The vast majority of network attacks are focused on the most commonly discovered vulnerabilities and the ease with which they can be exploited. Drive-by attacks seek out a single common vulnerability, or ‘low hanging fruit,’ and then determine whether any of the hacked network is of interest. Targeted attacks will use the most common vulnerability list to create a path from first contact to flag capture.

In either attack scenario, a network with any of the top 100 vulnerabilities looks weak and invites attack. You may have four attack dogs in your warehouse for overnight protection, but leaving the loading door unlocked increases the likelihood that someone will try to enter. Keep the dogs, but please close the door.

Regardless of how an attacker gained their first foothold, these common vulnerabilities are the most likely paths of attack. The first point of contact for an attacker could be phishing, access control bypass, endpoint attack, or another method. The most valuable targets are located further into the network, and hackers WILL seek the shortest path available.

Most Common High Risk Vulnerabilities:
1.Microsoft Windows HTTP.sys Code Execution Vulnerability

  1. OpenSSH Trusted X11 Cookie Connection Policy Bypass Vulnerability
  2. OpenSSH Privilege Separation Monitor Weakness
  3. OpenSSL Running Version Prior to 0.9.8zc POODLE
  4. Mountable NFS Shares
  5. Apache APR apr_palloc Heap Overflow
  6. .NET Framework and Microsoft Silverlight Allows Code Execution (MS11-039)
  7. Combined Security Update(MS12-034)
  8. Internet Explorer 8 Allows Code Execution(KB2847140)
  9. Cisco SSH Malformed Packet DoS
  10. Insecure Library Loading Allows Code Execution (KB2269637)
  11. Vulnerabilities in Windows Kernel-Mode Drivers Allow Elevation of Privilege (MS12-047)
  12. Vulnerabilities in Elevation of Privilege Using Windows Service Isolation Bypass (982316)
  13. PHP Running Version Prior to 5.2.15
  14. Unauthorized Digital Certificates Allow Spoofing (KB2728973)
  15. VMware ESX Running Version Prior to 4.1
  16. OpenSSL Running Version Prior to 1.0.1i
  17. Oracle Java SE Multiple Vulnerabilities (October 2010 CPU)
  18. Oracle Java SE Multiple Vulnerabilities (June 2011 CPU)
  19. Multiple Vendor IPMI ‘cipher zero’ Authentication Bypass Vulnerability
  20. Vulnerabilities in MySQL Unsupported Version Detection
  21. Vulnerabilities in Server Service Allows Code Execution (MS08-067, Network)
  22. Vulnerabilities in Group Policy Allows Code Execution (MS15-011)
  23. Vulnerabilities in Apache Running Version Prior to 2.2.28
  24. Vulnerabilities in PHP CGI Query String Code Execution
  25. Vulnerabilities in SQL Injection
  26. Vulnerabilities in Cross Site Scripting
  27. Vulnerabilities in Custom Web Code
  28. Vulnerabilities in VMware ESXi 3.5
  29. Vulnerabilities in PHP Running Version Prior to 5.3.11
  30. Vulnerabilities in NSClient Default Password
  31. Vulnerabilities in PHP Unsupported Version Detection
  32. .NET Framework Allows Code Execution (MS11-044)
  33. .NET Framework Allows Code Execution (MS11-028)
  34. Vulnerabilities in Microsoft XML Core Services Allows Code Execution (KB2719615)
  35. Vulnerabilities in Microsoft SQL Server Allows Code Execution (MS09-004,KB959420)
  36. Vulnerabilities in PHP Running Version Prior to 5.3.26
  37. Vulnerabilities in PHP Running Version Prior to 5.3.22
  38. Vulnerabilities in .NET Framework and Microsoft Silverlight Allow Code Execution (MS12-016)
