CAPEC Related Weakness
Blind SQL Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-209Generation of Error Message Containing Sensitive Information
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
Overflow Variables and Tags
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118Incorrect Access of Indexable Resource ('Range Error')
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-680Integer Overflow to Buffer Overflow
CWE-697Incorrect Comparison
CWE-733Compiler Optimization Removal or Modification of Security-critical Code
Postfix, Null Terminate, and Backslash
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-158Improper Neutralization of Null Byte or NUL Character
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
Web Logs Tampering
CWE-20Improper Input Validation
CWE-75Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
CWE-93Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116Improper Encoding or Escaping of Output
CWE-117Improper Output Neutralization for Logs
CWE-150Improper Neutralization of Escape, Meta, or Control Sequences
CWE-221Information Loss or Omission
CWE-276Incorrect Default Permissions
CWE-279Incorrect Execution-Assigned Permissions
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
Signature Spoof
CWE-20Improper Input Validation
CWE-290Authentication Bypass by Spoofing
CWE-327Use of a Broken or Risky Cryptographic Algorithm
Using Unicode Encoding to Bypass Validation Logic
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-176Improper Handling of Unicode Encoding
CWE-179Incorrect Behavior Order: Early Validation
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-183Permissive List of Allowed Inputs
CWE-184Incomplete List of Disallowed Inputs
CWE-692Incomplete Denylist to Cross-Site Scripting
CWE-697Incorrect Comparison
OS Command Injection
CWE-20Improper Input Validation
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-88Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-697Incorrect Comparison
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
Buffer Overflow in an API Call
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118Incorrect Access of Indexable Resource ('Range Error')
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-680Integer Overflow to Buffer Overflow
CWE-697Incorrect Comparison
CWE-733Compiler Optimization Removal or Modification of Security-critical Code
XSS Using MIME Type Mismatch
CWE-20Improper Input Validation
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-646Reliance on File Name or Extension of Externally-Supplied File
XPath Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-91XML Injection (aka Blind XPath Injection)
CWE-707Improper Neutralization
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
Using Slashes and URL Encoding Combined to Bypass Validation Logic
CWE-20Improper Input Validation
CWE-21DEPRECATED: Pathname Traversal and Equivalence Errors
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-177Improper Handling of URL Encoding (Hex Encoding)
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
Embedding NULL Bytes
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-158Improper Neutralization of Null Byte or NUL Character
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
String Format Overflow in syslog()
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-134Use of Externally-Controlled Format String
CWE-680Integer Overflow to Buffer Overflow
CWE-697Incorrect Comparison
Using Escaped Slashes in Alternate Encoding
CWE-20Improper Input Validation
CWE-21DEPRECATED: Pathname Traversal and Equivalence Errors
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
Buffer Overflow via Environment Variables
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-99Improper Control of Resource Identifiers ('Resource Injection')
CWE-118Incorrect Access of Indexable Resource ('Range Error')
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-680Integer Overflow to Buffer Overflow
CWE-697Incorrect Comparison
CWE-733Compiler Optimization Removal or Modification of Security-critical Code
Cross Zone Scripting
CWE-20Improper Input Validation
CWE-116Improper Encoding or Escaping of Output
CWE-250Execution with Unnecessary Privileges
CWE-285Improper Authorization
CWE-638Not Using Complete Mediation
Object Relational Mapping Injection
CWE-20Improper Input Validation
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-100DEPRECATED: Technology-Specific Input Validation Problems
CWE-564SQL Injection: Hibernate
SQL Injection through SOAP Parameter Tampering
CWE-20Improper Input Validation
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Filter Failure through Buffer Overflow
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118Incorrect Access of Indexable Resource ('Range Error')
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-680Integer Overflow to Buffer Overflow
CWE-697Incorrect Comparison
CWE-733Compiler Optimization Removal or Modification of Security-critical Code
Fuzzing for garnering other adjacent user/sensitive data
CWE-20Improper Input Validation
Buffer Overflow via Parameter Expansion
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118Incorrect Access of Indexable Resource ('Range Error')
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-130Improper Handling of Length Parameter Inconsistency
CWE-131Incorrect Calculation of Buffer Size
CWE-680Integer Overflow to Buffer Overflow
CWE-697Incorrect Comparison
URL Encoding
CWE-20Improper Input Validation
CWE-21DEPRECATED: Pathname Traversal and Equivalence Errors
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-177Improper Handling of URL Encoding (Hex Encoding)
Using UTF-8 Encoding to Bypass Validation Logic
CWE-20Improper Input Validation
CWE-21DEPRECATED: Pathname Traversal and Equivalence Errors
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-692Incomplete Denylist to Cross-Site Scripting
CWE-697Incorrect Comparison
Buffer Overflow in Local Command-Line Utilities
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118Incorrect Access of Indexable Resource ('Range Error')
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-680Integer Overflow to Buffer Overflow
CWE-697Incorrect Comparison
CWE-733Compiler Optimization Removal or Modification of Security-critical Code
DOM-Based XSS
