Argument Injection |
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-78
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
|
CWE-146
|
Improper Neutralization of Expression/Command Delimiters
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
CWE-185
|
Incorrect Regular Expression
|
CWE-697
|
Incorrect Comparison
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
Log Injection-Tampering-Forging |
CWE-75
|
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
|
CWE-117
|
Improper Output Neutralization for Logs
|
CWE-150
|
Improper Neutralization of Escape, Meta, or Control Sequences
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
OS Command Injection |
CWE-20
|
Improper Input Validation
|
CWE-78
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
|
CWE-88
|
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
|
CWE-697
|
Incorrect Comparison
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
Using Meta-characters in E-mail Headers to Inject Malicious Payloads |
CWE-88
|
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
|
CWE-150
|
Improper Neutralization of Escape, Meta, or Control Sequences
|
CWE-697
|
Incorrect Comparison
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
Overflow Binary Resource File |
CWE-119
|
Improper Restriction of Operations within the Bounds of a Memory Buffer
|
CWE-120
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
|
CWE-697
|
Incorrect Comparison
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
Manipulating Writeable Configuration Files |
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
CWE-99
|
Improper Control of Resource Identifiers ('Resource Injection')
|
CWE-346
|
Origin Validation Error
|
CWE-349
|
Acceptance of Extraneous Untrusted Data With Trusted Data
|
CWE-353
|
Missing Support for Integrity Check
|
CWE-354
|
Improper Validation of Integrity Check Value
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
XQuery Injection |
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-707
|
Improper Neutralization
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
Blind SQL Injection |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-89
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
|
CWE-209
|
Generation of Error Message Containing Sensitive Information
|
CWE-697
|
Incorrect Comparison
|
CWE-707
|
Improper Neutralization
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
Client-side Injection-induced Buffer Overflow |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-118
|
Incorrect Access of Indexable Resource ('Range Error')
|
CWE-119
|
Improper Restriction of Operations within the Bounds of a Memory Buffer
|
CWE-120
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
|
CWE-353
|
Missing Support for Integrity Check
|
CWE-680
|
Integer Overflow to Buffer Overflow
|
CWE-697
|
Incorrect Comparison
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
Command Delimiters |
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
CWE-78
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
|
CWE-93
|
Improper Neutralization of CRLF Sequences ('CRLF Injection')
|
CWE-138
|
Improper Neutralization of Special Elements
|
CWE-140
|
Improper Neutralization of Delimiters
|
CWE-146
|
Improper Neutralization of Expression/Command Delimiters
|
CWE-154
|
Improper Neutralization of Variable Name Delimiters
|
CWE-157
|
Failure to Sanitize Paired Delimiters
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
CWE-185
|
Incorrect Regular Expression
|
CWE-697
|
Incorrect Comparison
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
HTTP Response Splitting |
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-113
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
|
CWE-697
|
Incorrect Comparison
|
CWE-707
|
Improper Neutralization
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
XML Injection |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-91
|
XML Injection (aka Blind XPath Injection)
|
CWE-707
|
Improper Neutralization
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
XPath Injection |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-91
|
XML Injection (aka Blind XPath Injection)
|
CWE-707
|
Improper Neutralization
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
Server Side Include (SSI) Injection |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-97
|
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
Web Logs Tampering |
CWE-20
|
Improper Input Validation
|
CWE-75
|
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
|
CWE-93
|
Improper Neutralization of CRLF Sequences ('CRLF Injection')
|
CWE-96
|
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
|
CWE-116
|
Improper Encoding or Escaping of Output
|
CWE-117
|
Improper Output Neutralization for Logs
|
CWE-150
|
Improper Neutralization of Escape, Meta, or Control Sequences
|
CWE-221
|
Information Loss or Omission
|
CWE-276
|
Incorrect Default Permissions
|
CWE-279
|
Incorrect Execution-Assigned Permissions
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|