Quick Summary Default Apache Status Page Enabled is a security misconfiguration where the Apache mod_status module is enabled and publicly accessible. This may expose sensitive server information including active connections, internal IP addresses, request details, and server performance metrics, aiding…
Quick Summary Exposed phpMyAdmin Interface is a critical security misconfiguration where the phpMyAdmin web administration panel is publicly accessible without proper access restrictions. This may allow attackers to attempt brute-force login attacks, exploit weak credentials, or gain direct administrative access…
Quick Summary IMAP Service Running Without Encryption is a security misconfiguration where the Internet Message Access Protocol (IMAP) service is accessible without enforcing SSL/TLS encryption. This allows email credentials and message content to be transmitted in cleartext, making them susceptible…
Quick Summary POP3 Service Running Without SSL/TLS is a security misconfiguration where the Post Office Protocol version 3 (POP3) service is enabled without encryption. This allows credentials and email content to be transmitted in cleartext, exposing them to interception through…
Quick Summary Open SMTP Relay Misconfiguration is a critical mail server configuration issue where the Simple Mail Transfer Protocol (SMTP) service allows unauthenticated users to relay emails to external domains. This may allow attackers to abuse the mail server for…
Quick Summary TFTP Service Enabled on Internal Network is a network service misconfiguration where the Trivial File Transfer Protocol (TFTP) service is running and accessible within the internal network. TFTP does not provide authentication or encryption, which may allow unauthorized…
Quick Summary VNC Service Exposed Without Authentication is a critical misconfiguration where the Virtual Network Computing (VNC) remote desktop service is accessible without requiring proper authentication. This may allow unauthorized users to gain graphical remote access to the target system,…
Quick Summary Microsoft SQL Server Exposed to Internet is a critical misconfiguration where the MSSQL database service is directly accessible from the public internet. This significantly increases the risk of brute-force attacks, credential compromise, unauthorized data access, ransomware deployment, and…
Quick Summary PostgreSQL Service Listening on All Interfaces is a security misconfiguration where the PostgreSQL database server is configured to listen on all network interfaces (0.0.0.0) instead of restricting access to localhost or trusted internal IP addresses. This increases exposure…
Quick Summary MySQL Database Accessible from Public Network is a critical misconfiguration where the MySQL database service is exposed to the internet or untrusted networks. Public exposure of MySQL significantly increases the risk of brute-force attacks, unauthorized data access, data…
Quick Summary Apache Tomcat Manager Interface Exposed is a security misconfiguration where the Tomcat Manager web application is accessible without proper access control or is exposed to untrusted networks. This may allow attackers to deploy malicious WAR files, execute arbitrary…
Quick Summary Exposed Jenkins Service Without Proper Access Control is a critical misconfiguration where the Jenkins CI/CD server is accessible without authentication or with weak access restrictions. This may allow unauthorized users to view job configurations, access source code repositories,…
