CAPEC | Related Weakness |
Blind SQL Injection |
CWE-20 | Improper Input Validation |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
CWE-209 | Generation of Error Message Containing Sensitive Information |
CWE-697 | Incorrect Comparison |
CWE-707 | Improper Neutralization |
CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
Overflow Variables and Tags |
CWE-20 | Improper Input Validation |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-118 | Incorrect Access of Indexable Resource ('Range Error') |
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
CWE-680 | Integer Overflow to Buffer Overflow |
CWE-697 | Incorrect Comparison |
CWE-733 | Compiler Optimization Removal or Modification of Security-critical Code |
|
Postfix, Null Terminate, and Backslash |
CWE-20 | Improper Input Validation |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-158 | Improper Neutralization of Null Byte or NUL Character |
CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CWE-172 | Encoding Error |
CWE-173 | Improper Handling of Alternate Encoding |
CWE-697 | Incorrect Comparison |
CWE-707 | Improper Neutralization |
|
Using Unicode Encoding to Bypass Validation Logic |
CWE-20 | Improper Input Validation |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CWE-172 | Encoding Error |
CWE-173 | Improper Handling of Alternate Encoding |
CWE-176 | Improper Handling of Unicode Encoding |
CWE-179 | Incorrect Behavior Order: Early Validation |
CWE-180 | Incorrect Behavior Order: Validate Before Canonicalize |
CWE-183 | Permissive List of Allowed Inputs |
CWE-184 | Incomplete List of Disallowed Inputs |
CWE-692 | Incomplete Denylist to Cross-Site Scripting |
CWE-697 | Incorrect Comparison |
|
OS Command Injection |
CWE-20 | Improper Input Validation |
CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
CWE-88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') |
CWE-697 | Incorrect Comparison |
CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
Buffer Overflow in an API Call |
CWE-20 | Improper Input Validation |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-118 | Incorrect Access of Indexable Resource ('Range Error') |
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
CWE-680 | Integer Overflow to Buffer Overflow |
CWE-697 | Incorrect Comparison |
CWE-733 | Compiler Optimization Removal or Modification of Security-critical Code |
|
HTTP Response Splitting |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-113 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') |
CWE-697 | Incorrect Comparison |
CWE-707 | Improper Neutralization |
CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
Using Slashes and URL Encoding Combined to Bypass Validation Logic |
CWE-20 | Improper Input Validation |
CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors |
CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
CWE-73 | External Control of File Name or Path |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CWE-172 | Encoding Error |
CWE-173 | Improper Handling of Alternate Encoding |
CWE-177 | Improper Handling of URL Encoding (Hex Encoding) |
CWE-697 | Incorrect Comparison |
CWE-707 | Improper Neutralization |
|
Embedding NULL Bytes |
CWE-20 | Improper Input Validation |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-158 | Improper Neutralization of Null Byte or NUL Character |
CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CWE-172 | Encoding Error |
CWE-173 | Improper Handling of Alternate Encoding |
CWE-697 | Incorrect Comparison |
CWE-707 | Improper Neutralization |
|
String Format Overflow in syslog() |
CWE-20 | Improper Input Validation |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
CWE-134 | Use of Externally-Controlled Format String |
CWE-680 | Integer Overflow to Buffer Overflow |
CWE-697 | Incorrect Comparison |
|
Using Escaped Slashes in Alternate Encoding |
CWE-20 | Improper Input Validation |
CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors |
CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
CWE-73 | External Control of File Name or Path |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CWE-172 | Encoding Error |
CWE-173 | Improper Handling of Alternate Encoding |
CWE-180 | Incorrect Behavior Order: Validate Before Canonicalize |
