CAPEC Related Weakness
Accessing Functionality Not Properly Constrained by ACLs
CWE-276Incorrect Default Permissions
CWE-285Improper Authorization
CWE-434Unrestricted Upload of File with Dangerous Type
CWE-693Protection Mechanism Failure
CWE-721
CWE-732Incorrect Permission Assignment for Critical Resource
Directory Indexing
CWE-276Incorrect Default Permissions
CWE-285Improper Authorization
CWE-288Authentication Bypass Using an Alternate Path or Channel
CWE-424Improper Protection of Alternate Path
CWE-425Direct Request ('Forced Browsing')
CWE-693Protection Mechanism Failure
CWE-721
CWE-732Incorrect Permission Assignment for Critical Resource
Footprinting
CWE-200Information Exposure
CWE-202Exposure of Sensitive Data Through Data Queries
CWE-276Incorrect Default Permissions
CWE-311Missing Encryption of Sensitive Data
CWE-312Cleartext Storage of Sensitive Information
CWE-319Cleartext Transmission of Sensitive Information
CWE-497Exposure of System Data to an Unauthorized Control Sphere
CWE-538File and Directory Information Exposure
Embedding Scripts within Scripts
CWE-71Apple '.DS_Store'
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-276Incorrect Default Permissions
CWE-279Incorrect Execution-Assigned Permissions
CWE-284Improper Access Control
CWE-692
CWE-697Insufficient Comparison
CWE-713
Web Logs Tampering
CWE-20Improper Input Validation
CWE-92DEPRECATED: Improper Sanitization of Custom Special Characters
CWE-93Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116Improper Encoding or Escaping of Output
CWE-117Improper Output Neutralization for Logs
CWE-150Improper Neutralization of Escape, Meta, or Control Sequences
CWE-221Information Loss or Omission
CWE-276Incorrect Default Permissions
CWE-279Incorrect Execution-Assigned Permissions
CWE-713
Back to Top