CAPEC | Related Weakness |
Manipulating Web Input to File System Calls |
CWE-15 | External Control of System or Configuration Setting |
CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
CWE-23 | Relative Path Traversal |
CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
CWE-73 | External Control of File Name or Path |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
CWE-264 | Permissions, Privileges, and Access Controls |
CWE-272 | Least Privilege Violation |
CWE-285 | Improper Authorization |
CWE-346 | Origin Validation Error |
CWE-348 | Use of Less Trusted Source |
CWE-715 | OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference |
|
Command Injection |
CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
|
Manipulating Writeable Configuration Files |
CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
CWE-99 | Improper Control of Resource Identifiers ('Resource Injection') |
CWE-346 | Origin Validation Error |
CWE-349 | Acceptance of Extraneous Untrusted Data With Trusted Data |
CWE-353 | Missing Support for Integrity Check |
CWE-354 | Improper Validation of Integrity Check Value |
CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
LDAP Injection |
CWE-20 | Improper Input Validation |
CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
CWE-90 | Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
|
Command Delimiters |
CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
CWE-93 | Improper Neutralization of CRLF Sequences ('CRLF Injection') |
CWE-138 | Improper Neutralization of Special Elements |
CWE-140 | Improper Neutralization of Delimiters |
CWE-146 | Improper Neutralization of Expression/Command Delimiters |
CWE-154 | Improper Neutralization of Variable Name Delimiters |
CWE-157 | Failure to Sanitize Paired Delimiters |
CWE-184 | Incomplete List of Disallowed Inputs |
CWE-185 | Incorrect Regular Expression |
CWE-697 | Incorrect Comparison |
CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
IMAP/SMTP Command Injection |
CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
|
Manipulating Writeable Terminal Devices |
CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
|
Exploiting Multiple Input Interpretation Layers |
CWE-20 | Improper Input Validation |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
CWE-179 | Incorrect Behavior Order: Early Validation |
CWE-181 | Incorrect Behavior Order: Validate Before Filter |
CWE-183 | Permissive List of Allowed Inputs |
CWE-184 | Incomplete List of Disallowed Inputs |
CWE-697 | Incorrect Comparison |
CWE-707 | Improper Neutralization |
|