CAPEC Related Weakness
Argument Injection
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-146 Improper Neutralization of Expression/Command Delimiters
CWE-184 Incomplete List of Disallowed Inputs
CWE-185 Incorrect Regular Expression
CWE-697 Incorrect Comparison
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Using Slashes and URL Encoding Combined to Bypass Validation Logic
CWE-20 Improper Input Validation
CWE-21
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-177 Improper Handling of URL Encoding (Hex Encoding)
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
String Format Overflow in syslog()
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-134 Use of Externally-Controlled Format String
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
OS Command Injection
CWE-20 Improper Input Validation
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-697 Incorrect Comparison
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences
CWE-697 Incorrect Comparison
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Overflow Binary Resource File
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-697 Incorrect Comparison
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Forced Integer Overflow
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-122 Heap-based Buffer Overflow
CWE-128 Wrap-around Error
CWE-190 Integer Overflow or Wraparound
CWE-196 Unsigned to Signed Conversion Error
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
Flash Injection
CWE-20 Improper Input Validation
CWE-184 Incomplete List of Disallowed Inputs
CWE-697 Incorrect Comparison
Using Escaped Slashes in Alternate Encoding
CWE-20 Improper Input Validation
CWE-21
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
Leverage Alternate Encoding
CWE-20 Improper Input Validation
CWE-21
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-692 Incomplete Denylist to Cross-Site Scripting
CWE-697 Incorrect Comparison
Overflow Variables and Tags
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
CWE-733 Compiler Optimization Removal or Modification of Security-critical Code
Blind SQL Injection
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-209 Generation of Error Message Containing Sensitive Information
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Buffer Overflow in an API Call
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
CWE-733 Compiler Optimization Removal or Modification of Security-critical Code
Client-side Injection-induced Buffer Overflow
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-353 Missing Support for Integrity Check
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Command Delimiters
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-138 Improper Neutralization of Special Elements
CWE-140 Improper Neutralization of Delimiters
CWE-146 Improper Neutralization of Expression/Command Delimiters
CWE-154 Improper Neutralization of Variable Name Delimiters
CWE-157 Failure to Sanitize Paired Delimiters
CWE-184 Incomplete List of Disallowed Inputs
CWE-185 Incorrect Regular Expression
CWE-697 Incorrect Comparison
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Filter Failure through Buffer Overflow
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
CWE-733 Compiler Optimization Removal or Modification of Security-critical Code
Exploiting Multiple Input Interpretation Layers
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-171
CWE-179 Incorrect Behavior Order: Early Validation
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-183 Permissive List of Allowed Inputs
CWE-184 Incomplete List of Disallowed Inputs
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
Buffer Overflow via Symbolic Links
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-285 Improper Authorization
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
Buffer Overflow via Parameter Expansion
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-130 Improper Handling of Length Parameter Inconsistency
CWE-131 Incorrect Calculation of Buffer Size
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
Using Unicode Encoding to Bypass Validation Logic
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-176 Improper Handling of Unicode Encoding
CWE-179 Incorrect Behavior Order: Early Validation
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-183 Permissive List of Allowed Inputs
CWE-184 Incomplete List of Disallowed Inputs
CWE-692 Incomplete Denylist to Cross-Site Scripting
CWE-697 Incorrect Comparison
HTTP Response Splitting
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Postfix, Null Terminate, and Backslash
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-158 Improper Neutralization of Null Byte or NUL Character
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
Buffer Overflow in Local Command-Line Utilities
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
CWE-733 Compiler Optimization Removal or Modification of Security-critical Code
Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CWE-20 Improper Input Validation
CWE-41 Improper Resolution of Path Equivalence
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-179 Incorrect Behavior Order: Early Validation
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-183 Permissive List of Allowed Inputs
CWE-184 Incomplete List of Disallowed Inputs
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
Embedding NULL Bytes
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-158 Improper Neutralization of Null Byte or NUL Character
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
Using Slashes in Alternate Encoding
CWE-20 Improper Input Validation
CWE-21
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-173 Improper Handling of Alternate Encoding
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-185 Incorrect Regular Expression
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
Buffer Overflow via Environment Variables
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-99 Improper Control of Resource Identifiers ('Resource Injection')
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
CWE-733 Compiler Optimization Removal or Modification of Security-critical Code
Double Encoding
CWE-20 Improper Input Validation
CWE-21
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-177 Improper Handling of URL Encoding (Hex Encoding)
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-183 Permissive List of Allowed Inputs
CWE-184 Incomplete List of Disallowed Inputs
CWE-692 Incomplete Denylist to Cross-Site Scripting
CWE-697 Incorrect Comparison
User-Controlled Filename
CWE-20 Improper Input Validation
CWE-86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116 Improper Encoding or Escaping of Output
CWE-184 Incomplete List of Disallowed Inputs
CWE-348 Use of Less Trusted Source
CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action
CWE-697 Incorrect Comparison
Using UTF-8 Encoding to Bypass Validation Logic
CWE-20 Improper Input Validation
CWE-21
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-692 Incomplete Denylist to Cross-Site Scripting
CWE-697 Incorrect Comparison