CAPEC | Related Weakness |
Web Logs Tampering |
CWE-20 | Improper Input Validation |
CWE-75 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) |
CWE-93 | Improper Neutralization of CRLF Sequences ('CRLF Injection') |
CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
CWE-116 | Improper Encoding or Escaping of Output |
CWE-117 | Improper Output Neutralization for Logs |
CWE-150 | Improper Neutralization of Escape, Meta, or Control Sequences |
CWE-221 | Information Loss or Omission |
CWE-276 | Incorrect Default Permissions |
CWE-279 | Incorrect Execution-Assigned Permissions |
CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
Leverage Executable Code in Non-Executable Files |
CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
CWE-94 | Improper Control of Generation of Code ('Code Injection') |
CWE-95 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') |
CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
CWE-97 | Improper Neutralization of Server-Side Includes (SSI) Within a Web Page |
CWE-264 | Permissions, Privileges, and Access Controls |
CWE-270 | Privilege Context Switching Error |
CWE-272 | Least Privilege Violation |
CWE-275 | Permission Issues |
CWE-282 | Improper Ownership Management |
CWE-714 | OWASP Top Ten 2007 Category A3 - Malicious File Execution |
|
AJAX Fingerprinting |
CWE-20 | Improper Input Validation |
CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
CWE-86 | Improper Neutralization of Invalid Characters in Identifiers in Web Pages |
CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
CWE-113 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') |
CWE-116 | Improper Encoding or Escaping of Output |
CWE-184 | Incomplete List of Disallowed Inputs |
CWE-348 | Use of Less Trusted Source |
CWE-692 | Incomplete Denylist to Cross-Site Scripting |
CWE-712 | OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS) |
|
Manipulating User-Controlled Variables |
CWE-15 | External Control of System or Configuration Setting |
CWE-94 | Improper Control of Generation of Code ('Code Injection') |
CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
CWE-285 | Improper Authorization |
CWE-302 | Authentication Bypass by Assumed-Immutable Data |
CWE-473 | PHP External Variable Modification |
|
User-Controlled Filename |
CWE-20 | Improper Input Validation |
CWE-86 | Improper Neutralization of Invalid Characters in Identifiers in Web Pages |
CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
CWE-116 | Improper Encoding or Escaping of Output |
CWE-184 | Incomplete List of Disallowed Inputs |
CWE-348 | Use of Less Trusted Source |
CWE-350 | Reliance on Reverse DNS Resolution for a Security-Critical Action |
CWE-697 | Incorrect Comparison |
|