Test Methods ( Detailed Overview )

Here is a list of every test performed by Web Scan Service.

Generic Tests

Test Name	Invasive	Severity
.js%70 Web Application Source Code Disclosure (1)	High
.NET CS File Download (1)	Low
.NET Error Message (1)	Low
.NET output-build.txt File Detected (1)	Low
.NET Solution File Download (1)	Low
.NET VB File Download (1)	Low
.NET Verbose Errors Enabled (1)	Low
Acrobat Connect SWF Possible Cross-Site Scripting (1)	High
Additional Common Documentation Text Files (1)	Low
Apache access_log Information Disclosure (2)	Low
Apache Angle Bracket Hidden File Disclosure (1)	Medium
Apache error_log Information Disclosure (3)	Low
Appended File Extension Source Code Disclosure (1)	High
Appended Slash JSP Source Code Disclosure (1)	High
Application Error (10)	Low
ASP Runtime Error Message (1)	Low
ASP.NET Custom Error Path Disclosure (1)	Low
ASP.NET Unhashed Viewstate Agent (1)	Medium
Backup File Download (47)	Medium
Basic Auth Evasion (1)	Medium
Blind SQL Injection (3)	High
Camtasia Studio Possible Remote SWF Inclusion (1)	High
CAPTCHA for ASP Detected (1)	Info
ColdFusion Error Message (1)	Low
Common Application Test Files (1)	Low
Common Documentation HTML Files (1)	Low
Credit Card Numbers Disclosed (1)	High
Cross Site Scripting (18)	High
CVS Entries Parser (1)	Info
Database Server Error Message (1)	Medium
Default Apache Page (2)	Low
Directory Found (1004)	Info
Directory Listing (1)	Low
Directory Traversal Arbitrary File Download (36)	High
DOS 8.3 Filename File Source Disclosure (1)	High
Dreamweaver SWF Possible Cross-Site Scripting (1)	High
Driver's License Number Disclosed (1)	High
Email Address Found (1)	Low
Environmental Variables Disclosure (1)	Low
Error Log Information Disclosure (1)	Medium
Exception Error Message (1)	Low
File Detected (57)	Info
Flash Object Detected (1)	Info
Form Auto Complete Active (1)	Info
Frame Spoofing (2)	Medium
Hidden Form Value (1)	Info
HTML Comment Found (1)	Low
HTTP TRACE Method Cross-Site Scripting (1)	Low
HTTP TRACK Method Cross-Site Scripting (1)	Low
HumanVerify CAPTCHA Detected (1)	Info
IIS Default Install Page (2)	Low
IIS Global.asa and Global.asax Retrieval (2)	Medium
IIS Missing Host Header Internal IP Address Disclosure (1)	Medium
IIS Remote Server Name Spoof (1)	High
IIS Unicode Arbitrary Command Execution (1)	High
Improper Parameter Redirection (2)	Medium
Include Files Source Disclosure (15)	Medium
InfoSoft FusionCharts/PowerCharts Possible Remote SWF Inclusion (1)	High
Internal IP Disclosure (1)	Low
Java Applet Detected (1)	Info
Javadoc technical documentation detected (1)	Info
Jetty CGI-BIN Arbitrary Command Execution (1)	High
Jrun Server Error Message (1)	Low
JSP/JHTML Extension Case Change Source Disclosure (1)	High
LDAP Error Message (1)	Low
LDAP Injection (1)	High
Local File Inclusion (1)	High
Logins Sent Over Query (1)	Info
Logins Sent Over Unencrypted Connection (1)	Medium
LylaCaptcha Detected (1)	Info
Macromedia Dreamweaver Remote Database Scripts Information Leakage (6)	Medium
Microsoft Active Server Pages Cookie Retrieval Issue (1)	Low
Microsoft ASP.NET Debugging Enabled (1)	Low
Microsoft ASP.NET or ASP Unicode Conversion Cross-Site Scripting (1)	High
Microsoft JScript Runtime Error Message (1)	Low
MyServer Malformed File Extension Source Code Disclosure (1)	High
OPTIONS Method Supported (1)	Info
Oracle Application Server PL/SQL Error Message (1)	Low
Oracle Error Log Found (1)	Info
Oracle Log File Information Disclosure (2)	Info
Outdated Ultimate Bulletin Board Detected (1)	Medium
