occurs when ASP.NET debugging is enabled in a production environment, allowing attackers to access debugging information and potentially exploit the web application. According to the OWASP Testing Guide, "Debugging information can provide an...

/ ASP.net Tracing Enabled

ASP.NET tracing enabled is a vulnerability in web and API applications that can allow attackers to gain access to sensitive information stored in the application. This vulnerability is described in the Common Weakness Enumeration (CWE) directory as CWE-611: Improper Restriction of Excessive Authentication Attempts. It can also be found in...
ASP.NET ViewState without MAC enabled is a cryptography vulnerability, classified under CWE-352, that occurs in web and API applications. It occurs when the application does not properly validate the ViewState data transmitted between the client and the server, enabling malicious users to tamper with the contents of the ViewState. This...
Attribute hasFragileUserData not set is a vulnerability for Mobile App and Android applications found in the Common Weakness Enumeration (CWE) directory. It is categorized as a Platform Usage vulnerability. This vulnerability occurs when an application does not explicitly declare a sensitive user data attribute (e.g. username, password, etc.) so that...

/ Attribute Usescleartexttraffic Set

Attribute usesCleartextTraffic set is a type of IT vulnerability that is classified as a Network Communication vulnerability. This vulnerability is present in both Android and Mobile App systems, as well as in other similar systems. According to the CWE/SANS TOP 25 Most Dangerous Software Errors directory, this vulnerability occurs when...

/ Auto-Generated Screenhots

Manufacturers want to provide device users with an aesthetically pleasing effect when an application is started or exited, so they introduced the concept of saving a screenshot when the application goes into the background. ## Risk This feature can pose a security risk because screenshots (which may display sensitive information such as...
Compliance checks for Amazon Web Services

/ Backup File

Backup file is an authorization vulnerability that occurs when an application does not properly restrict access to backup files, such as database backups. This type of vulnerability allows an attacker to gain access to sensitive data, such as passwords and personal information, which can be used to gain further access...
Base64-encoded data in parameter is a type of cryptography vulnerability that occurs in Web and API applications. According to Common Weakness Enumeration (CWE) directory, it is classified as CWE-344: Improper Insufficient Cryptographic Validation. This vulnerability is caused when an application fails to validate or restrict the unverified Base64- encoded data...
Browser cross-site scripting filter disabled (CWE-79) is a configuration management vulnerability that falls under Web and API category. This vulnerability allows malicious code to be executed in the user’s browser, as the cross-site scripting filter is not enabled. According to the OWASP Testing Guide, cross-site scripting filters are used to...
No X-XSS-Protection header was set in the response. This means that the browser uses default behavior that detection of a cross-site scripting attack never prevents rendering. ## Risk Cross-site scripting (XSS) filters in browsers check if the URL contains possible harmful XSS payloads and if they are reflected in the response page....

/ Cacheable HTTPS Response

Cacheable HTTPS response, CWE-315, occurs when a web server or API responds to an HTTPS request with a response that is marked as cacheable. This can lead to the response being stored in an unencrypted form, exposing sensitive data to anyone with access to the cache. According to the OWASP...
With DFS, a WiFi in the 5Ghz range can perform an automatic channel change if another device is detected on the channel used. This is particularly intended to prevent weather radar systems operating in this frequency range from being disturbed by WiFis. To detect other systems, the channel must be...

/ Chargen UDP Service Remote DoS

/ Check Point Firewall Compliance

Compliance checks for Check Point Firewall
Cleartext storage of sensitive information in cookie is a vulnerability that occurs when an application stores sensitive information in a cookie without any encryption or hashing. This can make it easy for an attacker to access the stored information. This vulnerability is classified as CWE-312 and is listed in the...
Cleartext submission of password is a vulnerability that occurs when a password is transmitted in a non-encrypted form during authentication processes over an open network like the internet. Unencrypted data can be easily intercepted by malicious actors and used to gain access to systems and resources. According to the OWASP...

/ Client-Side HTTP Parameter Pollution

Client-side HTTP parameter pollution (CWE-20) is a type of web application vulnerability that occurs when user-supplied parameters are used to manipulate the intended logic of a web application. The attacker can inject additional HTTP parameters into a single HTTP request, which can be used to manipulate the application's behaviour. By...

/ Client-Side Json Injection (DOM-Based)

Client-side JSON injection (DOM-based) is a type of vulnerability that occurs when a malicious user is able to inject JSON directly into a web page, usually through a browser, allowing malicious code to be executed within the browser. This vulnerability is categorized as a Client Side Vulnerability according to the...

/ Client-Side SQL Injection (DOM-Based)

Client-side SQL injection (DOM-based) is a type of injection attack that is classified as a Client Side Vulnerability (CWE-79). It occurs when a web application allows user-supplied input to be executed as part of a SQL query without proper validation or sanitization. According to the OWASP Testing Guide, DOM-based SQL...

