Knowledge Base - Issues
Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.Admin interface identified is a vulnerability related to information gathering. It is categorized under CWE-200 and is classified as an ‘Incomplete Information’ type vulnerability. This vulnerability arises when an attacker is able to identify and access the administrative interface of a web application or API without the user’s authorization. This...
Default Apache Web Page vulnerability is an attack technique that occurs in web and API applications and is categorized as Information Gathering. This vulnerability is defined as an attack that occurs when the attacker can access the default Apache web page on a target web server. This web page can...
DHCP servers are responsible for dynamically assigning IP addresses and network configuration information to devices on a network. While DHCP is a critical service for efficient network management, detecting unauthorized or rogue DHCP servers is essential to prevent network disruptions and security risks.
## Risk
Rogue DHCP servers may assign conflicting IP...
Email addresses disclosed is a Information Gathering vulnerability that occurs in Web and API. It is classified as CWE-200 and is described as “Information Exposure Through Sent Data” in the Common Weakness Enumeration (CWE) directory. According to the Open Web Application Security Project (OWASP) Testing Guide, it means that sensitive...
Exposed network ports are one of the most common vulnerabilities in IT infrastructure. It occurs when ports on a network are left open and exposed to the public internet, allowing malicious actors to access the network without authentication. This vulnerability is described in CWE-264, Improper Control of Access to Network...
Enabling GraphQL introspection can introduce potential security risks if not properly managed. GraphQL introspection allows clients to query the schema and learn about the types, fields, and operations that are available in the API. While introspection is a powerful feature for client development, it can be misused if not secured...
Robots.txt is a text file used by web servers to indicate which parts of a website can or cannot be accessed by a web crawler. It is also used to define a list of webpages that should not be indexed or crawled by search engine bots. This vulnerability occurs when...
Robots.txt file points to admin interface is a vulnerability that occurs when a web application contains a robots.txt file that points to a directory or file that is not intended for public access. This vulnerability is classified as CWE-922 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))...
Showing entries 1 to 8 of 8 entries.