Outlook .PST File Disclosure (1)	Medium
Page Content Varies Based On Headers (1)	Info
Page Content Varies Based On Language (1)	Info
Page Content Varies Based On Unspecified Criteria (1)	Info
Page Content Varies Based On User-Agent (1)	Info
Parameter System Command Execution (12)	Info
Password Field Masked (1)	Medium
Password File Detected (19)	Low
Password in Query Data (1)	Medium
Perl Source Code Disclosure (1)	Medium
Persistent Cookies (1)	Medium
Personal Identification Number Disclosed (1)	High
PGP Private Key Block (1)	Medium
PGP Public Key Block (1)	Medium
PHP Admin Application (1)	Low
PHP Code Injection (5)	High
PHP Debug Application (1)	Low
PHP Error Message (1)	Low
PHP Invalid Data Type Path Disclosure (1)	Low
PHP Login Application (1)	Low
PHP Multi-Part Form Data Arbitrary Command Execution (1)	High
PHP OPTIONS Path Disclosure (1)	Low
PHP Password Page (1)	Low
PHP Session_Start Path Disclosure (1)	Low
PHP Test Page (1)	Low
PHP Users Page (1)	Low
PHP Win32 Path Disclosure (1)	Low
PLUPII Linux Worm PHP XML-RPC Hole (1)	High
Possible ASP Source Code Disclosure (1)	Medium
Possible ASP.NET Source Code Disclosure (1)	Low
Possible Credit Card Numbers In Cookie(s) (1)	High
Possible Database Connection String (Access and Oracle ODBC -- Standard Security for MS Access and ODBC Oracle Driver) (1)	Medium
Possible Database Connection String (Access ODBC Exclusive Use) (1)	Medium
Possible Database Connection String (Access ODBC Workgroup - System Database) (1)	Medium
Possible Database Connection String (Access OleDb with MS Jet Standard Security) (1)	Medium
Possible Database Connection String (Access OleDb with MS Jet With Password) (1)	Medium
Possible Database Connection String (Access OleDb with MS Jet Workgroup - System Database) (1)	Medium
Possible Database Connection String (IBM DB2 .NET DataProvider from IBM) (1)	Medium
Possible Database Connection String (IBM DB2 ODBC without DSN and OleDb IBM Driver) (1)	Medium
Possible Database Connection String (IBM DB2 OleDb Microsoft Driver) (1)	Medium
Possible Database Connection String (Informix ODBC DSN INFORMIX 3.30 ODBC Driver) (1)	Medium
Possible Database Connection String (Informix ODBC without DSN INFORMIX 3.30 ODBC Driver) (1)	Medium
Possible Database Connection String (Informix OleDb IBM Informix OleDb Provider) (1)	Medium
Possible Database Connection String (MSSQL .NET DataProvider Standard Connection or Sybase .NET DataProvider) (1)	Medium
Possible Database Connection String (MSSQL .NET DataProvider Trusted Connection) (1)	Medium
Possible Database Connection String (MSSQL .NET DataProvider via IP Address) (1)	Medium
Possible Database Connection String (MSSQL ODBC Trusted Connection) (1)	Medium
Possible Database Connection String (MSSQL OleDb Trusted Connection) (1)	Medium
Possible Database Connection String (MSSQL OleDb via IP Address) (1)	Medium
Possible Database Connection String (MySQL .NET DataProvider from CoreLab) (1)	Medium
Possible Database Connection String (MySQL ODBC MyODBC Driver - local database) (1)	Medium
Possible Database Connection String (MySQL ODBC MyODBC Driver - remote database) (1)	Medium
Possible Database Connection String (ODBC DSN or OleDB for Access, MS SQL, ORACLE, IBM DB2, MySQL, Sybase, Informix, or Interbase ) (1)	Medium
Possible Database Connection String (Oracle .NET DataProvider from Microsoft and Oracle - Standard Connection) (1)	Medium
Possible Database Connection String (Oracle .NET DataProvider from Microsoft and Oracle - Trusted Connection) (1)	Medium
Possible Database Connection String (Oracle ODBC New Microsoft Driver) (1)	Medium
Possible Database Connection String (Oracle ODBC Old Microsoft Driver) (1)	Medium
Possible Database Connection String (Oracle OleDb Microsoft Driver and Oracle Driver - possible trusted connection) (1)	Medium
Possible Database Connection String (Oracle OleDb Oracle Driver - Trusted Connection) (1)	Medium
Possible Database Connection String (Sybase ODBC SQL Anywhere) (1)	Medium
Possible Database Connection String (Sybase ODBC Sybase System 11 ODBC Driver or Intersolv 3.10 ODBC Driver) (1)	Medium
Possible Database Connection String (Sybase ODBC Sybase System 12 (12.5) ODBC Driver) (1)	Medium
Possible Database Connection String (Sybase OleDb Sybase Adaptive Server Enterprise (ASE)) (1)	Medium
Possible Debug Application (1)	Low
Possible File Upload Capability (1)	Low
Possible Insecure Cryptographic Hash (MD Family) (1)	Low
Possible Insecure Cryptographic Hash (SHA-0/SHA-1) (1)	Low
Possible Login Form (1)	Info
Possible MPack Infection (1)	High
Possible Perl Source Code Disclosure (1)	Medium
Possible PHP Source Code Disclosure (1)	Medium
Possible Server Path Disclosure (unix) (1)	Low
Possible Server Path Disclosure (win32) (1)	Low
Possible Username or Password Disclosure (1)	Medium
Possible VBScript Runtime Error Message (1)	Low
Possible XSS-Proxy Infection (1)	High
Potential Order Information Found (3)	Info
Potential Registration Information Found (9)	Info
Price-Related Form Fields (1)	Info
PROPFIND/WebDAV supported (1)	Info
PUT Method Arbitrary File Upload (1)	High
Remote File Inclusion (1)	High
Robots.txt Parser (1)	Info
Runtime Error (1)	Low
Script File Extension Disclosure (1)	Info
Script Name/Path Parameter Cross-Site Scripting (1)	Medium
Server Error Response (1)	Low
Server Statistics Information Disclosure (2)	Low
Servlet Runtime Error Message (1)	Low
Set-Cookie does not use HTTPOnly Keyword (1)	Low
Silverlight Application Detected (1)	Info
SOAP Exception Error Message (1)	Low
Social Security Numbers Disclosed (1)	Medium
Source Code Disclosure (Appended %20) (1)	Medium
Source Code Viewing Example Application (1)	Low
SQL Injection (8)	High
Test Script Detected (13)	Info
Tigvote.cgi Command Execution (1)	High
Trojan Script Detected (176)	High
Unexecuted Server Side Include (1)	Low
Unix Parameter Traversal (3)	High
URL Cross-Site Scripting (1)	High
Use of captchas.net Service Detected (1)	Info
User supplied data without POST (1)	Info
VBScript Runtime Error Message (1)	Low
Warning: IIS Server Overloaded (1)	Info
Web.config Found (1)	Info
Webalizer Usage Page Discovery (2)	Medium
WebDAV Support Enabled (1)	Low
Websphere Net.Data Error Message (1)	Low
WebTrends Statistics Information Disclosure (1)	Low
Windows Parameter Traversal (33)	High
WS_FTP.log Information Leakage (1)	Low
Ws_ftp.log Parser (1)	Info
Xcache Path Disclosure (1)	Low
XPath Error Message (1)	Low
XPath Injection (1)	High

Web Application Tests

Test Name	Severity
3Com Network Supervisor File Disclosure (1)	Medium
4D Webserver Basic Auth Overflow (1)	High
access2asp Cross-Site Scripting (1)	Low
Acidcat CMS admin_colors_swatch.asp Cross-Site Scripting (1)	Low
ACNews SQL Injection (1)	High
Active News Manager SQL Injection (1)	High
ADP Forum Arbitrary Command Execution (1)	High
Advanced Electron Forums index.php Cross-Site Scripting (1)	Low
AlGuest Web Application Administration (1)	High
AlstraSoft Template Seller Pro fullview.php Cross-Site Scripting (1)	Low
AmpJuke Search Cross-Site Scripting (1)	Medium
AN HTTP Server cmdIS.DLL Buffer Overflow (1)	High
AnimatedCaptcha Detected (1)	Info
AnimatedImage CAPTCHA Detected (1)	Info
Apache Chunked Encoding Overflow Test (1)	High
Apache Expect Header Cross-site Scripting Vulnerability (1)	Medium
Apache Host Header Cross-site Scripting (1)	Medium
Apache mod_autoindex Directory Contents Disclosure (1)	Medium
Apache Tomcat CookieExample Cross-Site Scripting (1)	Medium
Apache Tomcat JK Web Server Connector Buffer Overflow (1)	High
Apache Tomcat SendMailServlet Example Cross-Site Scripting (1)	Low
Application Probing: OpenBiblio (1)	Info
Application Probing: Openfiler (1)	Info
Application Probing: phpinfo() (1)	Info
Application Probing: SAXON (1)	Info
Applications Manager Cross-Site Scripting (1)	Low
ASP CAPTCHA Project Detected (1)	Info
ASP Form Image Code Verification (CAPTCHA) Detected (1)	Info
ASP Security Image Generator (CAPTCHA) Detected (1)	Info
ASP Virtual News Manager SQL Injection (1)	High
Avotravis Static Administrative Cookie (1)	High
AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability (1)	High
BadBlue PassThru Denial of Service (1)	High
Barracuda Spam Firewall File Disclosure (1)	High
BEA Weblogic AdminMain Administrative Interface Discovery (1)	High
BEA Weblogic AdminProps Administrative Interface Discovery (1)	High
BEA Weblogic AdminRealm Administrative Interface Discovery (1)	High
BEA Weblogic Character Encoding Directory Contents Disclosure (1)	High
BEA Weblogic Character Encoding Source Disclosure (1)	Medium
BEA Weblogic JSP Processor Denial of Service (1)	High
BEA Weblogic Processing Servlets Source Disclosure (1)	High
BEA Weblogic Snoop Default Application Discovery (1)	Info
Blackboard Academic Suite 'viewCatalog' Cross-Site Scripting (1)	Medium
Blazix JSP Source Disclosure (1)	High
BolinOS gBImageViewer.php Cross-Site Scripting (1)	Low
BolinOS gBLoginPage.php Cross-Site Scripting (1)	Low
BolinOS gBLoginPage.php POST parameter "formlogin" Cross-Site Scripting (1)	Low
BolinOS gBPassword.php Cross-Site Scripting (1)	Low
BolinOS gBphpInfo.php Information Disclosure (1)	Low
BolinOS gBselectorContents.php Cross-Site Scripting (1)	Low
Bonsai CVS Archive Cross-site Scripting (1)	Medium
Bugzilla query.cgi Cross-Site Scripting (1)	Medium
BusinessObjects XI logon.object Cross-Site Scripting (1)	Low
Cacti graph.php Cross-Site Scripting (1)	Low
Cacti graph.php Full Path Disclosure (1)	Low
Cacti graph_view.php Cross-Site Scripting (1)	Low
CandyPress SA_shipFedExMeter.asp Path Disclosure (1)	Low
CandyPress utilities_ConfigHelp.asp Cross-Site Scripting (1)	Medium
CAPTCHA Image for ASP Detected (1)	Info
Captcha PHP Detected (1)	Info
CAPTCHA Server Control for ASP.NET Detected (1)	Info
CaptchaControl Detected (1)	Info
Caudium Web Server Denial of Service (1)	High
CIS Image Verification CAPTCHA Detected (1)	Info
Coldfusion Cache Web Root Path Disclosure (1)	Low
ColdFusion cfcache.map Web Root Path Disclosure (1)	Low
ColdFusion Default Web Application (cfm) (1)	Medium
ColdFusion Default Web Application (mdb) (1)	Low
ColdFusion ISAPI Arbitrary Command Execution (1)	High
Comersus SQL Injection Vulnerability (1)	High
Common Documentation Text Files (1)	Low
Common Include Files (.inc) (1)	Medium
ContRay search.cgi Cross-Site Scripting (1)	Low
CoolCafe SQL Injection (1)	High
CoolForum Directory Traversal File Access (1)	High
Coppermine Photo Gallery showdoc.php Cross-Site Scripting (1)	Medium
Coppermine Photo Gallery slideshow.inc.php File Path Disclosure (1)	Low
