reputation-importer

Vulneranet Project: Collaborative tools and processes of detection, prediction and correction of Web application vulnerabilities to developers and security auditors

wiktionary
sortonlanguagename
entry.py
header.py
headertest.py
meaning.py
meaningtest.py
sortonlanguagename.py
structs.py
term.py
termtest.py
testall.sh
wiktionarypage.py
wiktionarypagetest.py
watchlists
README
watchlist-mediawiki-en.dat
userinterfaces
cgi_interface.py
terminal_interface.py
terminal_interface.pyc
tkinter_interface.py
transliteration.py
transliteration.pyc
wxpython_interface.py
tests
data
test_userlib.py
test_utils.py
test_wiktionary.py
test_xml.py
test_xmlreader.py
__init__.py
spelling
README
spelling-en.txt
spelling-fr.txt
spelling-it.txt
spelling-nl.txt
spelling-pt.txt
spelling-vo.txt
simplejson
tests
decoder.py
encoder.py
scanner.py
tool.py
_speedups.c
__init__.py
pywikibot
exceptions.py
exceptions.pyc
textlib.py
textlib.pyc
throttle.ctrl
throttle.py
throttle.pyc
__init__.py
__init__.pyc
maintenance
cleanident
family_check.py
preferences.py
readtalk.py
setmail.py
update_namespaces.py
wikimedia_sites.py
logs
README
commands.log
login-data
README
mediawiki-en-Administrador-login.data
mediawiki-en-None-login.data
mediawiki-mediawiki-None-login.data
interwiki-graphs
README
interwiki-dumps
README
i18n
messages_en.py
featured
README
families
anarchopedia_family.py
battlestarwiki_family.py
betawiki_family.py
botwiki_family.py
celtic_family.py
commons_family.py
fon_family.py
freeciv_family.py
gentoo_family.py
i18n_family.py
incubator_family.py
krefeldwiki_family.py
lockwiki_family.py
loveto_family.py
lyricwiki_family.py
mac_wikia_family.py
mediawiki_family.py
memoryalpha_family.py
meta_family.py
mozilla_family.py
omegawiki_family.py
openttd_family.py
osm_family.py
pakanto_family.py
README-family.txt
scratchpad_wikia_family.py
southernapproach_family.py
species_family.py
strategy_family.py
supertux_family.py
test_family.py
twcareer_family.py
ubuntutw_family.py
uncyclopedia_family.py
vikidia_family.py
wekey_family.py
wesolve_family.py
wikia_family.py
wikibond_family.py
wikibooks_family.py
wikinews_family.py
wikipedia_family.py
wikipedia_family.pyc
wikiquote_family.py
wikisource_family.py
wikitech_family.py
wikitravel_family.py
wikitravel_shared_family.py
wikiversity_family.py
wiktionary_family.py
wowwiki_family.py
disambiguations
README
deadlinks
README
copyright
exclusion_list.txt
site_protected_list.txt
commonsdelinker
plugins
checkusage.py
delinker.py
delinker.txt
image_replacer.py
plugins.txt
threadpool.py
category
cache
botlists
README
archive
are-identical.py
brackethttp.py
check_extern.py
CommonsPictureOfTheDay.py
copy_table.py
extract_names.py
featuredcount.py
getimages.py
mediawiki_messages.py
refcheck.py
sqldump.py
test.py
translator.py
WdT.py
WdTXMLParser.py
windows_chars.py
README
LICENSE
CONTENTS
xmlreader.pyc
add_text.py
add_text.pyc
archivebot.py
articlenos.py
basic.py
basic.pyc
BeautifulSoup.py
BeautifulSoup.pyc
blockpageschecker.py
blockreview.py
botlist.py
capec_v.0.3
capitalize_redirects.py
casechecker.py
catall.py
category.py
category.pyc
category_redirect.py
catlib.py
catlib.pyc
censure.py
cfd.py
checkimages.py
clean_sandbox.py
commons_category_redirect.py
commons_link.py
commonscat.py
config.py
config.pyc
copyright.py
copyright_clean.py
copyright_put.py
cosmetic_changes.py
createFromFiles-capec.py
createFromFiles-cwe.py
cwe_v.0.3
daemonize.py
date.py
date.pyc
deledpimage.py
delete.py
delete.pyc
deleteEscapeCharacterFromOntology.sh
delinker.py
disambredir.py
diskcache.py
djvutext.py
editarticle.py
element_ow_v.0.9.txt
exist_capec_v.0.3
exist_cwe_v.0.3
extract_wikilinks.py
family.py
family.pyc
featured.py
fixes.py
fixing_redirects.py
flickrripper.py
followlive.py
generate_family_file.py
generate_user_files.py
get.py
gui.py
image.py
imagecopy.py
imagecopy_enwp.py
imagecopy_self.py
imageharvest.py
imagerecat.py
imagetransfer.py
imageuncat.py
importOntology.py
inline_images.py
interwiki.py
interwiki_graph.py
isbn.py
login.py
login.pyc
logindata.py
lonelypages.py
maintainer.py
maintcont.py
makecat.py
match_images.py
misspelling.py
movepages.py
mysql_autoconnection.py
noreferences.py
nowcommons.py
owaspedia_v0.9-1.owl
owaspedia_v0.9.owl
pagefromfile.py
pagegenerators.py
pagegenerators.pyc
pageimport.py
panoramiopicker.py
piper.py
protect.py
putUserReputation.py
query.py
query.pyc
rciw.py
rcsort.py
redirect.py
reflinks.py
replace.py
reputationImporter.sh
revertbot.py
saveHTML.py
selflink.py
simple_family.py
solve_disambiguation.py
spamremove.py
speedy_delete.py
spellcheck.py
splitwarning.py
standardize_interwiki.py
standardize_notes.py
