The list of vulnerabilities that Probe.ly currently detects is the following. Please refer to this page periodically for an updated list. Keep in mind that some vulnerabilities are grouped together.

  • Reflected cross-site scripting
  • Stored cross-site scripting
  • Operating system command injection
  • XML external entity injection
  • ASP.NET debugging enabled
  • Insecure crossdomain.xml policy
  • Insecure Silverlight clientaccesspolicy.xml policy
  • SQL Injection
  • SQL injection (second order)
  • Cross Origin Resource Sharing: Arbitrary Origin Trusted
  • Unencrypted communications
  • Mixed content
  • Expired TLS certificate
  • TLS certificate about to expire
  • Certificate without revocation information
  • Insecure SSL protocol version 2 supported
  • Insecure SSL protocol version 3 supported
  • Outdated TLS protocol version 1.0 supported
  • Secure TLS protocol version 1.2 not supported
  • Weak cipher suites enabled
  • Server Cipher Order not configured
  • Untrusted TLS certificate (invalid CN, SAN, issuer or chain)
  • Heartbleed
  • Potential DoS on TLS Client Renegotiation
  • Secure Renegotiation is not supported
  • TLS Downgrade attack prevention not supported
  • WordPress version with known vulnerabilities
  • WordPress plugin with known vulnerabilities
  • Joomla! version with known vulnerabilities
  • Log File Disclosure
  • Backup File Disclosure
  • HSTS header not enforced
  • HSTS header set in HTTP
  • HSTS header with low duration and no subdomain protection
  • HSTS header with low duration
  • HSTS header does not protect subdomains
  • Inclusion of cryptocurrency mining script (around 12000 domains)
  • Browser XSS protection disabled
  • Browser content sniffing allowed
  • Referrer policy not defined
  • Insecure referrer policy
  • HTTP TRACE method enabled
  • JQuery library with known vulnerabilities
  • AngularJS library with known vulnerabilities
  • Bootstrap library with known vulnerabilities
  • JQuery Mobile library with known vulnerabilities
  • JQuery Migrate library with known vulnerabilities
  • Moment.js library with known vulnerabilities
  • Prototype library with known vulnerabilities
  • React library with known vulnerabilities
  • SWFObject library with known vulnerabilities
  • TinyMCE library with known vulnerabilities
  • Backbone library with known vulnerabilities
  • Mustache library with known vulnerabilities
  • Handlebars library with known vulnerabilities
  • Dojo library with known vulnerabilities
  • jPlayer library with known vulnerabilities
  • CKEditor library with known vulnerabilities
  • DWR library with known vulnerabilities
  • Flowplayer library with known vulnerabilities
  • DOMPurify library with known vulnerabilities
  • Plupload library with known vulnerabilities
  • easyXDM library with known vulnerabilities
  • Ember library with known vulnerabilities
  • YUI library with known vulnerabilities
  • Sessvars library with known vulnerabilities
  • jQuery UI library with known vulnerabilities
  • Cookie without HttpOnly flag
  • SSL cookie without Secure flag
  • Open redirection
  • Stored Open redirection
  • Directory Listing
  • HTTP response header injection
  • ASP.NET tracing enabled
  • Path traversal
  • Missing cross-site request forgery protection
  • Missing clickjacking protection
  • ASP.NET ViewState without MAC
  • Session Token in URL
  • Application error message
  • Private IP addresses disclosed
  • Server-side template injection
  • Insecure PHP Object deserialization
Did this answer your question?