Coppermine Photo Gallery update.php Information Disclosure (1)	Low
cpCommerce calendar.php Cross-Site Scripting (1)	Low
Crafty Syntax Live Help Cross-Site Scripting (1)	Low
Crafty Syntax Live Help leavemessage.php Cross-Site Scripting (1)	Low
Crafty Syntax Live Help livehelp.php Cross-Site Scripting (1)	Low
Crafty Syntax Live Help user_questions.php Cross-Site Scripting (1)	Low
Cryptographp CAPTCHA Detected (1)	Info
DigiDomain Multiple Cross-Site Scripting (1)	Medium
dirLIST Directory Traversal (1)	Low
Domain Trader catalog.php Cross-Site Scripting (1)	Medium
DotNetNuke Captcha Control Detected (1)	Info
Dvbbs Database Disclosure (1)	High
e107: Cross-Site Scripting in feature called Email Article To A Friend (1)	High
e107: Cross-Site Scripting in feature called Submit News (1)	High
EasyCalendar calendar_backend.php Cross-Site Scripting (1)	Medium
EasyCalendar Cross-Site Scripting (1)	Medium
EasyNews index.php Cross-Site Scripting (1)	Medium
EasyNews index.php SQL Injection (1)	High
EasyNews install.php Database Password Disclosure (1)	High
EasyNews login.php Local File Retrieval (1)	High
efileman Configuration File Information Disclosure (1)	High
eSKUeL File Disclosure (1)	High
eTicket index.php Cross-Site Scripting (1)	High
EventLog Analyzer Cross-Site Scripting (1)	Low
F5 FirePass SSL VPN Cross-Site Scripting (1)	Medium
Falt4 CMS index.php 'handler' Parameter Cross-Site Scripting (1)	Low
FMDeluxe Cross-Site Scripting (1)	Low
Fortibus CMS SQL Injection (1)	High
Freecap CAPTCHA Detected (1)	Info
Frontpage Server Extensions shtml.dll Denial of Service (1)	High
FUDForum Multiple Vulnerabilities (1)	High
Fusebox Framework in Use (1)	Info
GF-3xplorer phpinfo.php Information Disclosure (1)	Low
HN Captcha Detected (1)	Info
HP OpenView Network Node Manager Arbitrary Command Execution (1)	High
i.List search.php Cross-Site Scripting (1)	Low
Idut Human Checker CAPTCHA Detected (1)	Info
IIS 5.0 Denial of Service (1)	High
IIS 5.0 Internet Printing Protocol ISAPI Buffer Overflow (1)	High
IIS ASP Chunked Encoding Overflow (1)	High
IIS Help Cross-Site Scripting (1)	Medium
IIS PROPFIND Directory Enumeration (2)	Medium
IIS Translate:f Source Code Disclosure (1)	High
IIS WebDAV SEARCH Arbitrary Command Execution (1)	High
IMP SQL Injection (1)	High
India Software Solution Shopping Cart SQL Injection (1)	High
Informix Web Datablade Universal SQL Injection (1)	High
Installed Application: Drupal (1)	Info
Installed Application: HacmeCasino (1)	Info
Installed Application: Roller (1)	Info
Installed Application: Squirrelmail (1)	Info
Ipswitch WhatsUp Professional Sql Injection (1)	High
ITechBids item_id Cross-Site Scripting (1)	Medium
ITechClassifieds CatID Cross-Site Scripting (1)	Medium
Jakarta Tomcat DefaultServlet Source Code Disclosure (1)	High
Jakarta Tomcat Manager Cross-Site Scripting (1)	Medium
Jakarta Tomcat Null Byte Directory Contents Disclosure (1)	High
JBoss Information Disclosure (1)	Low
Jeebles Directory Cross-Site Scripting (1)	Medium
Jeebles Directory File Disclosure (1)	Medium
Jeuce Personal Web Server Denial of Service (1)	High
Jinzora Media Jukebox Multiple Cross -Site Scripting (1)	Low
JiRo's Statistics System SQL Injection (1)	High
Journalness last_module PHP Code Execution (1)	Medium
JRun %3F.jsp Directory Contents Disclosure (1)	Medium
JRun Appended Unicode Character Source Code Disclosure (1)	High
JRun Forced Server-Side Include Arbitrary File Source Disclosure (1)	High
JRun Host Header Overflow Arbitrary Command Execution (1)	High
JRun JSP ISAPI Arbitrary Command Execution (1)	High
Kayako SupportSuite Configuration Disclosure (1)	Low
KNet Arbitrary Code Execution (1)	High
KwsPHP ConcoursPhoto Module index.php Cross-Site Scripting (1)	Medium
LabWiki Cross-Site Scripting (1)	Low
Lanapsoft BotDetect CAPTCHA Detected (1)	Info
lighttpd Access Restriction Bypass (1)	High
LiveCart Multiple Cross-Site Scripting Vulnerabilities (1)	Medium
Looking Glass Arbitrary Command Execution (1)	High
Macallan Mail Solution Denial of Service (1)	High
MailEnable HTTPMail Remote Code Execution (1)	Medium
Mambo connector.php Error Message Script Path Disclosure (1)	Low
Mambo MOStlyCE connector.php Cross-Site Scripting (1)	Low
ManageEngine Firewall Analyzer mindex.do Cross-Site Scripting (1)	Medium
MegaBBS upload.asp Cross-Site Scripting (1)	Medium
Micro Captcha Detected (1)	Info
Micro Login System Login Disclosure (1)	High
Microsoft Content Management Server Cross-site Scripting (1)	Medium
Microsoft IIS Source Code Disclosure (1)	Medium
Microsoft Terminal Services connect.asp Cross-Site Scripting (1)	Medium
Minb User Database Disclosure (1)	Low
Mole database_exporter.php Local File Inclusion (1)	Medium
Mole Settings Pages Authentication Bypass (1)	Medium
Mole viewsource.php Local File Inclusion (1)	Low
Mono XSP Source Code Disclosure (1)	Medium
Mono XSP Web.Config Disclosure (1)	Medium
MusicBox Cross-Site Scripting (1)	Low
MyioSoft EasyGallery Multiple Cross-Site Scripting (1)	High
MySpace Scripts Poll Creator index.php Cross-Site Scripting (1)	Medium
MyWebFTP Admin Password Disclosure (1)	Medium
NetFlow Analyzer Cross-Site Scripting (1)	Low
Netscape Enterprise Server Directory Contents Disclosure (1)	Medium
Netscape Search Arbitrary Command Execution (1)	High
NewsletterEz SQL Injection (1)	High
NextAge Cart index.php Cross-Site Scripting (1)	Low
Novell eMFrame Arbitrary Command Execution (1)	Low
Novell Groupwise ServletManager Application Administration (1)	High
Novell Perl CGI Handler Arbitrary Command Execution (1)	High
Nucleus CMS Cross-Site Scripting (1)	Medium
Ocean12 Calendar Manager SQL Injection (1)	High
Ocean12 Mailing List Manager SQL Injection (1)	High
OLE DB Universal Data Link Files (.udl) (1)	Medium
Omnistar Live kb.php Cross-Site Scripting (1)	Low
OneWorldStore Remote Denial of Service (1)	High
OpenBiblio custom_marc_form_fields.php Error Message Path Disclosure (1)	Low
OpenBiblio footer.php Full Path Disclosure (1)	Low
OpenBiblio mbr_fields.php Full Path Disclosure (1)	Low
OpenBook SQL Injection (1)	High
Open-Realty last_module PHP Code Execution (1)	Medium
OpManager Cross-Site Scripting (1)	Low
Oracle 10g Stack Based Overflow (1)	High
Oracle Application Server iSQLPlus Arbitrary Command Execution (1)	High
Oracle Application Server PL/SQL Code Injection (1)	High
Oracle Reports Server Cross-Site Scripting (1)	High
Oracle Reports Server File Disclosure (1)	High
Oracle Reports Server XML File Disclosure (1)	Low
OSI Affiliate login.php Cross-Site Scripting (1)	Low
Pacer CMS last_module PHP Code Execution (1)	Medium
PerlMailer Cross-Site Scripting (1)	Low
Photo Cart 4.1 Multiple Cross-Site Scripting (1)	Low
PHP iCalendar week.php Cross-Site Scripting (1)	Low
PHP iCalendar year.php Cross-Site Scripting (1)	Low
PHP Nested Array Denial Of Service (1)	Medium
PHP TopSites SQL Injection (1)	High
phpAddressBook index.php Cross-Site Scripting (1)	Medium
phpAddressBook skin Local File Inclusion (1)	Medium
phpBB search.php Cross-Site Scripting (1)	Medium
phpBB viewtopic.php Cross-Site Scripting (1)	Medium
PHP-Blogger pref.db Password Disclosure (1)	Medium
