Web App Vulnerabilities

1. Introduction Missing Subresource Integrity (SRI) means that resources fetched from third-party servers, like CDNs, aren’t checked for tampering. This...

1. Introduction The ‘X-XSS-Protection’ header is a browser security feature designed to help protect against Cross-Site Scripting (XSS) attacks. Its...

1. Introduction Mixed Resource Detection occurs when a website uses both secure HTTPS and unencrypted HTTP connections for different resources...

1. Introduction mldonkey Detection (WWW) identifies instances of the mldonkey peer-to-peer application running on a remote host. This application allows...

1. Introduction mnoGoSearch Detection identifies a web search engine application, mnoGoSearch, running on a remote server. This is a concern...

1. Introduction The mod_frontpage for Apache fpexec Remote Overflow vulnerability affects web servers using the Apache mod_frontpage module. This flaw...

1. Introduction The ModSecurity Version vulnerability allows an attacker to determine the version number of a ModSecurity installation. This information...

1. Introduction MongoDB Unauthenticated REST API Detection refers to an open access point on a MongoDB database server allowing unrestricted...

1. Introduction The MongoDB Web Interface Detection vulnerability means a web server is running the administrative interface for a MongoDB...

1. Introduction 2. Technical Explanation Exploit mechanism: An attacker crafts a malicious request containing commands in the ‘pathname’ parameter, which...