User-Controlled Filename |
CWE-20
|
Improper Input Validation
|
CWE-86
|
Improper Neutralization of Invalid Characters in Identifiers in Web Pages
|
CWE-96
|
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
|
CWE-116
|
Improper Encoding or Escaping of Output
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
CWE-348
|
Use of Less Trusted Source
|
CWE-350
|
Reliance on Reverse DNS Resolution for a Security-Critical Action
|
CWE-697
|
Incorrect Comparison
|
|
AJAX Footprinting |
CWE-20
|
Improper Input Validation
|
CWE-79
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
CWE-86
|
Improper Neutralization of Invalid Characters in Identifiers in Web Pages
|
CWE-96
|
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
|
CWE-113
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
|
CWE-116
|
Improper Encoding or Escaping of Output
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
CWE-348
|
Use of Less Trusted Source
|
CWE-692
|
Incomplete Denylist to Cross-Site Scripting
|
CWE-712
|
OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS)
|
|
Manipulating User-Controlled Variables |
CWE-15
|
External Control of System or Configuration Setting
|
CWE-94
|
Improper Control of Generation of Code ('Code Injection')
|
CWE-96
|
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
|
CWE-285
|
Improper Authorization
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
CWE-473
|
PHP External Variable Modification
|
CWE-1321
|
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
|
Web Logs Tampering |
CWE-20
|
Improper Input Validation
|
CWE-75
|
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
|
CWE-93
|
Improper Neutralization of CRLF Sequences ('CRLF Injection')
|
CWE-96
|
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
|
CWE-116
|
Improper Encoding or Escaping of Output
|
CWE-117
|
Improper Output Neutralization for Logs
|
CWE-150
|
Improper Neutralization of Escape, Meta, or Control Sequences
|
CWE-221
|
Information Loss or Omission
|
CWE-276
|
Incorrect Default Permissions
|
CWE-279
|
Incorrect Execution-Assigned Permissions
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
Leverage Executable Code in Non-Executable Files |
CWE-59
|
Improper Link Resolution Before File Access ('Link Following')
|
CWE-94
|
Improper Control of Generation of Code ('Code Injection')
|
CWE-95
|
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
|
CWE-96
|
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
|
CWE-97
|
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
|
CWE-264
|
Permissions, Privileges, and Access Controls
|
CWE-270
|
Privilege Context Switching Error
|
CWE-272
|
Least Privilege Violation
|
CWE-275
|
Permission Issues
|
CWE-282
|
Improper Ownership Management
|
CWE-714
|
OWASP Top Ten 2007 Category A3 - Malicious File Execution
|
|