CAPEC Related Weakness
Filter Failure through Buffer Overflow
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118Improper Access of Indexable Resource ('Range Error')
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-680
CWE-697Insufficient Comparison
CWE-733Compiler Optimization Removal or Modification of Security-critical Code
XML Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-91XML Injection (aka Blind XPath Injection)
CWE-390Detection of Error Condition Without Action
CWE-707Improper Enforcement of Message or Data Structure
CWE-713
Leverage Alternate Encoding
CWE-20Improper Input Validation
CWE-21
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-692
CWE-697Insufficient Comparison
HTTP Response Smuggling
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-436Interpretation Conflict
Fuzzing
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-388
CWE-728
Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CWE-20Improper Input Validation
CWE-41Improper Resolution of Path Equivalence
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-179Incorrect Behavior Order: Early Validation
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-183Permissive Whitelist
CWE-184Incomplete Blacklist
CWE-697Insufficient Comparison
CWE-707Improper Enforcement of Message or Data Structure
HTTP Response Splitting
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-697Insufficient Comparison
CWE-707Improper Enforcement of Message or Data Structure
CWE-713
Manipulating Writeable Terminal Devices
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-306Missing Authentication for Critical Function
MIME Conversion
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Exploiting Multiple Input Interpretation Layers
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-171
CWE-179Incorrect Behavior Order: Early Validation
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-183Permissive Whitelist
CWE-184Incomplete Blacklist
CWE-697Insufficient Comparison
CWE-707Improper Enforcement of Message or Data Structure
Buffer Overflow via Symbolic Links
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118Improper Access of Indexable Resource ('Range Error')
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-285Improper Authorization
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-680
CWE-697Insufficient Comparison
Overflow Variables and Tags
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118Improper Access of Indexable Resource ('Range Error')
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-680
CWE-697Insufficient Comparison
CWE-733Compiler Optimization Removal or Modification of Security-critical Code
Buffer Overflow via Parameter Expansion
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118Improper Access of Indexable Resource ('Range Error')
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-130Improper Handling of Length Parameter Inconsistency
CWE-131Incorrect Calculation of Buffer Size
CWE-680
CWE-697Insufficient Comparison
Poison Web Service Registry
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-285Improper Authorization
CWE-693Protection Mechanism Failure
Embedding NULL Bytes
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-158Improper Neutralization of Null Byte or NUL Character
CWE-171
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-697Insufficient Comparison
CWE-707Improper Enforcement of Message or Data Structure
Postfix, Null Terminate, and Backslash
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-158Improper Neutralization of Null Byte or NUL Character
CWE-171
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-697Insufficient Comparison
CWE-707Improper Enforcement of Message or Data Structure
Using Slashes and URL Encoding Combined to Bypass Validation Logic
CWE-20Improper Input Validation
CWE-21
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-177Improper Handling of URL Encoding (Hex Encoding)
CWE-697Insufficient Comparison
CWE-707Improper Enforcement of Message or Data Structure
SQL Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-390Detection of Error Condition Without Action
CWE-697Insufficient Comparison
CWE-707Improper Enforcement of Message or Data Structure
CWE-713
String Format Overflow in syslog()
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-134Uncontrolled Format String
CWE-680
CWE-697Insufficient Comparison
Blind SQL Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-209Information Exposure Through an Error Message
CWE-390Detection of Error Condition Without Action
CWE-697Insufficient Comparison
CWE-707Improper Enforcement of Message or Data Structure
CWE-713
Using Unicode Encoding to Bypass Validation Logic
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-176Improper Handling of Unicode Encoding
CWE-179Incorrect Behavior Order: Early Validation
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-183Permissive Whitelist
CWE-184Incomplete Blacklist
CWE-692
CWE-697Insufficient Comparison
URL Encoding
CWE-20Improper Input Validation
CWE-21
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-177Improper Handling of URL Encoding (Hex Encoding)
Manipulating Input to File System Calls
CWE-15External Control of System or Configuration Setting
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23Relative Path Traversal
CWE-59Improper Link Resolution Before File Access ('Link Following')
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-264
CWE-272Least Privilege Violation
CWE-285Improper Authorization
CWE-346Origin Validation Error
CWE-348Use of Less Trusted Source
CWE-715
Using Escaped Slashes in Alternate Encoding
CWE-20Improper Input Validation
CWE-21
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-697Insufficient Comparison
CWE-707Improper Enforcement of Message or Data Structure
Using Slashes in Alternate Encoding
CWE-20Improper Input Validation
CWE-21
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-173Improper Handling of Alternate Encoding
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-185Incorrect Regular Expression
CWE-200Information Exposure
CWE-697Insufficient Comparison
CWE-707Improper Enforcement of Message or Data Structure
Buffer Overflow in an API Call
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118Improper Access of Indexable Resource ('Range Error')
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-680
CWE-697Insufficient Comparison
CWE-733Compiler Optimization Removal or Modification of Security-critical Code
Using UTF-8 Encoding to Bypass Validation Logic
CWE-20Improper Input Validation
CWE-21
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-692
CWE-697Insufficient Comparison
XPath Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-91XML Injection (aka Blind XPath Injection)
CWE-390Detection of Error Condition Without Action
CWE-707Improper Enforcement of Message or Data Structure
CWE-713
XQuery Injection
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-707Improper Enforcement of Message or Data Structure
CWE-713
Buffer Overflow in Local Command-Line Utilities
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118Improper Access of Indexable Resource ('Range Error')
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-680
CWE-697Insufficient Comparison
CWE-733Compiler Optimization Removal or Modification of Security-critical Code
XSS in IMG Tags
CWE-20Improper Input Validation
CWE-71Apple '.DS_Store'
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-82Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
CWE-692
CWE-697Insufficient Comparison
CWE-713
Buffer Overflow via Environment Variables
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-99Improper Control of Resource Identifiers ('Resource Injection')
CWE-118Improper Access of Indexable Resource ('Range Error')
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-680
CWE-697Insufficient Comparison
CWE-733Compiler Optimization Removal or Modification of Security-critical Code
Subverting Environment Variable Values
CWE-15External Control of System or Configuration Setting
CWE-20Improper Input Validation
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-200Information Exposure
CWE-285Improper Authorization
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-353Missing Support for Integrity Check
Format String Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-133
CWE-134Uncontrolled Format String
Client-side Injection-induced Buffer Overflow
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118Improper Access of Indexable Resource ('Range Error')
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-353Missing Support for Integrity Check
CWE-680
CWE-697Insufficient Comparison
CWE-713
Server Side Include (SSI) Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-97Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
CWE-713
Cross Site Scripting through Log Files
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-117Improper Output Neutralization for Logs
Command Line Execution through SQL Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-114Process Control
Back to Top