CAPEC Related Weakness
Using Slashes and URL Encoding Combined to Bypass Validation Logic
CWE-20 Improper Input Validation
CWE-21
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-177 Improper Handling of URL Encoding (Hex Encoding)
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
String Format Overflow in syslog()
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-134 Use of Externally-Controlled Format String
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
Using Unicode Encoding to Bypass Validation Logic
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-176 Improper Handling of Unicode Encoding
CWE-179 Incorrect Behavior Order: Early Validation
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-183 Permissive List of Allowed Inputs
CWE-184 Incomplete List of Disallowed Inputs
CWE-692 Incomplete Denylist to Cross-Site Scripting
CWE-697 Incorrect Comparison
XPath Injection
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-91 XML Injection (aka Blind XPath Injection)
CWE-707 Improper Neutralization
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Buffer Overflow in Local Command-Line Utilities
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
CWE-733 Compiler Optimization Removal or Modification of Security-critical Code
Embedding NULL Bytes
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-158 Improper Neutralization of Null Byte or NUL Character
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
URL Encoding
CWE-20 Improper Input Validation
CWE-21
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-177 Improper Handling of URL Encoding (Hex Encoding)
Using Escaped Slashes in Alternate Encoding
CWE-20 Improper Input Validation
CWE-21
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
MIME Conversion
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Buffer Overflow via Parameter Expansion
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-130 Improper Handling of Length Parameter Inconsistency
CWE-131 Incorrect Calculation of Buffer Size
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
Poison Web Service Registry
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-285 Improper Authorization
CWE-693 Protection Mechanism Failure
Manipulating Web Input to File System Calls
CWE-15 External Control of System or Configuration Setting
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23 Relative Path Traversal
CWE-59 Improper Link Resolution Before File Access ('Link Following')
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-264 Permissions, Privileges, and Access Controls
CWE-272 Least Privilege Violation
CWE-285 Improper Authorization
CWE-346 Origin Validation Error
CWE-348 Use of Less Trusted Source
CWE-715 OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference
XQuery Injection
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-707 Improper Neutralization
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Buffer Overflow via Environment Variables
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-99 Improper Control of Resource Identifiers ('Resource Injection')
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
CWE-733 Compiler Optimization Removal or Modification of Security-critical Code
Server Side Include (SSI) Injection
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-97 Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Command Line Execution through SQL Injection
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-114 Process Control
Double Encoding
CWE-20 Improper Input Validation
CWE-21
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-177 Improper Handling of URL Encoding (Hex Encoding)
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-183 Permissive List of Allowed Inputs
CWE-184 Incomplete List of Disallowed Inputs
CWE-692 Incomplete Denylist to Cross-Site Scripting
CWE-697 Incorrect Comparison
Format String Injection
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-133 String Errors
CWE-134 Use of Externally-Controlled Format String
Client-side Injection-induced Buffer Overflow
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-353 Missing Support for Integrity Check
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
HTTP Response Smuggling
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-436 Interpretation Conflict
HTTP Response Splitting
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Exploiting Multiple Input Interpretation Layers
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-171
CWE-179 Incorrect Behavior Order: Early Validation
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-183 Permissive List of Allowed Inputs
CWE-184 Incomplete List of Disallowed Inputs
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
Overflow Variables and Tags
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
CWE-733 Compiler Optimization Removal or Modification of Security-critical Code
Using Slashes in Alternate Encoding
CWE-20 Improper Input Validation
CWE-21
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-173 Improper Handling of Alternate Encoding
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-185 Incorrect Regular Expression
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
Filter Failure through Buffer Overflow
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
CWE-733 Compiler Optimization Removal or Modification of Security-critical Code
Fuzzing
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-388 7PK - Errors
Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CWE-20 Improper Input Validation
CWE-41 Improper Resolution of Path Equivalence
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-179 Incorrect Behavior Order: Early Validation
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-183 Permissive List of Allowed Inputs
CWE-184 Incomplete List of Disallowed Inputs
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
Argument Injection
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-146 Improper Neutralization of Expression/Command Delimiters
CWE-184 Incomplete List of Disallowed Inputs
CWE-185 Incorrect Regular Expression
CWE-697 Incorrect Comparison
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Buffer Overflow in an API Call
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
CWE-733 Compiler Optimization Removal or Modification of Security-critical Code
Subverting Environment Variable Values
CWE-15 External Control of System or Configuration Setting
CWE-20 Improper Input Validation
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-285 Improper Authorization
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-353 Missing Support for Integrity Check
XML Injection
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-91 XML Injection (aka Blind XPath Injection)
CWE-707 Improper Neutralization
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Leverage Alternate Encoding
CWE-20 Improper Input Validation
CWE-21
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-692 Incomplete Denylist to Cross-Site Scripting
CWE-697 Incorrect Comparison
Buffer Overflow via Symbolic Links
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-285 Improper Authorization
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
Postfix, Null Terminate, and Backslash
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-158 Improper Neutralization of Null Byte or NUL Character
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
Blind SQL Injection
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-209 Generation of Error Message Containing Sensitive Information
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Using UTF-8 Encoding to Bypass Validation Logic
CWE-20 Improper Input Validation
CWE-21
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-692 Incomplete Denylist to Cross-Site Scripting
CWE-697 Incorrect Comparison