The most common application vulnerabilities in 2022

The vast majority of network attacks are focused on the most commonly discovered vulnerabilities and the ease with which they can be exploited. Drive-by attacks seek out a single common vulnerability, or ‘low hanging fruit,’ and then determine whether any of the hacked network is of interest. Targeted attacks will use the most common vulnerability list to create a path from first contact to flag capture.

In either attack scenario, a network with any of the top 100 vulnerabilities looks weak and invites attack. You may have four attack dogs in your warehouse for overnight protection, but leaving the loading door unlocked increases the likelihood that someone will try to enter. Keep the dogs, but please close the door.

Regardless of how an attacker gained their first foothold, these common vulnerabilities are the most likely paths of attack. The first point of contact for an attacker could be phishing, access control bypass, endpoint attack, or another method. The most valuable targets are located further into the network, and hackers WILL seek the shortest path available.

Most Common High Risk Vulnerabilities:
1.Microsoft Windows HTTP.sys Code Execution Vulnerability

2. OpenSSH Trusted X11 Cookie Connection Policy Bypass Vulnerability
3. OpenSSH Privilege Separation Monitor Weakness
4. OpenSSL Running Version Prior to 0.9.8zc POODLE
5. Mountable NFS Shares
6. Apache APR apr_palloc Heap Overflow
7. .NET Framework and Microsoft Silverlight Allows Code Execution (MS11-039)
8. Combined Security Update(MS12-034)
9. Internet Explorer 8 Allows Code Execution(KB2847140)
10. Cisco SSH Malformed Packet DoS
11. Insecure Library Loading Allows Code Execution (KB2269637)
12. Vulnerabilities in Windows Kernel-Mode Drivers Allow Elevation of Privilege (MS12-047)
13. Vulnerabilities in Elevation of Privilege Using Windows Service Isolation Bypass (982316)
14. PHP Running Version Prior to 5.2.15
15. Unauthorized Digital Certificates Allow Spoofing (KB2728973)
16. VMware ESX Running Version Prior to 4.1
17. OpenSSL Running Version Prior to 1.0.1i
18. Oracle Java SE Multiple Vulnerabilities (October 2010 CPU)
19. Oracle Java SE Multiple Vulnerabilities (June 2011 CPU)
20. Multiple Vendor IPMI ‘cipher zero’ Authentication Bypass Vulnerability
21. Vulnerabilities in MySQL Unsupported Version Detection
22. Vulnerabilities in Server Service Allows Code Execution (MS08-067, Network)
23. Vulnerabilities in Group Policy Allows Code Execution (MS15-011)
24. Vulnerabilities in Apache Running Version Prior to 2.2.28
25. Vulnerabilities in PHP CGI Query String Code Execution
26. Vulnerabilities in SQL Injection
27. Vulnerabilities in Cross Site Scripting
28. Vulnerabilities in Custom Web Code
29. Vulnerabilities in VMware ESXi 3.5
30. Vulnerabilities in PHP Running Version Prior to 5.3.11
31. Vulnerabilities in NSClient Default Password
32. Vulnerabilities in PHP Unsupported Version Detection
33. .NET Framework Allows Code Execution (MS11-044)
34. .NET Framework Allows Code Execution (MS11-028)
35. Vulnerabilities in Microsoft XML Core Services Allows Code Execution (KB2719615)
36. Vulnerabilities in Microsoft SQL Server Allows Code Execution (MS09-004,KB959420)
37. Vulnerabilities in PHP Running Version Prior to 5.3.26
38. Vulnerabilities in PHP Running Version Prior to 5.3.22
39. Vulnerabilities in .NET Framework and Microsoft Silverlight Allow Code Execution (MS12-016)
40. Vulnerabilities in Flash Player Running Version Prior to 10.3.183.75 / 11.7.700.169 (APSB13-14)
41. Vulnerabilities in Remote Portmapper Forwards NFS Requests
42. Flash Player Running Version Prior to 11.7.700.232 / 11.8.800.94 (APSB13-17)
43. Windows 2000 Unsupported Installation Detection
44. Flash Player Running Version Prior to 10.3.183.68 / 11.6.602.180 (APSB13-09)
45. Flash Player Running Version Prior to 10.3.183.75 / 11.7.700.169 (APSB13-11)
46. Flash Player Running Version Prior to 10.3.183.15 / 11.7.102.62 (APSB12-05)
47. Flash Player Running Versions Prior to 10.3.183.15 / 11.1.102.62 (APSB12-03)
48. Flash Player Running Versions Prior to 10.3.183.10 / 11.0.1.152 (APSB11-28)
49. Flash Player Running Version Prior to 10.3.183.67 / 11.6.602.171 (APSB13-08)
50. Flash Player Running Version Prior to 10.3.183.51 / 11.5.502.149 (APSB13-05)
51. Flash Player Running Version Prior to 10.3.183.50 / 11.5.502.146 (APSB13-04)
52. Sun Java JRE Unsupported Version
53. Flash Player Running Version Prior to 10.3.183.7 (APSB11-26)
54. PHP Running Version Prior to 5.3.13
55. Flash Player Running Version Prior to 10.3.183.43 / 11.5.502.110 (APSB12-27)
56. Flash Player Running Version Prior to 10.3.183.48 / 11.5.502.135 (APSB13-01)
57. Flash Player Running Version Prior to 10.3.183.43 / 11.5.502.110 (APSB12-24)
58. Flash Player Running Version Prior to 10.3.183.24 / 11.4.402.279 (APSB12-22)
59. Flash Player Running Version Prior to 10.3.183.23 / 11.4.402.265 (APSB12-19)
60. PHP Running Version Prior to 5.3.14
61. Flash Player Object Confusion Vulnerability (APSB12-09)
62. Flash Player Running Version Prior to 10.3.183.19 / 11.3.300.256 (APSB12-14)
63. Flash Player Running Version Prior to 10.3.183.5 (APSB11-21)
64. Flash Player Running Version Prior to 10.3.181.26 (APSB11-18)
65. Flash Player Unspecified Memory Corruption (APSA11-01)
66. Flash Player Running Version Prior to 10.3.181.14 (APSB11-12)
67. Flash Player Running Version Prior to 10.2.152.26 (APSB11-02)
68. PHP Running Version Prior to 5.4.17
69. Flash Player Unspecified Code Execution (APSB10-22)
70. Adobe Flash Player Multiple Vulnerabilities (APSB10-26)
71. Adobe Flash Player Multiple Vulnerabilities (ASPB10-14)
72. Vulnerability in .NET Framework and Microsoft Silverlight Allow Code Execution (MS11-078)
73. Vulnerability in HTTP.sys Allows Remote Code Execution (MS15-034, Network Check)
74. OpenSSH Running Version Prior to 7.0
75. Obsolete Web Server Software Detection
76. Lighttpd ‘hostname’ Directory Traversal and SQLi Vulnerabilities
77. .NET Framework Allow Code Execution (MS12-035)
78. Samba CAP_DAC_OVERRIDE File Permission Security Bypass (Network)
79. PHP Running Version Prior to 5.3.15
80. Vulnerability in Microsoft Malware Protection Engine Allows Code Execution (KB2846338)
81. Microsoft Malware Protection Engine (MMPE) Privilege Escalation (2491888)
82. Dropbear SSH Server Channel Concurrency Use-after-free Code Execution
83. Proxy Allows Gopher:// Requests
84. Cisco IOS Software Processing of SAA Packets Flaw
85. SNMP Disclosure of HP JetDirect EWS Password
86. Dabber Worm Detection (MS04-011)
87. PHP Running Version Prior to 5.3.2_5.2.13
88. Flash Player Multiple Memory Corruption Vulnerabilities (APSB12-07)
89. Microsoft Windows SMB2 ‘_Smb2ValidateProviderCallback()’ Vulnerability (MS09-050, Network Check)
90. Microsoft SQL Server Blank Password
91. statd RPC Format String
92. HP StorageWorks MSA P2000 Hidden ‘admin’ User Default Credentials

93.Vulnerabilities in .NET Framework Allows Code Execution (MS12-038)

94. radmin Detection
95. Vulnerabilities in .NET Framework Allow Code Execution (MS12-074)
96. Flash Player ActionScript Predefined Class Prototype Addition Code Execution (APSB11-07)
97. NFS Shares World Readable
98. Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program (KB3097617)
99. NVIDIA Display Driver Service Stack Buffer Overflow (Registry)

100.Flash Player Memory Corruption (APSB13-16)

Most Common Medium Risk Vulnerabilities:

1. SMB Listens on Port
2. Windows Terminal Service Detection
3. Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure
4. SMB Signing Disabled
5. Deprecated SSL Protocol Usage
6. Source Disclosure
7. Shared Directory Access (Login)
8. SSL Medium Strength Cipher Suites Supported
9. Default Community Names (SNMP Agent)
10. Microsoft’s SQL TCP/IP Listener
11. SNMPwalk Port Scanner
12. VNC Security Types Detection
13. AutoComplete Not Disabled
14. Unencrypted Telnet Server

15.Obtain Network Interfaces List via SNMP

16. SSL Suites Weak Ciphers
17. SNMP Agent Default Community Name (public)
18. SSL Certificate Expiry
19. Database Reachable from the Internet
20. Non-SSL Login
21. Vulnerabilities in SQL Server Allows Elevation of Privilege (MS12-070, Network)
22. Microsoft IIS Tilde Character Information Disclosure Vulnerability

23.LDAP Null Directory Bases

24. Appweb Insecure SSL Renegotiation
25. Web Server Cross Site Scripting
26. DNS Server Allows Recursive Queries
27. WebDAV Detection
28. Linux Kernel UDP Implementation IP Identification Field OS Disclosure
29. SSH Protocol Version 1 Detection
30. MS SQL Server Resolution Service Amplification Reflected DRDoS Vulnerability
31. SMB Shares Enumeration
32. Apache HTTP Server Range Header Denial of Service Vulnerability (DoS)
33. PHP expose_php Information Disclosure
34. Apache HTTP Server Byte Range DoS

