Unsafe Cross-Origin Resource Sharing

Path Traversal

Directory Listing Enabled

Sensitive Data Exposure
Non-Sensitive Data Exposure

Same-Site Scripting

SSL Attack (BREACH, POODLE etc.)

Using Default Credentials

Production Server
Staging/Development Server

Misconfigured DNS

Subdomain Takeover
Zone Transfer
Missing Certification Authority Authorization (CAA) Record

Mail Server Misconfiguration

Missing SPF on Email Domain
Email Spoofable Via Third-Party API Misconfiguration
Missing SPF on Non-Email Domain
SPF Uses a Soft Fail
SPF Includes More Than 10 Lookups
Missing DKIM/DMARC

Lack of Password Confirmation

Change Email Address
Change Password
Delete Account
Manage 2FA

No Rate Limiting on Form

Registration
Login
Email-Triggering

Unsafe File Upload

No Antivirus
No Size Limit
File Extension Filter Bypass

Cookie Scoped to Parent Domain

Missing Secure or HTTPOnly Cookie Flag

Session Token
Non-Session Cookie

Clickjacking

Sensitive Action
Non-Sensitive Action

OAuth Misconfiguration

Missing State Parameter

Captcha Bypass

Implementation Vulnerability
Brute Force

Exposed Admin Portal

To Internet

Missing DNSSEC

Fingerprinting/Banner Disclosure

Username Enumeration

Brute Force

Potentially Unsafe HTTP Method Enabled

OPTIONS
TRACE

Insecure SSL

Lack of Forward Secrecy
Insecure Cipher Suite

Reflected File Download (RFD)

Lack of Security Headers

X-Frame-Options
Cache-Control for a Non-Sensitive Page
X-XSS-Protection
Strict-Transport-Security
X-Content-Type-Options
Content-Security-Policy
Public-Key-Pins
X-Content-Security-Policy
X-Webkit-CSP
Content-Security-Policy-Report-Only
Cache-Control for a Sensitive Page

Bitsquatting

Select a high-level classification on the left, or use the search function to specify the vulnerability name and variant of your exploit.

File Inclusion

Local

Parameter Pollution

Social Media Sharing Buttons

Remote Code Execution (RCE)

SQL Injection

Error-Based
Blind

XML External Entity Injection (XXE)

HTTP Response Manipulation

Response Splitting (CRLF)

Content Spoofing

iframe Injection
External Authentication Injection
Email HTML Injection
Text Injection
Homograph/IDN-Based

Select a high-level classification on the left, or use the search function to specify the vulnerability name and variant of your exploit.

Authentication Bypass

Privilege Escalation

Weak Login Function

Over HTTP

Session Fixation

Failure to Invalidate Session

On Logout
On Password Reset
On Password Change
All Sessions
On Email Change
Long Timeout

Concurrent Logins

Weak Registration Implementation

Over HTTP

Critically Sensitive Data

Password Disclosure
Private API Keys

EXIF Geolocation Data Not Stripped From Uploaded Images

Automatic User Enumeration
Manual User Enumeration

Visible Detailed Error/Debug Page

Detailed Server Configuration
Full Path Disclosure
Descriptive Stack Trace

Disclosure of Known Public Information

Token Leakage via Referer

Trusted 3rd Party
Untrusted 3rd Party
Over HTTP

Sensitive Token in URL

Non-Sensitive Token in URL

Weak Password Reset Implementation

Password Reset Token Sent Over HTTP

Mixed Content (HTTPS Sourcing HTTP)

Sensitive Data Hardcoded

OAuth Secret
File Paths

Internal IP Disclosure

Cross Site Script Inclusion (XSSI)

JSON Hijacking

Select a high-level classification on the left, or use the search function to specify the vulnerability name and variant of your exploit.

Stored

Non-Admin to Anyone
Admin to Anyone
Self

Reflected

Non-Self
Self

Cookie-Based

IE-Only

Older Version (IE 10/11)
XSS Filter Disabled
Older Version (< IE10)

Referer

TRACE Method

Universal (UXSS)

Off-Domain

Data URI

Insecure Direct Object References (IDOR)

Server-Side Request Forgery (SSRF)

Internal
External

Username Enumeration

Data Leak

Exposed Sensitive Android Intent

Exposed Sensitive iOS URL Scheme

Application-Wide

Action-Specific

Authenticated Action
Unauthenticated Action
Logout

Critical Impact and/or Easy Difficulty

High Impact and/or Medium Difficulty

App Crash

Malformed Android Intents
Malformed iOS URL Schemes

Open Redirect

GET-Based
POST-Based
Header-Based

Tabnabbing

Lack of Security Speed Bump Page

Select a high-level classification on the left, or use the search function to specify the vulnerability name and variant of your exploit.

Browser Feature

Plaintext Password Field
Save Password
Autocomplete Enabled
Autocorrect Enabled
Aggressive Offline Caching

CSV Injection

Captcha Bypass

Crowdsourcing

System Clipboard Leak

Shared Links

User Password Persisted in Memory

Select a high-level classification on the left, or use the search function to specify the vulnerability name and variant of your exploit.

Weak Password Policy

No Password Policy

Weak Password Reset Implementation

Token is Not Invalidated After Use
Token is Not Invalidated After Email Change
Token is Not Invalidated After Password Change
Token Has Long Timed Expiry
Token is Not Invalidated After New Token is Requested

Lack of Verification Email

Lack of Notification Email

Weak Registration Implementation

Allows Disposable Email Addresses

Weak 2FA Implementation

Missing Failsafe