CWE-20Improper Input Validation
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-83Improper Neutralization of Script in Attributes in a Web Page
SQL Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
Using Slashes in Alternate Encoding
CWE-20Improper Input Validation
CWE-21DEPRECATED: Pathname Traversal and Equivalence Errors
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-173Improper Handling of Alternate Encoding
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-185Incorrect Regular Expression
CWE-200Exposure of Sensitive Information to an Unauthorized Actor
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
LDAP Injection
CWE-20Improper Input Validation
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-90Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Client-side Injection-induced Buffer Overflow
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118Incorrect Access of Indexable Resource ('Range Error')
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-353Missing Support for Integrity Check
CWE-680Integer Overflow to Buffer Overflow
CWE-697Incorrect Comparison
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
XML Oversized Payloads
CWE-19Data Processing Errors
CWE-20Improper Input Validation
CWE-112Missing XML Validation
CWE-674Uncontrolled Recursion
CWE-770Allocation of Resources Without Limits or Throttling
Accessing/Intercepting/Modifying HTTP Cookies
CWE-20Improper Input Validation
CWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-311Missing Encryption of Sensitive Data
CWE-315Cleartext Storage of Sensitive Information in a Cookie
CWE-384Session Fixation
CWE-472External Control of Assumed-Immutable Web Parameter
CWE-539Use of Persistent Cookies Containing Sensitive Information
CWE-565Reliance on Cookies without Validation and Integrity Checking
CWE-602Client-Side Enforcement of Server-Side Security
CWE-642External Control of Critical State Data
CWE-724OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
Input Data Manipulation
CWE-20Improper Input Validation
File Content Injection
CWE-20Improper Input Validation
Fuzzing
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-3887PK - Errors
MIME Conversion
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Buffer Overflow via Symbolic Links
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118Incorrect Access of Indexable Resource ('Range Error')
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-285Improper Authorization
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-680Integer Overflow to Buffer Overflow
CWE-697Incorrect Comparison
AJAX Fingerprinting
CWE-20Improper Input Validation
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-116Improper Encoding or Escaping of Output
CWE-184Incomplete List of Disallowed Inputs
CWE-348Use of Less Trusted Source
CWE-692Incomplete Denylist to Cross-Site Scripting
CWE-712OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS)
Server Side Include (SSI) Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-97Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
Command Line Execution through SQL Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-114Process Control
Double Encoding
CWE-20Improper Input Validation
CWE-21DEPRECATED: Pathname Traversal and Equivalence Errors
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-177Improper Handling of URL Encoding (Hex Encoding)
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-183Permissive List of Allowed Inputs
CWE-184Incomplete List of Disallowed Inputs
CWE-692Incomplete Denylist to Cross-Site Scripting
CWE-697Incorrect Comparison
Subverting Environment Variable Values
CWE-15External Control of System or Configuration Setting
CWE-20Improper Input Validation
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-200Exposure of Sensitive Information to an Unauthorized Actor
CWE-285Improper Authorization
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-353Missing Support for Integrity Check
Format String Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-133String Errors
CWE-134Use of Externally-Controlled Format String
Flash Injection
CWE-20Improper Input Validation
CWE-184Incomplete List of Disallowed Inputs
CWE-697Incorrect Comparison
Exploiting Trust in Client
CWE-20Improper Input Validation
CWE-200Exposure of Sensitive Information to an Unauthorized Actor
CWE-287Improper Authentication
CWE-290Authentication Bypass by Spoofing
CWE-693Protection Mechanism Failure
XML Nested Payloads
CWE-19Data Processing Errors
CWE-20Improper Input Validation
CWE-112Missing XML Validation
CWE-674Uncontrolled Recursion
CWE-770Allocation of Resources Without Limits or Throttling
XML Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-91XML Injection (aka Blind XPath Injection)
CWE-707Improper Neutralization
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
Leverage Alternate Encoding
CWE-20Improper Input Validation
CWE-21DEPRECATED: Pathname Traversal and Equivalence Errors
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-692Incomplete Denylist to Cross-Site Scripting
CWE-697Incorrect Comparison
Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CWE-20Improper Input Validation
CWE-41Improper Resolution of Path Equivalence
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-179Incorrect Behavior Order: Early Validation
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-183Permissive List of Allowed Inputs
CWE-184Incomplete List of Disallowed Inputs
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
Exploiting Multiple Input Interpretation Layers
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-179Incorrect Behavior Order: Early Validation
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-183Permissive List of Allowed Inputs
CWE-184Incomplete List of Disallowed Inputs
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
Cross-Site Scripting (XSS)
CWE-20Improper Input Validation
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
User-Controlled Filename
CWE-20Improper Input Validation
CWE-86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116Improper Encoding or Escaping of Output
CWE-184Incomplete List of Disallowed Inputs
CWE-348Use of Less Trusted Source
CWE-350Reliance on Reverse DNS Resolution for a Security-Critical Action
CWE-697Incorrect Comparison
Back to Top