35.SMTP Service Cleartext Login Permitted

36. Apache UserDir Sensitive Information Disclosure
37. Obtain Processes List via SNMP
38. Remotely Accessible Registry
39. OpenSSL Heartbeat Vulnerability (Heartbleed)
40. Apache mod_negotiation Multi-Line Filename Upload Vulnerabilities
41. Microsoft ASP.NET Information Disclosure Vulnerability (Network, MS10-070)
42. Apache Running Version Prior to 2.2.25
43. Apache Running Version Prior to 2.2.24
44. Apache Running Version Prior to 2.2.23
45. Shell Detection
46. Shared Directory Access (Share Access)
47. Guest Account Accessible (SMB)
48. Oracle tnslsnr Version Detection
49. Apache mod_suexec Multiple Privilege Escalation Vulnerabilities
50. Credit Card Information
51. Apache Running Version Prior to 2.2.22
52. OpenSSH S/KEY Authentication Account Enumeration
53. ntpd Mode 7 Error Response Packet Loop DoS
54. Enumerate LANMAN Services via SNMP
55. Apache Running Version Prior to 2.2.27
56. Enumerate LANMAN Users via SNMP
57. OpenSSL Running Version Prior to 0.9.8za
58. SMB Host SID User Enumeration
59. OpenSSH Multiple Vulnerabilities
60. SMB Users Listing
61. Enumerate LANMAN Shares via SNMP
62. Passwordless Lexmark Printer
63. Apache Tomcat Transfer-Encoding Header Vulnerability
64. Apache mod_proxy_ajp DoS
65. Users in the ‘Admin’ Group
66. NFS Server Superfluous
67. OpenSSH X11 Session Hijacking Vulnerability
68. Unsupported Microsoft XML Parser (MSXML) and XML Core Services
69. Apache APR apr_fnmatch DoS
70. Fraudulent Digital Certificates Allow Spoofing (KB2524375)
71. OpenSSH ‘ForceCommand’ Directive Bypass
72. Remotely Accessible Registry (Full Access)
73. Vulnerability in Microsoft XML Core Services Allow sCode Execution (MS07-042)
74. IIS Sensitive Authentication Information Disclosure
75. rsh Detection
76. Citrix Server Detection
77. SMTP Server Listening on a Non-Default Port
78. Source Disclosure
79. Missing X-Frame-Options Response
80. HSTS Missing From HTTPS Server
81. Malformed Bind Request (LDAP Anonymous)
82. LDAP NT Search Request Information Retrieval
83. SSL RC4 Cipher Suites Supported
84. SSLv3 Padding Oracle On Downgraded Legacy Encryption (POODLE)
85. Web Application Cookies Lack Secure Flag
86. pcAnywhere Detection
87. Web Application Cookies Lack HttpOnly Flag
88. SSL Certificate is a Self Signed
89. Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration Without Credentials
90. Microsoft Windows SMB Shares Unprivileged Access
91. PHP Running Version Prior to 5.3.9
92. HP System Management Homepage Cross-site Request Forgery
93. DNS Amplification
94. OpenSSL Running Version Prior to 0.9.8zb
95. Microsoft Windows Kernel Win32k.sys PATHRECORD chain Multiple Vulnerabilities
96. VNC Server Authentication-less
97. SMB Use Host SID to Enumerate Local Users Without Credentials
98. Vulnerability in MHTML Allows Information Disclosure (MS11-037)
99. OpenSSL Running Version Prior to 0.9.8zf
100. Directory Disclosure
101. phpCMS parser.php XSS
102. Chargen Detection
103. My Little Forum Cross Site Scripting
104. Keene Digital Media Server XSS
105. WebCam Watchdog sresult.exe XSS
106. Faq-O-Matic fom.cgi XSS
107. Goollery viewpic.php XSS
108. DCP-Portal Cross Site Scripting Bugs
109. Apache Jakarta Cross-Site Scripting Vulnerability
110. PHP-CSL Cross Site Scripting

Most Common Low Risk Vulnerabilities:

1. HTTP Packet Inspection
2. ICMP Timestamp Request
3. NetBIOS Information Retrieval
4. Windows Host NetBIOS to Information Retrieval
5. rpcinfo -p Information Disclosure
6. Supported SSL Ciphers Suites
7. SSL Verification Test
8. Remote Host Replies to SYN+FIN
9. Directory Scanner
10. TCP Timestamps Retrieval
11. VMWare Host Detection
12. SSH Server Backported Security Patches
13. NULL Session Available (SMB)
14. Identify Unknown Services via GET Requests
15. VNCviewer in Listen Mode Detection
16. robot(s).txt Detection
17. DNS Bypass Firewall Rules (UDP 53)
18. RPC Portmapper
19. SNMP Protocol Version Detection
20. Telnet Detection
21. IIS Allows BASIC and/or NTLM Authentication
22. FTP Clear Text Authentication
23. SNMP Route Enumeration
24. Device Type
25. HTTP TRACE Method XSS Vulnerability
26. Microsoft IIS Default Page
27. Microsoft’s SQL UDP Info Query
28. HTTP Server Backported Security Patches
29. LANMAN Browse Listing
30. IPSEC IKE Detection
31. Apache HTTP Server httpOnly Cookie Information Leak
32. Microsoft .NET Handlers Enumeration
33. Flash Cross-Domain Policy File
34. Veritas NetBackup Agent Detection
35. SLP Detection
36. VMware ESX/GSX Server Detection
37. TTL Anomaly Detection
38. Apache HTTP Server httpOnly Cookie Information Disclosure
39. SMTP Service STARTTLS Command Support
40. SLP Server Detection (udp)
41. IIS Content-Location HTTP Header
42. Appweb HTTP Server Version
43. SMTP Authentication Methods
44. TFTPd Detection
45. Apache Tomcat Default Error Page Version Detection