/ Client-Side Template Injection

Client-side template injection (CSTI) is a type of injection attack that occurs when user-supplied data is injected into a web template in a client-side context. This type of attack is particularly dangerous as it allows an attacker to inject malicious code into a web page that is then executed by...

/ Client-Side Xpath Injection (DOM-Based)

Client-side XPath injection (DOM-based) is a type of security vulnerability which is classified under Client Side Vulnerabilities as per the Common Weakness Enumeration (CWE), and occurs in web and API applications. This is a type of injection attack where an attacker injects malicious XPath statements into a client's web page,...
Constrained Delegation is a feature in Microsoft Active Directory that allows a service to impersonate users and access network resources on their behalf. This delegation of authentication and authorization is meant to enhance user experience and streamline application workflows. However, if not properly configured, Constrained Delegation can introduce a significant...

/ Content Sniffing Not Disabled

Content Sniffing not disabled is a Configuration Management vulnerability that occurs in Web and API applications. It is a type of attack that attempts to exploit potential security flaws in web applications by exploiting the client's ability to interpret data sent from the server. Content Sniffing not disabled can allow...

/ Content Type Incorrectly Stated

Content type incorrectly stated, also known as CWE-200, is a type of vulnerability related to configuration management in web and API applications. It occurs when an application incorrectly states the content type of a response when the content type is not correctly given by the application. This can be dangerous...

/ Content Type Is Not Specified

Content type is not specified is a vulnerability that falls under the category of Configuration Management in the Common Weakness Enumeration (CWE) directory (CWE-20). This vulnerability occurs when there is no content type specified for data sent via Web and API requests. If a content type is not specified, the...

/ Cookie Issued to Parent Domain

Cookie issued to parent domain is a web application vulnerability in the configuration management category (CWE-20). The vulnerability occurs when a cookie is issued to a parent domain, allowing the cookie to be accessed in the parent domain or other subdomains. This type of cookie injection can be used to...

/ Cookie Manipulation (DOM-Based)

Cookie manipulation (DOM-based) is a type of web application security vulnerability classified as a Client Side Vulnerability. This vulnerability occurs when web applications fail to properly validate the integrity of cookies, resulting in the ability to execute malicious code. According to the [Common Weakness Enumeration (CWE) directory, this vulnerability is...

/ Cookie Variable Exposed

Cookie Variable Exposed is a type of vulnerability commonly found in web and API applications. It occurs when data stored in a cookie is made available to an unauthorized user, allowing them to gain access to the application or system. This vulnerability is classified as an Authentication vulnerability in the...
Credit card numbers disclosed is an authentication vulnerability (CWE-522) where credit card numbers, expiration dates, and CVV numbers are exposed during authentication. This vulnerability is commonly found in web applications and APIs (OWASP Testing Guide, V3.0). This type of vulnerability can be exploited with malicious intent, such as stealing credit...

/ Cross Site Scripting (DOM-Based)

Cross Site Scripting (DOM-Based) is a type of client side vulnerability that is listed in the CWE Top 25 (2022) and is classified as CWE-79. It is a type of injection attack that allows an attacker to execute malicious JavaScript on a web page or in an API. The attacker...

/ Cross-Domain Post

Cross-domain POST is a type of IT vulnerability which falls under the category of Configuration Management. This vulnerability is primarily found in web applications and APIs, and is defined as the ability to send a request from one domain to another, which is often done by malicious actors. This type...
Cross-domain Referer leakage is an authorization vulnerability that occurs when web applications fail to properly validate the HTTP Referer header. This allows attackers to bypass the same origin policy and access resources in another domain. This vulnerability is classified as CWE-352 (Cross-Site Request Forgery (CSRF)) in the Common Weakness Enumeration...
Cross-domain script include is a type of authentication vulnerability that occurs when a web application allows malicious scripts to be included from a different domain. This type of vulnerability can allow attackers to bypass access controls, such as the same-origin policy, allowing them to access sensitive data from the victim’s...

/ Cross-Origin Resource Sharing

Cross-origin resource sharing (CORS) is a vulnerability that occurs when a malicious website is allowed to access resources in a different domain. It is classified as a client-side vulnerability because it is the client's browser that is responsible for controlling access to resources. CORS is classified as CWE-918 in the...
A _Cross-Origin Resource Sharing (CORS)_ policy controls whether and how content running on other domains can interact with the domain that publishes the policy. The policy is granular and can apply per-request access controls based on the URL and other characteristics of the request. ## Risk The common exploitation scenarios can be...
Cross-origin resource sharing (CORS) is a browser mechanism which enables controlled access to resources located outside of a given domain. It extends and adds flexibility to the same-origin policy (SOP). It also provides potential for cross-domain based attacks, if a website's CORS policy is poorly configured and implemented. CORS is...
Showing entries 1 to 50 of 282 entries.