Phpinfo() Information Disclosure (2)	Medium
phpMyNewsletter Web Application Administration (1)	High
PHPNuke Books Module Cross-site Scripting (1)	Medium
PHPNuke modules.php SQL Injection (1)	High
PHPNuke Search Module Cross-Site Scripting (1)	Medium
PHP-Nuke Search Module SQL Injection (1)	High
phpOpenCaptcha Detected (1)	Info
phpPgAdmin File Disclosure (1)	High
phpress Database Connection Information Disclosure (1)	Medium
PHPSlideshow "directory" Cross Site Scripting (1)	Low
Php-Stats whois.php Cross-Site Scripting (1)	Medium
PHPXMLRPC Library Remote Code Execution (1)	High
PMSoftware Simple Web Server Buffer Overflow (1)	High
PortalApp Multiple Cross-Site Scripting (1)	Medium
PostNuke News Module Cross-Site Scripting (2)	Medium
ProjectPier index.php Cross-Site Scripting (1)	Low
QuickCaptcha Detected (1)	Info
reCAPTCHA Implementation Detected (1)	Info
rwAuction Pro Cross-Site Scripting (1)	Low
SAPID CMF last_module PHP Code Execution (1)	Medium
Savvy Content Manager searchresults.cfm Cross-Site Scripting (1)	Low
SecureIIS Detection Agent (1)	Info
SecurImage CAPTCHA Detected (1)	Info
Security Image CAPTCHA Detected (1)	Info
ServersCheck Directory Traversal (1)	Medium
ServiceDesk Plus Cross-Site Scripting (1)	Low
Sift Unity search.cgi Cross-Site Scripting (1)	Low
Simple Captcha Detected (1)	Info
Simple Forum forum.php 'date_show' Parameter Cross-Site Scripting (1)	Low
Simple Gallery index.php Cross-Site Scripting (1)	Low
Simple PHP-CAPTCHA Detected (1)	Info
Smartsearch.cgi Arbitrary Command Execution (1)	High
sNews CMS Cross-Site Scripting (1)	Low
Snitz Forums Database Disclosure (1)	Medium
Snitz Forums Database Path Disclosure (1)	Low
Spyce redirect.spy Directory Traversal (1)	Medium
Spyce Web Server Path Disclosure (1)	Low
Squirrelmail Configtest.php Information Disclosure (1)	Low
SSL Policy Enforcement Issue (1)	Low
Struts Framework in Use (1)	Info
SupportCenter Plus Cross-Site Scripting (1)	Low
Swiki Multiple Cross-Site Scripting (1)	Medium
Sybase EAserver Stack-Based Buffer Overflow (1)	Medium
TheCAPTCHA Detected (1)	Low
Tomahawk SteelArrow Arbitrary Command Execution (1)	High
TUTOS Cmd.php Arbitrary Command Execution (1)	High
Ultimate Bulletin Board Account Information Disclosure (1)	Low
Ultimate Bulletin Board Configuration Information Disclosure (1)	Low
Ultimate Bulletin Board hello Test File (1)	Low
Ultimate Bulletin Board Path Disclosure (1)	Low
Ultimate Bulletin Board Test File ubb6_test.cgi (1)	Low
Uniwin eCart Cross-Site Scripting (1)	Medium
vlBook Cross-Site Scripting (1)	Low
Web Shop Manager Arbitrary Command Execution (1)	High
Webbler Web Root Path Disclosure (1)	Low
WebLibs File Disclosure Vulnerability (1)	High
webSPELL 'whoisonline.php' Cross-Site Scripting (1)	Medium
WebSphere .jsp Handler Denial of Service (1)	High
WebSphere FileHandler Source Code Disclosure (1)	High
WebSphere FQP Absolute Path Disclosure (1)	Low
WebSphere JSP Source Code Disclosure (Host Alias) (1)	High
WhatsUp Gold Web Interface Denial of Service (1)	High
WoltLab Burning Board page Path Disclosure (1)	Low
WoltLab Burning Board SQL Injection (1)	High
WordPress Footnotes Plugin Admin Cross-Site Scripting (1)	Medium
WordPress Footnotes Plugin Administration Page Authentication Bypass (1)	Medium
WordPress Search Unleashed Plugin Possible Cross-Site Scripting (1)	Low
ZDR Captcha Detected (1)	Info
ZonGG SQL Injection (1)	High
Zope Invalid XML-RPC Request Absolute Path Disclosure (1)	Medium

This website has been certified with Web Scan Service