  39. Vulnerabilities in Flash Player Running Version Prior to 10.3.183.75 / 11.7.700.169 (APSB13-14)
  40. Vulnerabilities in Remote Portmapper Forwards NFS Requests
  41. Flash Player Running Version Prior to 11.7.700.232 / 11.8.800.94 (APSB13-17)
  42. Windows 2000 Unsupported Installation Detection
  43. Flash Player Running Version Prior to 10.3.183.68 / 11.6.602.180 (APSB13-09)
  44. Flash Player Running Version Prior to 10.3.183.75 / 11.7.700.169 (APSB13-11)
  45. Flash Player Running Version Prior to 10.3.183.15 / 11.7.102.62 (APSB12-05)
  46. Flash Player Running Versions Prior to 10.3.183.15 / 11.1.102.62 (APSB12-03)
  47. Flash Player Running Versions Prior to 10.3.183.10 / 11.0.1.152 (APSB11-28)
  48. Flash Player Running Version Prior to 10.3.183.67 / 11.6.602.171 (APSB13-08)
  49. Flash Player Running Version Prior to 10.3.183.51 / 11.5.502.149 (APSB13-05)
  50. Flash Player Running Version Prior to 10.3.183.50 / 11.5.502.146 (APSB13-04)
  51. Sun Java JRE Unsupported Version
  52. Flash Player Running Version Prior to 10.3.183.7 (APSB11-26)
  53. PHP Running Version Prior to 5.3.13
  54. Flash Player Running Version Prior to 10.3.183.43 / 11.5.502.110 (APSB12-27)
  55. Flash Player Running Version Prior to 10.3.183.48 / 11.5.502.135 (APSB13-01)
  56. Flash Player Running Version Prior to 10.3.183.43 / 11.5.502.110 (APSB12-24)
  57. Flash Player Running Version Prior to 10.3.183.24 / 11.4.402.279 (APSB12-22)
  58. Flash Player Running Version Prior to 10.3.183.23 / 11.4.402.265 (APSB12-19)
  59. PHP Running Version Prior to 5.3.14
  60. Flash Player Object Confusion Vulnerability (APSB12-09)
  61. Flash Player Running Version Prior to 10.3.183.19 / 11.3.300.256 (APSB12-14)
  62. Flash Player Running Version Prior to 10.3.183.5 (APSB11-21)
  63. Flash Player Running Version Prior to 10.3.181.26 (APSB11-18)
  64. Flash Player Unspecified Memory Corruption (APSA11-01)
  65. Flash Player Running Version Prior to 10.3.181.14 (APSB11-12)
  66. Flash Player Running Version Prior to 10.2.152.26 (APSB11-02)
  67. PHP Running Version Prior to 5.4.17
  68. Flash Player Unspecified Code Execution (APSB10-22)
  69. Adobe Flash Player Multiple Vulnerabilities (APSB10-26)
  70. Adobe Flash Player Multiple Vulnerabilities (ASPB10-14)
  71. Vulnerability in .NET Framework and Microsoft Silverlight Allow Code Execution (MS11-078)
  72. Vulnerability in HTTP.sys Allows Remote Code Execution (MS15-034, Network Check)
  73. OpenSSH Running Version Prior to 7.0
  74. Obsolete Web Server Software Detection
  75. Lighttpd ‘hostname’ Directory Traversal and SQLi Vulnerabilities
  76. .NET Framework Allow Code Execution (MS12-035)
  77. Samba CAP_DAC_OVERRIDE File Permission Security Bypass (Network)
  78. PHP Running Version Prior to 5.3.15
  79. Vulnerability in Microsoft Malware Protection Engine Allows Code Execution (KB2846338)
  80. Microsoft Malware Protection Engine (MMPE) Privilege Escalation (2491888)
  81. Dropbear SSH Server Channel Concurrency Use-after-free Code Execution
  82. Proxy Allows Gopher:// Requests
  83. Cisco IOS Software Processing of SAA Packets Flaw
  84. SNMP Disclosure of HP JetDirect EWS Password
  85. Dabber Worm Detection (MS04-011)
  86. PHP Running Version Prior to 5.3.2_5.2.13
  87. Flash Player Multiple Memory Corruption Vulnerabilities (APSB12-07)
  88. Microsoft Windows SMB2 ‘_Smb2ValidateProviderCallback()’ Vulnerability (MS09-050, Network Check)
  89. Microsoft SQL Server Blank Password
  90. statd RPC Format String
  91. HP StorageWorks MSA P2000 Hidden ‘admin’ User Default Credentials

93.Vulnerabilities in .NET Framework Allows Code Execution (MS12-038)

  1. radmin Detection
  2. Vulnerabilities in .NET Framework Allow Code Execution (MS12-074)
  3. Flash Player ActionScript Predefined Class Prototype Addition Code Execution (APSB11-07)
  4. NFS Shares World Readable
  5. Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program (KB3097617)
  6. NVIDIA Display Driver Service Stack Buffer Overflow (Registry)

100.Flash Player Memory Corruption (APSB13-16)

Most Common Medium Risk Vulnerabilities:

  1. SMB Listens on Port
  2. Windows Terminal Service Detection
  3. Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure
  4. SMB Signing Disabled
  5. Deprecated SSL Protocol Usage
  6. Source Disclosure
  7. Shared Directory Access (Login)
  8. SSL Medium Strength Cipher Suites Supported
  9. Default Community Names (SNMP Agent)
  10. Microsoft’s SQL TCP/IP Listener
  11. SNMPwalk Port Scanner
  12. VNC Security Types Detection
  13. AutoComplete Not Disabled
  14. Unencrypted Telnet Server

15.Obtain Network Interfaces List via SNMP

  1. SSL Suites Weak Ciphers
  2. SNMP Agent Default Community Name (public)
  3. SSL Certificate Expiry
  4. Database Reachable from the Internet
  5. Non-SSL Login
  6. Vulnerabilities in SQL Server Allows Elevation of Privilege (MS12-070, Network)
  7. Microsoft IIS Tilde Character Information Disclosure Vulnerability

23.LDAP Null Directory Bases

  1. Appweb Insecure SSL Renegotiation
  2. Web Server Cross Site Scripting
  3. DNS Server Allows Recursive Queries
  4. WebDAV Detection
  5. Linux Kernel UDP Implementation IP Identification Field OS Disclosure
  6. SSH Protocol Version 1 Detection
  7. MS SQL Server Resolution Service Amplification Reflected DRDoS Vulnerability
  8. SMB Shares Enumeration
  9. Apache HTTP Server Range Header Denial of Service Vulnerability (DoS)
  10. PHP expose_php Information Disclosure
  11. Apache HTTP Server Byte Range DoS

35.SMTP Service Cleartext Login Permitted

  1. Apache UserDir Sensitive Information Disclosure
  2. Obtain Processes List via SNMP
  3. Remotely Accessible Registry
  4. OpenSSL Heartbeat Vulnerability (Heartbleed)
  5. Apache mod_negotiation Multi-Line Filename Upload Vulnerabilities
  6. Microsoft ASP.NET Information Disclosure Vulnerability (Network, MS10-070)
  7. Apache Running Version Prior to 2.2.25
  8. Apache Running Version Prior to 2.2.24
  9. Apache Running Version Prior to 2.2.23
  10. Shell Detection
  11. Shared Directory Access (Share Access)
  12. Guest Account Accessible (SMB)
  13. Oracle tnslsnr Version Detection
  14. Apache mod_suexec Multiple Privilege Escalation Vulnerabilities
  15. Credit Card Information
  16. Apache Running Version Prior to 2.2.22
  17. OpenSSH S/KEY Authentication Account Enumeration
  18. ntpd Mode 7 Error Response Packet Loop DoS
  19. Enumerate LANMAN Services via SNMP
  20. Apache Running Version Prior to 2.2.27
  21. Enumerate LANMAN Users via SNMP
  22. OpenSSL Running Version Prior to 0.9.8za
  23. SMB Host SID User Enumeration
  24. OpenSSH Multiple Vulnerabilities
  25. SMB Users Listing
  26. Enumerate LANMAN Shares via SNMP
  27. Passwordless Lexmark Printer
  28. Apache Tomcat Transfer-Encoding Header Vulnerability
  29. Apache mod_proxy_ajp DoS
  30. Users in the ‘Admin’ Group
  31. NFS Server Superfluous
  32. OpenSSH X11 Session Hijacking Vulnerability
  33. Unsupported Microsoft XML Parser (MSXML) and XML Core Services
  34. Apache APR apr_fnmatch DoS
  35. Fraudulent Digital Certificates Allow Spoofing (KB2524375)
  36. OpenSSH ‘ForceCommand’ Directive Bypass
  37. Remotely Accessible Registry (Full Access)
  38. Vulnerability in Microsoft XML Core Services Allow sCode Execution (MS07-042)
  39. IIS Sensitive Authentication Information Disclosure
  40. rsh Detection
  41. Citrix Server Detection
  42. SMTP Server Listening on a Non-Default Port
  43. Source Disclosure
  44. Missing X-Frame-Options Response
  45. HSTS Missing From HTTPS Server
  46. Malformed Bind Request (LDAP Anonymous)
  47. LDAP NT Search Request Information Retrieval
  48. SSL RC4 Cipher Suites Supported
  49. SSLv3 Padding Oracle On Downgraded Legacy Encryption (POODLE)
  50. Web Application Cookies Lack Secure Flag
  51. pcAnywhere Detection
  52. Web Application Cookies Lack HttpOnly Flag
  53. SSL Certificate is a Self Signed
  54. Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration Without Credentials
  55. Microsoft Windows SMB Shares Unprivileged Access
  56. PHP Running Version Prior to 5.3.9
  57. HP System Management Homepage Cross-site Request Forgery
  58. DNS Amplification
  59. OpenSSL Running Version Prior to 0.9.8zb
  60. Microsoft Windows Kernel Win32k.sys PATHRECORD chain Multiple Vulnerabilities
  61. VNC Server Authentication-less
  62. SMB Use Host SID to Enumerate Local Users Without Credentials
  63. Vulnerability in MHTML Allows Information Disclosure (MS11-037)
  64. OpenSSL Running Version Prior to 0.9.8zf
  65. Directory Disclosure
  66. phpCMS parser.php XSS
  67. Chargen Detection
  68. My Little Forum Cross Site Scripting
  69. Keene Digital Media Server XSS
  70. WebCam Watchdog sresult.exe XSS
  71. Faq-O-Matic fom.cgi XSS
  72. Goollery viewpic.php XSS
  73. DCP-Portal Cross Site Scripting Bugs
  74. Apache Jakarta Cross-Site Scripting Vulnerability
  75. PHP-CSL Cross Site Scripting

Most Common Low Risk Vulnerabilities:

  1. HTTP Packet Inspection
  2. ICMP Timestamp Request
  3. NetBIOS Information Retrieval
  4. Windows Host NetBIOS to Information Retrieval
  5. rpcinfo -p Information Disclosure
  6. Supported SSL Ciphers Suites
  7. SSL Verification Test
  8. Remote Host Replies to SYN+FIN
  9. Directory Scanner
  10. TCP Timestamps Retrieval
  11. VMWare Host Detection
  12. SSH Server Backported Security Patches
  13. NULL Session Available (SMB)
  14. Identify Unknown Services via GET Requests
  15. VNCviewer in Listen Mode Detection
  16. robot(s).txt Detection
  17. DNS Bypass Firewall Rules (UDP 53)
  18. RPC Portmapper
  19. SNMP Protocol Version Detection
  20. Telnet Detection
  21. IIS Allows BASIC and/or NTLM Authentication
  22. FTP Clear Text Authentication
  23. SNMP Route Enumeration
  24. Device Type
  25. HTTP TRACE Method XSS Vulnerability
  26. Microsoft IIS Default Page
  27. Microsoft’s SQL UDP Info Query
  28. HTTP Server Backported Security Patches
  29. LANMAN Browse Listing
  30. IPSEC IKE Detection
  31. Apache HTTP Server httpOnly Cookie Information Leak
  32. Microsoft .NET Handlers Enumeration
  33. Flash Cross-Domain Policy File
  34. Veritas NetBackup Agent Detection
  35. SLP Detection
  36. VMware ESX/GSX Server Detection
  37. TTL Anomaly Detection
  38. Apache HTTP Server httpOnly Cookie Information Disclosure
  39. SMTP Service STARTTLS Command Support
  40. SLP Server Detection (udp)
  41. IIS Content-Location HTTP Header
  42. Appweb HTTP Server Version
  43. SMTP Authentication Methods
  44. TFTPd Detection
  45. Apache Tomcat Default Error Page Version Detection