Weakness browsing - CVE-Search

CAPEC

Related Weakness

Argument Injection

CWE-74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-146	Improper Neutralization of Expression/Command Delimiters
CWE-184	Incomplete List of Disallowed Inputs
CWE-185	Incorrect Regular Expression
CWE-697	Incorrect Comparison
CWE-713	OWASP Top Ten 2007 Category A2 - Injection Flaws

Log Injection-Tampering-Forging

CWE-75	Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
CWE-117	Improper Output Neutralization for Logs
CWE-150	Improper Neutralization of Escape, Meta, or Control Sequences
CWE-713	OWASP Top Ten 2007 Category A2 - Injection Flaws

OS Command Injection

CWE-20	Improper Input Validation
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-88	Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-697	Incorrect Comparison
CWE-713	OWASP Top Ten 2007 Category A2 - Injection Flaws

Using Meta-characters in E-mail Headers to Inject Malicious Payloads

CWE-88	Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-150	Improper Neutralization of Escape, Meta, or Control Sequences
CWE-697	Incorrect Comparison
CWE-713	OWASP Top Ten 2007 Category A2 - Injection Flaws

Overflow Binary Resource File

CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-697	Incorrect Comparison
CWE-713	OWASP Top Ten 2007 Category A2 - Injection Flaws

Manipulating Writeable Configuration Files

CWE-77	Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-99	Improper Control of Resource Identifiers ('Resource Injection')
CWE-346	Origin Validation Error
CWE-349	Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-353	Missing Support for Integrity Check
CWE-354	Improper Validation of Integrity Check Value
CWE-713	OWASP Top Ten 2007 Category A2 - Injection Flaws

XQuery Injection

CWE-74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-707	Improper Neutralization
CWE-713	OWASP Top Ten 2007 Category A2 - Injection Flaws

Blind SQL Injection

CWE-20	Improper Input Validation
CWE-74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-209	Generation of Error Message Containing Sensitive Information
CWE-697	Incorrect Comparison
CWE-707	Improper Neutralization
CWE-713	OWASP Top Ten 2007 Category A2 - Injection Flaws

Client-side Injection-induced Buffer Overflow

CWE-20	Improper Input Validation
CWE-74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118	Incorrect Access of Indexable Resource ('Range Error')
CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-353	Missing Support for Integrity Check
CWE-680	Integer Overflow to Buffer Overflow
CWE-697	Incorrect Comparison
CWE-713	OWASP Top Ten 2007 Category A2 - Injection Flaws

Command Delimiters

CWE-77	Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-93	Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-138	Improper Neutralization of Special Elements
CWE-140	Improper Neutralization of Delimiters
CWE-146	Improper Neutralization of Expression/Command Delimiters
CWE-154	Improper Neutralization of Variable Name Delimiters
CWE-157	Failure to Sanitize Paired Delimiters
CWE-184	Incomplete List of Disallowed Inputs
CWE-185	Incorrect Regular Expression
CWE-697	Incorrect Comparison
CWE-713	OWASP Top Ten 2007 Category A2 - Injection Flaws

HTTP Response Splitting

CWE-74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-113	Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-697	Incorrect Comparison
CWE-707	Improper Neutralization
CWE-713	OWASP Top Ten 2007 Category A2 - Injection Flaws

CWE-20	Improper Input Validation
CWE-74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-91	XML Injection (aka Blind XPath Injection)
CWE-707	Improper Neutralization
CWE-713	OWASP Top Ten 2007 Category A2 - Injection Flaws

XPath Injection

CWE-20	Improper Input Validation
CWE-74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-91	XML Injection (aka Blind XPath Injection)
CWE-707	Improper Neutralization
CWE-713	OWASP Top Ten 2007 Category A2 - Injection Flaws

Server Side Include (SSI) Injection

CWE-20	Improper Input Validation
CWE-74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-97	Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
CWE-713	OWASP Top Ten 2007 Category A2 - Injection Flaws

Web Logs Tampering

CWE-20	Improper Input Validation
CWE-75	Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
CWE-93	Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-96	Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116	Improper Encoding or Escaping of Output
CWE-117	Improper Output Neutralization for Logs
CWE-150	Improper Neutralization of Escape, Meta, or Control Sequences
CWE-221	Information Loss or Omission
CWE-276	Incorrect Default Permissions
CWE-279	Incorrect Execution-Assigned Permissions
CWE-713	OWASP Top Ten 2007 Category A2 - Injection Flaws