Manipulating Web Input to File System Calls |
CWE-15
|
External Control of System or Configuration Setting
|
CWE-22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
CWE-23
|
Relative Path Traversal
|
CWE-59
|
Improper Link Resolution Before File Access ('Link Following')
|
CWE-73
|
External Control of File Name or Path
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
CWE-264
|
Permissions, Privileges, and Access Controls
|
CWE-272
|
Least Privilege Violation
|
CWE-285
|
Improper Authorization
|
CWE-346
|
Origin Validation Error
|
CWE-348
|
Use of Less Trusted Source
|
CWE-715
|
OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference
|
|
Command Injection |
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
|
Manipulating Writeable Terminal Devices |
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
|
Exploiting Multiple Input Interpretation Layers |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
CWE-78
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
|
CWE-171
|
|
CWE-179
|
Incorrect Behavior Order: Early Validation
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
CWE-183
|
Permissive List of Allowed Inputs
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
CWE-697
|
Incorrect Comparison
|
CWE-707
|
Improper Neutralization
|
|
LDAP Injection |
CWE-20
|
Improper Input Validation
|
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
CWE-90
|
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
|
|
Command Delimiters |
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
CWE-78
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
|
CWE-93
|
Improper Neutralization of CRLF Sequences ('CRLF Injection')
|
CWE-138
|
Improper Neutralization of Special Elements
|
CWE-140
|
Improper Neutralization of Delimiters
|
CWE-146
|
Improper Neutralization of Expression/Command Delimiters
|
CWE-154
|
Improper Neutralization of Variable Name Delimiters
|
CWE-157
|
Failure to Sanitize Paired Delimiters
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
CWE-185
|
Incorrect Regular Expression
|
CWE-697
|
Incorrect Comparison
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
IMAP/SMTP Command Injection |
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
|
Manipulating Writeable Configuration Files |
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
CWE-99
|
Improper Control of Resource Identifiers ('Resource Injection')
|
CWE-346
|
Origin Validation Error
|
CWE-349
|
Acceptance of Extraneous Untrusted Data With Trusted Data
|
CWE-353
|
Missing Support for Integrity Check
|
CWE-354
|
Improper Validation of Integrity Check Value
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|