Manipulating Writeable Configuration Files |
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
CWE-99
|
Improper Control of Resource Identifiers ('Resource Injection')
|
CWE-346
|
Origin Validation Error
|
CWE-349
|
Acceptance of Extraneous Untrusted Data With Trusted Data
|
CWE-353
|
Missing Support for Integrity Check
|
CWE-354
|
Improper Validation of Integrity Check Value
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
Client-side Injection-induced Buffer Overflow |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-118
|
Incorrect Access of Indexable Resource ('Range Error')
|
CWE-119
|
Improper Restriction of Operations within the Bounds of a Memory Buffer
|
CWE-120
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
|
CWE-353
|
Missing Support for Integrity Check
|
CWE-680
|
Integer Overflow to Buffer Overflow
|
CWE-697
|
Incorrect Comparison
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
Manipulating Opaque Client-based Data Tokens |
CWE-233
|
Improper Handling of Parameters
|
CWE-285
|
Improper Authorization
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
CWE-315
|
Cleartext Storage of Sensitive Information in a Cookie
|
CWE-353
|
Missing Support for Integrity Check
|
CWE-384
|
Session Fixation
|
CWE-472
|
External Control of Assumed-Immutable Web Parameter
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
CWE-565
|
Reliance on Cookies without Validation and Integrity Checking
|
|
Subverting Environment Variable Values |
CWE-15
|
External Control of System or Configuration Setting
|
CWE-20
|
Improper Input Validation
|
CWE-73
|
External Control of File Name or Path
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
CWE-285
|
Improper Authorization
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
CWE-353
|
Missing Support for Integrity Check
|
|
Content Spoofing Via Application API Manipulation |
CWE-353
|
Missing Support for Integrity Check
|
|
Manipulating State |
CWE-315
|
Cleartext Storage of Sensitive Information in a Cookie
|
CWE-353
|
Missing Support for Integrity Check
|
CWE-371
|
State Issues
|
CWE-372
|
Incomplete Internal State Distinction
|
CWE-693
|
Protection Mechanism Failure
|
CWE-1245
|
Improper Finite State Machines (FSMs) in Hardware Logic
|
CWE-1265
|
Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls
|
CWE-1271
|
Uninitialized Value on Reset for Registers Holding Security Settings
|
|