statistics_in_wikitable.py
table2wiki.py
template.py
templatecount.py
testfamily.py
titletranslate.py
touch.py
udp-log.py
unlink.py
unusedfiles.py
upload.py
userAccounts.py
user-config.py
user-fixes.py
userlib.py
userlib.pyc
userReputation.py
us-states.py
version.py
version.pyc
warnfile.py
watchlist.py
watchlist.pyc
weblinkchecker.py
welcome.py
wikicomserver.py
wikipedia.py
wikipedia.pyc
wikipediatools.py
wikipediatools.pyc
wiktionary.py
xmlreader.py
reputationImporter.bat
reputationWiki_v0.4.jar
capec_v0.3
Accessing/Intercepting/Modifying HTTP Cookies
Accessing, Modifying or Executing Executable Files
Analog In-band Switching Signals (aka Blue Boxing)
Application API Button Hijacking
Attack through Shared Data
Authentication Bypass
Block Access to Libraries
Buffer Overflow via Parameter Expansion
Buffer Overflow via Symbolic Links
Bypassing ATA Password Security
Bypassing of Intermediate Forms in Multiple-Form Sets
Cache Poisoning
Calling signed code from another language within a sandbox that allows this
CapecToOntology_v.0.3.zip
Catching exception throw/signal from privileged block
Category:Abuse of Communication Channels
Category:Abuse of Functionality
Category:Accessing Functionality Not Properly Constrained by ACLs
Category:Action Spoofing
Category:Active OS Fingerprinting
Category:Analytic Attacks
Category:API Abuse/Misuse
Category:Application API Message Manipulation via Man-in-the-Middle
Category:Application API Navigation Remapping
Category:Argument Injection
Category:Audit Log Manipulation
Category:Authentication Abuse
Category:Blind SQL Injection
Category:Brute Force
Category:Buffer Attacks
Category:Buffer Overflow in an API Call
Category:Buffer Overflow in Local Command-Line Utilities
Category:Buffer Overflow via Environment Variables
Category:Bypassing Card or Badge-Based Systems
Category:Bypassing Electronic Locks and Access Controls
Category:Bypassing Physical Locks
Category:Bypassing Physical Security of Systems or Facilities
Category:Character Injection
Category:Clickjacking
Category:Client-Server Protocol Manipulation
Category:Code Inclusion
Category:Code Injection
Category:Command Delimiters
Category:Command Injection
Category:Common resource location exploration
Category:Configuration/Environment manipulation
Category:Content Spoofing
Category:Data Excavation Attacks
Category:Data Interception Attacks
Category:Data Leakage Attacks
Category:Data Structure Attacks
Category:Email Injection
Category:Embedding NULL Bytes
Category:Embedding Script (XSS ) in HTTP Headers
Category:Embedding Scripts in Nonscript Elements
Category:Encryption Brute Forcing
Category:Environment variable manipulation
Category:Exploitation of Authentication
Category:Exploitation of Authorization
Category:Exploitation of Privilege/Trust
Category:Exploitation of Session Variables, Resource IDs and other Trusted Credentials
Category:Exploiting Trust in Client (aka Make the Client Invisible)
Category:File Manipulation
Category:Fingerprinting
Category:Fingerprinting Remote Operating Systems
Category:Flash Injection
Category:Footprinting
Category:Forceful Browsing
Category:Functionality Misuse
Category:Global variable manipulation
Category:Hacking Hardware Devices or Components
Category:Hijacking a Privileged Thread of Execution
Category:Host Discovery
Category:HTTP Request Splitting
Category:ICMP Fingerprinting Probes
Category:Identity Spoofing (Impersonation)
Category:Information Elicitation via Social Engineering
Category:Infrastructure Manipulation
Category:Infrastructure-based footprinting
Category:Injection (Injecting Control Plane content through the Data Plane)
Category:Input Data Manipulation
Category:Integer Attacks
Category:IP Fingerprinting Probes
Category:Leverage Alternate Encoding
Category:Leveraging Race Conditions
Category:Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
Category:Lifting cached, sensitive data embedded in client distributions (thick or thin)
Category:Lifting Data Embedded in Client Distributions
Category:Lifting Sensitive Data from the Client
Category:Log Injection-Tampering-Forging
Category:Malicious Logic Inserted Into Product
Category:Malicious Logic Inserted Into Product Software
Category:Malicious Logic Insertion into Product Hardware
Category:Malicious Logic Insertion into Product Memory
Category:Malicious Logic Insertion into Product Software via Externally Manipulated Component
Category:Malicious Logic Insertion via Counterfeit Hardware
Category:Malicious Software Download
Category:Malicious Software Update
Category:Malware Infection into Product Software
Category:Malware Propagation via USB Stick
Category:Man in the Middle Attack
