CAPEC Related Weakness
Accessing Functionality Not Properly Constrained by ACLs
CWE-276Incorrect Default Permissions
CWE-285Improper Authorization
CWE-434Unrestricted Upload of File with Dangerous Type
CWE-693Protection Mechanism Failure
CWE-721OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access
CWE-732Incorrect Permission Assignment for Critical Resource
Privilege Abuse
CWE-269Improper Privilege Management
CWE-732Incorrect Permission Assignment for Critical Resource
Directory Indexing
CWE-276Incorrect Default Permissions
CWE-285Improper Authorization
CWE-288Authentication Bypass Using an Alternate Path or Channel
CWE-424Improper Protection of Alternate Path
CWE-425Direct Request ('Forced Browsing')
CWE-693Protection Mechanism Failure
CWE-721OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access
CWE-732Incorrect Permission Assignment for Critical Resource
Using Malicious Files
CWE-59Improper Link Resolution Before File Access ('Link Following')
CWE-264Permissions, Privileges, and Access Controls
CWE-270Privilege Context Switching Error
CWE-272Least Privilege Violation
CWE-275Permission Issues
CWE-282Improper Ownership Management
CWE-285Improper Authorization
CWE-693Protection Mechanism Failure
CWE-732Incorrect Permission Assignment for Critical Resource
Exploiting Incorrectly Configured Access Control Security Levels
CWE-732Incorrect Permission Assignment for Critical Resource
Signing Malicious Code
CWE-732Incorrect Permission Assignment for Critical Resource
Hijacking a privileged process
CWE-648Incorrect Use of Privileged APIs
CWE-732Incorrect Permission Assignment for Critical Resource
Reusing Session IDs (aka Session Replay)
CWE-200Exposure of Sensitive Information to an Unauthorized Actor
CWE-285Improper Authorization
CWE-290Authentication Bypass by Spoofing
CWE-294Authentication Bypass by Capture-replay
CWE-346Origin Validation Error
CWE-384Session Fixation
CWE-488Exposure of Data Element to Wrong Session
CWE-539Use of Persistent Cookies Containing Sensitive Information
CWE-664Improper Control of a Resource Through its Lifetime
CWE-732Incorrect Permission Assignment for Critical Resource
Session Fixation
CWE-3617PK - Time and State
CWE-384Session Fixation
CWE-664Improper Control of a Resource Through its Lifetime
CWE-732Incorrect Permission Assignment for Critical Resource
Cross Site Request Forgery
CWE-306Missing Authentication for Critical Function
CWE-352Cross-Site Request Forgery (CSRF)
CWE-664Improper Control of a Resource Through its Lifetime
CWE-716OWASP Top Ten 2007 Category A5 - Cross Site Request Forgery (CSRF)
CWE-732Incorrect Permission Assignment for Critical Resource
Replace Binaries
CWE-732Incorrect Permission Assignment for Critical Resource
Back to Top