CAPEC Related Weakness
Web Logs Tampering
CWE-20 Improper Input Validation
CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116 Improper Encoding or Escaping of Output
CWE-117 Improper Output Neutralization for Logs
CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences
CWE-221 Information Loss or Omission
CWE-276 Incorrect Default Permissions
CWE-279 Incorrect Execution-Assigned Permissions
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Log Injection-Tampering-Forging
CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
CWE-117 Improper Output Neutralization for Logs
CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Command Delimiters
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-138 Improper Neutralization of Special Elements
CWE-140 Improper Neutralization of Delimiters
CWE-146 Improper Neutralization of Expression/Command Delimiters
CWE-154 Improper Neutralization of Variable Name Delimiters
CWE-157 Failure to Sanitize Paired Delimiters
CWE-184 Incomplete List of Disallowed Inputs
CWE-185 Incorrect Regular Expression
CWE-697 Incorrect Comparison
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
HTTP Response Splitting
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Argument Injection
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-146 Improper Neutralization of Expression/Command Delimiters
CWE-184 Incomplete List of Disallowed Inputs
CWE-185 Incorrect Regular Expression
CWE-697 Incorrect Comparison
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Manipulating Writeable Configuration Files
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-99 Improper Control of Resource Identifiers ('Resource Injection')
CWE-346 Origin Validation Error
CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-353 Missing Support for Integrity Check
CWE-354 Improper Validation of Integrity Check Value
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
XQuery Injection
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-707 Improper Neutralization
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
XML Injection
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-91 XML Injection (aka Blind XPath Injection)
CWE-707 Improper Neutralization
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Blind SQL Injection
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-209 Generation of Error Message Containing Sensitive Information
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Server Side Include (SSI) Injection
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-97 Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Client-side Injection-induced Buffer Overflow
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-353 Missing Support for Integrity Check
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences
CWE-697 Incorrect Comparison
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Overflow Binary Resource File
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-697 Incorrect Comparison
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
XPath Injection
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-91 XML Injection (aka Blind XPath Injection)
CWE-707 Improper Neutralization
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
OS Command Injection
CWE-20 Improper Input Validation
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-697 Incorrect Comparison
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws