VScanner's Knowledge Base
  • Welcome to VScanner Documentation
  • VScanner API
    • Introduction
      • Classification
    • Authentication
    • Vulnerability Scanner
      • Scans
        • Explorer Preferences
          • Features
        • Website Vulnerability Preferences
          • Features
        • Scan API Preferences
          • Features
        • Subdomain Finder
    • PDF Report Generation
    • PDF Report AI Action Plan
  • FAQ (Frequently Asked Questions)
    • Account & Subscription
      • Can I change my subscription at any time?
      • Can I delete my account at any time?
      • Which payment methods does VScanner accept?
    • Scans & Reports
      • Can I export the scan result to PDF?
      • I fixed the vulnerabilities found on the last scan, how do I run a new one?
      • How often can I run a scan?
      • How long will it take for a scan to complete?
      • What is a target on VScanner?
      • How to scan a website on VScanner?
      • How does VScanner work?
    • Web Security Vulnerabilities
      • How to protect from cyber attacks?
      • List of OWASP TOP 10 vulnerabilities for 2021-2022
      • What are the most common vulnerabilities on websites?
      • How to fix - Broken Access Control
      • How to fix - Extension Vulnerabilities
      • How to fix - Plugin Vulnerabilities
      • How to fix - CMS Vulnerability
      • How to fix - Weak HTTPS Configurations
      • How to fix - Invalid HTTPS Certificates
      • How to fix - Session Failure
      • How to fix - Validation Failure
      • How to fix - Authorization Failure
      • How to fix - Weak Authentication
      • How to fix - Sensitive Data Exposure
      • How to fix - Cross-Site Request Forgery (CSRF)
      • How to fix - Local File Injection (LFI)
      • How to fix - Remote File Injection (RFI)
      • How to fix - Cross-Site Scripting (XSS)
      • How to fix - Command Injection
      • How to fix - SQL Injection
Powered by GitBook
On this page
  1. VScanner API
  2. Vulnerability Scanner
  3. Scans
  4. Scan API Preferences

Features

Vulnerability
Description

Cookie No HttpOnly Flag

Missing HttpOnly attribute in cookies.

Cookie Without Secure Flag

Cookies not using the Secure flag.

Password Autocomplete in Browser

Browser storing passwords automatically.

Incomplete or No Cache-control and Pragma HTTP Header Set

Missing cache-control headers.

Web Browser XSS Protection Not Enabled

XSS protection disabled in browsers.

Cross-Domain JavaScript Source File Inclusion

Unrestricted JavaScript from other domains.

Content-Type Header Missing

No Content-Type header in response.

X-Frame-Options Header Scanner

Lack of X-Frame-Options header.

X-Content-Type-Options Header Missing

Missing X-Content-Type-Options header.

Information Disclosure - Debug Error Messages

Debug messages revealed externally.

Information Disclosure - Sensitive Informations in URL

Sensitive data exposed in URLs.

Information Disclosure - Sensitive Information in HTTP Referrer Header

Sensitive data in Referrer header.

HTTP Parameter Override

Manipulation of HTTP parameters.

Information Disclosure - Suspicious Comments

Revealing comments in source code.

Viewstate Scanner

Vulnerabilities in ViewState.

Secure Pages Include Mixed Content

Mixed HTTP and HTTPS content.

Source Code Disclosure - /WEB-INF folder

Exposure of source code in /WEB-INF.

Remote Code Execution - Shell Shock

Remote code execution via Shell Shock.

Backup File Disclosure

Accessible or exposed backup files.

Weak Authentication Method

Insufficient authentication mechanisms.

Absence of Anti-CSRF Tokens

Missing CSRF protection tokens.

Private IP Disclosure

Exposure of internal IP addresses.

Anti CSRF Tokens Scanner

Lack of CSRF token check.

HTTP Parameter Pollution scanner

HTTP parameter manipulation.

Heartbleed OpenSSL Vulnerability

Exposure via Heartbleed vulnerability.

Cross-Domain Misconfiguration

Improper cross-domain configurations.

Source Code Disclosure - CVE-2012-1823

Public exposure of source code.

Remote Code Execution - CVE-2012-1823

Code execution vulnerability CVE-2012-1823.

External Redirect

Redirects to untrusted external sites.

Session ID in URL Rewrite

Session IDs exposed in URLs.

Buffer Overflow

Memory overflow vulnerabilities.

Format String Error

Incorrect string formatting issues.

Integer Overflow Error

Overflow vulnerabilities in integer values.

CRLF Injection

Carriage return and line feed attacks.

Parameter Tampering

Alteration of request parameters.

Server Side Include

Vulnerabilities in server-side includes.

Cross Site Scripting (Reflected

Reflected XSS vulnerabilities.

Session Fixation

Hijacking sessions through fixation.

Cross Site Scripting (Persistent

Persistent XSS in applications.

Cross Site Scripting (Persistent) - Prime

Persistent XSS targeting prime systems.

Cross Site Scripting (Persistent) - Spider

Persistent XSS targeting spiders.

SQL Injection

Injection of SQL queries.

SQL Injection - MySQL

SQL injection specific to MySQL.

SQL Injection - Hypersonic SQL

SQL injection specific to Hypersonic SQL.

SQL Injection - Oracle

SQL injection specific to Oracle.

SQL Injection - PostgreSQL

SQL injection specific to PostgreSQL.

Possible Username Enumeration

Identification of usernames via response.

Source Code Disclosure - SVN

Source code disclosed through SVN.

Script Active Scan Rules

Active scanning script rules.

Script Passive Scan Rules

Passive scanning script rules.

Path Traversal

Directory traversal vulnerabilities.

Remote File Inclusion

Inclusion of unintended remote files.

Insecure JSF ViewState

Insecure JavaServer Faces ViewState.

Charset Mismatch

Incorrect character set specification.

Server Side Code Injection

Injection vulnerabilities in server-side code.

Remote OS Command Injection

Remote execution of OS commands.

XPath Injection

Injection vulnerabilities in XPath expressions.

Application Error Disclosure

Error messages revealing application details.

XML External Entity Attack

Vulnerabilities in XML parsing.

Generic Padding Oracle

Padding oracle vulnerabilities.

Expression Language Injection

Injection in expression language processing.

SOAP Action Spoofing

Tampering SOAP actions.

Insecure HTTP Method

Use of insecure HTTP methods.

SOAP XML Injection

Injection in SOAP XML.

WSDL File Passive Scanner - Passive/alpha)

Scanning WSDL files for vulnerabilities.

Loosely Scoped Cookie

Cookies scoped too broadly.

Note

PreviousScan API PreferencesNextSubdomain Finder

Last updated 16 days ago