CWE-181 | Incorrect Behavior Order: Validate Before Filter |
CWE-697 | Incorrect Comparison |
CWE-707 | Improper Neutralization |
|
Buffer Overflow via Environment Variables |
CWE-20 | Improper Input Validation |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-99 | Improper Control of Resource Identifiers ('Resource Injection') |
CWE-118 | Incorrect Access of Indexable Resource ('Range Error') |
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
CWE-302 | Authentication Bypass by Assumed-Immutable Data |
CWE-680 | Integer Overflow to Buffer Overflow |
CWE-697 | Incorrect Comparison |
CWE-733 | Compiler Optimization Removal or Modification of Security-critical Code |
|
Filter Failure through Buffer Overflow |
CWE-20 | Improper Input Validation |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-118 | Incorrect Access of Indexable Resource ('Range Error') |
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
CWE-680 | Integer Overflow to Buffer Overflow |
CWE-697 | Incorrect Comparison |
CWE-733 | Compiler Optimization Removal or Modification of Security-critical Code |
|
Buffer Overflow via Parameter Expansion |
CWE-20 | Improper Input Validation |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-118 | Incorrect Access of Indexable Resource ('Range Error') |
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
CWE-130 | Improper Handling of Length Parameter Inconsistency |
CWE-131 | Incorrect Calculation of Buffer Size |
CWE-680 | Integer Overflow to Buffer Overflow |
CWE-697 | Incorrect Comparison |
|
Argument Injection |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
CWE-146 | Improper Neutralization of Expression/Command Delimiters |
CWE-184 | Incomplete List of Disallowed Inputs |
CWE-185 | Incorrect Regular Expression |
CWE-697 | Incorrect Comparison |
CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
Using UTF-8 Encoding to Bypass Validation Logic |
CWE-20 | Improper Input Validation |
CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors |
CWE-73 | External Control of File Name or Path |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CWE-172 | Encoding Error |
CWE-173 | Improper Handling of Alternate Encoding |
CWE-180 | Incorrect Behavior Order: Validate Before Canonicalize |
CWE-181 | Incorrect Behavior Order: Validate Before Filter |
CWE-692 | Incomplete Denylist to Cross-Site Scripting |
CWE-697 | Incorrect Comparison |
|
Buffer Overflow in Local Command-Line Utilities |
CWE-20 | Improper Input Validation |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-118 | Incorrect Access of Indexable Resource ('Range Error') |
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
CWE-680 | Integer Overflow to Buffer Overflow |
CWE-697 | Incorrect Comparison |
CWE-733 | Compiler Optimization Removal or Modification of Security-critical Code |
|
SQL Injection |
CWE-20 | Improper Input Validation |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
CWE-697 | Incorrect Comparison |
CWE-707 | Improper Neutralization |
CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
Using Slashes in Alternate Encoding |
CWE-20 | Improper Input Validation |
CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors |
CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
CWE-73 | External Control of File Name or Path |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CWE-173 | Improper Handling of Alternate Encoding |
CWE-180 | Incorrect Behavior Order: Validate Before Canonicalize |
CWE-181 | Incorrect Behavior Order: Validate Before Filter |
CWE-185 | Incorrect Regular Expression |
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor |
CWE-697 | Incorrect Comparison |
CWE-707 | Improper Neutralization |
|
Client-side Injection-induced Buffer Overflow |
CWE-20 | Improper Input Validation |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-118 | Incorrect Access of Indexable Resource ('Range Error') |
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
CWE-353 | Missing Support for Integrity Check |
CWE-680 | Integer Overflow to Buffer Overflow |
CWE-697 | Incorrect Comparison |
CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
Command Delimiters |
CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
CWE-93 | Improper Neutralization of CRLF Sequences ('CRLF Injection') |
CWE-138 | Improper Neutralization of Special Elements |
