This is a complete list of vulnerability checks performed by Syhunt Hybrid 6.
Coverage Type
Class | Coverage Type | CWE |
Command Execution | 78 | |
Cross-Site Scripting (XSS) | 79 | |
Filter Evasion/Weak Validation | ||
File Inclusion | 98 | |
Local File Inclusion | ||
Remote File Inclusion | ||
NoSQL Injection | ||
MongoDB | ||
SQL Injection (Error-Based & Blind) | 89 | |
Access | ||
DB2 | ||
dbx | ||
Firebird/InterBase | ||
FrontBase | ||
Informix | ||
Ingres | ||
MaxDB | ||
mSQL | ||
MySQL | ||
Oracle | ||
Ovrimos | ||
PostgreSQL | ||
SQL Server | ||
SQLite | ||
Swish | ||
Sybase | ||
Others | ||
Unvalidated Redirects | 601 | |
Arbitrary File Manipulation | 73 | |
Buffer Overflow | 120 | |
Cookie Manipulation | ||
Common Exposures | ||
Dangerous Methods | 749 | |
Default Content | 276 | |
Internal IP Address Disclosure | 200 | |
CRLF Injection | 93 | |
Cross Frame Scripting | 352 | |
Default Account | 276 | |
Denial-of-Service | 730 | |
Directory Listing | 548 | |
Directory Traversal | 22 | |
Email Form Hijacking | ||
HTTP Response Splitting | 113 | |
Information Disclosure | 200 | |
LDAP Injection | 90 | |
MX Injection | ||
Old/Backup Files | 530 | |
Common Backup Files | ||
Common Backup Folders | ||
Password Disclosure | 311 | |
Path Disclosure | 211 | |
PHP Code Injection | 94 | |
Server-Side JavaScript Injection | ||
Server-Specific Vulnerabilities | ||
IIS, iPlanet & Others | ||
Source Code Disclosure | 540 | |
Suspicious HTML Comments | ||
Unencrypted Login | 319 | |
Web-Based Backdoors | ||
XPath Injection | 91 |
The Syhunt scanner software allows organizations to scan web servers and web applications for the top vulnerabilities, which are often listed and described in the OWASP documents, and also other documents (such as the SANS Top 20).
Some additional checks (not considered vulnerability classes and not listed above) include: