CAPEC Related Weakness
Manipulating Web Input to File System Calls
CWE-15External Control of System or Configuration Setting
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23Relative Path Traversal
CWE-59Improper Link Resolution Before File Access ('Link Following')
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-264Permissions, Privileges, and Access Controls
CWE-272Least Privilege Violation
CWE-285Improper Authorization
CWE-346Origin Validation Error
CWE-348Use of Less Trusted Source
CWE-715OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference
Command Injection
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
Manipulating Writeable Configuration Files
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-99Improper Control of Resource Identifiers ('Resource Injection')
CWE-346Origin Validation Error
CWE-349Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-353Missing Support for Integrity Check
CWE-354Improper Validation of Integrity Check Value
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
LDAP Injection
CWE-20Improper Input Validation
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-90Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Command Delimiters
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-93Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-138Improper Neutralization of Special Elements
CWE-140Improper Neutralization of Delimiters
CWE-146Improper Neutralization of Expression/Command Delimiters
CWE-154Improper Neutralization of Variable Name Delimiters
CWE-157Failure to Sanitize Paired Delimiters
CWE-184Incomplete List of Disallowed Inputs
CWE-185Incorrect Regular Expression
CWE-697Incorrect Comparison
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
IMAP/SMTP Command Injection
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
Manipulating Writeable Terminal Devices
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
Exploiting Multiple Input Interpretation Layers
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-179Incorrect Behavior Order: Early Validation
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-183Permissive List of Allowed Inputs
CWE-184Incomplete List of Disallowed Inputs
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
Back to Top