CWE-140 | Improper Neutralization of Delimiters |
CWE-146 | Improper Neutralization of Expression/Command Delimiters |
CWE-154 | Improper Neutralization of Variable Name Delimiters |
CWE-157 | Failure to Sanitize Paired Delimiters |
CWE-184 | Incomplete List of Disallowed Inputs |
CWE-185 | Incorrect Regular Expression |
CWE-697 | Incorrect Comparison |
CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
Using Meta-characters in E-mail Headers to Inject Malicious Payloads |
CWE-88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') |
CWE-150 | Improper Neutralization of Escape, Meta, or Control Sequences |
CWE-697 | Incorrect Comparison |
CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
Overflow Binary Resource File |
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
CWE-697 | Incorrect Comparison |
CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
Buffer Overflow via Symbolic Links |
CWE-20 | Improper Input Validation |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-118 | Incorrect Access of Indexable Resource ('Range Error') |
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
CWE-285 | Improper Authorization |
CWE-302 | Authentication Bypass by Assumed-Immutable Data |
CWE-680 | Integer Overflow to Buffer Overflow |
CWE-697 | Incorrect Comparison |
|
Double Encoding |
CWE-20 | Improper Input Validation |
CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CWE-172 | Encoding Error |
CWE-173 | Improper Handling of Alternate Encoding |
CWE-177 | Improper Handling of URL Encoding (Hex Encoding) |
CWE-181 | Incorrect Behavior Order: Validate Before Filter |
CWE-183 | Permissive List of Allowed Inputs |
CWE-184 | Incomplete List of Disallowed Inputs |
CWE-692 | Incomplete Denylist to Cross-Site Scripting |
CWE-697 | Incorrect Comparison |
|
Flash Injection |
CWE-20 | Improper Input Validation |
CWE-184 | Incomplete List of Disallowed Inputs |
CWE-697 | Incorrect Comparison |
|
Leverage Alternate Encoding |
CWE-20 | Improper Input Validation |
CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors |
CWE-73 | External Control of File Name or Path |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CWE-172 | Encoding Error |
CWE-173 | Improper Handling of Alternate Encoding |
CWE-180 | Incorrect Behavior Order: Validate Before Canonicalize |
CWE-181 | Incorrect Behavior Order: Validate Before Filter |
CWE-692 | Incomplete Denylist to Cross-Site Scripting |
CWE-697 | Incorrect Comparison |
|
Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
CWE-20 | Improper Input Validation |
CWE-41 | Improper Resolution of Path Equivalence |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CWE-172 | Encoding Error |
CWE-173 | Improper Handling of Alternate Encoding |
CWE-179 | Incorrect Behavior Order: Early Validation |
CWE-180 | Incorrect Behavior Order: Validate Before Canonicalize |
CWE-181 | Incorrect Behavior Order: Validate Before Filter |
CWE-183 | Permissive List of Allowed Inputs |
CWE-184 | Incomplete List of Disallowed Inputs |
CWE-697 | Incorrect Comparison |
CWE-707 | Improper Neutralization |
|
Exploiting Multiple Input Interpretation Layers |
CWE-20 | Improper Input Validation |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CWE-179 | Incorrect Behavior Order: Early Validation |
CWE-181 | Incorrect Behavior Order: Validate Before Filter |
CWE-183 | Permissive List of Allowed Inputs |
CWE-184 | Incomplete List of Disallowed Inputs |
CWE-697 | Incorrect Comparison |
CWE-707 | Improper Neutralization |
|
User-Controlled Filename |
CWE-20 | Improper Input Validation |
CWE-86 | Improper Neutralization of Invalid Characters in Identifiers in Web Pages |
CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
CWE-116 | Improper Encoding or Escaping of Output |
CWE-184 | Incomplete List of Disallowed Inputs |
CWE-348 | Use of Less Trusted Source |
CWE-350 | Reliance on Reverse DNS Resolution for a Security-Critical Action |
CWE-697 | Incorrect Comparison |
|
Forced Integer Overflow |
CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
CWE-122 | Heap-based Buffer Overflow |
CWE-128 | Wrap-around Error |
CWE-190 | Integer Overflow or Wraparound |
CWE-196 | Unsigned to Signed Conversion Error |
CWE-680 | Integer Overflow to Buffer Overflow |
CWE-697 | Incorrect Comparison |
|