Category:Manipulate Canonicalization
Category:Manipulating Opaque Client-based Data Tokens
Category:Manipulating User State
Category:Manipulating User-Controlled Variables
Category:Network Reconnaissance
Category:Overflow Buffers
Category:Parameter Injection
Category:Passively Sniff and Capture Application Code Bound for Authorized Client
Category:Password Brute Forcing
Category:Path Traversal
Category:Phishing
Category:Physical Security Attacks
Category:Port Scanning
Category:Privilege Escalation
Category:Probabilistic Techniques
Category:Probing an Application Through Targeting its Error Reporting
Category:Protocol Manipulation
Category:Registry Manipulation
Category:Remote Code Inclusion
Category:Removing Important Functionality from the Client
Category:Removing/short-circuiting 'guard logic'
Category:Resource Depletion
Category:Resource Depletion through Allocation
Category:Resource Injection
Category:Resource Location Attacks
Category:Resource Manipulation
Category:Reverse Engineer an Executable to Expose Assumed Hidden Functionality or Content
Category:Reverse Engineering
Category:Scanning for Devices, Systems, or Routes
Category:Scanning for Vulnerable Software
Category:Schema Poisoning
Category:Script Injection
Category:Session Credential Falsification through Forging
Category:Simple Script Injection
Category:Sniffing Attacks
Category:Sniffing Information Sent Over Public/multicast Networks
Category:Soap Manipulation
Category:SOAP Parameter Tampering
Category:Social Engineering Attacks
Category:Social Information Gathering Attacks
Category:Social Information Gathering via Pretexting
Category:Software Integrity Attacks
Category:Software Reverse Engineering
Category:Spoofing
Category:SQL Injection
Category:String Format Overflow in syslog()
Category:Subvert Code-signing Facilities
Category:Subverting Environment Variable Values
Category:Supply Chain Attacks
Category:Target Influence via Micro-Expressions
Category:Target Influence via Neuro-Linguistic Programming (NLP)
Category:Target Influence via Perception of Reciprocation
Category:Target Influence via Psychological Principles
Category:Target Influence via Social Engineering
Category:TCP/IP Fingerprinting Probes
Category:Time and State Attacks
Category:Transaction or Event Tampering via Application API Manipulation
Category:URL Encoding
Category:Using Slashes in Alternate Encoding
Category:Variable Manipulation
Category:Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
Category:Web Services Protocol Manipulation
Category:XEE (XML Entity Expansion)
Category:XML Injection
Category:XML Parser Attack
Cause Web Server Misclassification
Checksum Spoofing
Choosing a Message/Channel Identifier on a Public/Multicast Channel
Client Network Footprinting (using AJAX/XSS)
Client-side Injection-induced Buffer Overflow
Cloning Magnetic Strip Cards
Cloning RFID Cards or Chips
Command Line Execution through SQL Injection
Content Spoofing Via Application API Manipulation
Craft a Maliciously Misconfigured Registry
Create files with the same name as files protected with a higher classification
Create Malicious Client
Cross Site Request Forgery (aka Session Riding)
Cross Site Scripting through Log Files
Cross Site Tracing
Cross Zone Scripting
Cross-Site Flashing
Cross-Site Scripting in Attributes
Cross-Site Scripting in Error Pages
Cross-Site Scripting Using Alternate Syntax
Cross-Site Scripting Using Doubled Characters, e.g. %253C%253Cscript
Cross-Site Scripting Using Flash
Cross-Site Scripting Using MIME Type Mismatch
Cross-Site Scripting via Encoded URI Schemes
Cross-Site Scripting with Masking through Invalid Characters in Identifiers
Cryptanalysis
Data Interchange Protocol Manipulation
Denial of Service through Resource Depletion
Detect Unpublicised Web Pages
Detect Unpublicised Web Services
Dictionary-based Password Attack
Directory Indexing
Directory Traversal
Discovering, querying, and finally calling micro-services, such as w/ AJAX
DNS Cache Poisoning
DNS Rebinding
DNS Zone Transfers
Double Encoding
DTD Injection in a SOAP Message
Embedding Scripts in HTTP Query Strings
Embedding Scripts within Scripts
Enumerate Mail Exchange (MX) Records
Exploiting Incorrectly Configured Access Control Security Levels
Exploiting Incorrectly Configured SSL Security Levels
Exploiting Multiple Input Interpretation Layers
Explore for predictable temporary file names
External Entity Attack
Fake the Source of Data
File System Function Injection, Content Based
Filter Failure through Buffer Overflow
Flash File Overlay
Flash Memory Attacks
Flash Parameter Injection
Force the System to Reset Values
Force Use of Corruped Files
Forced Deadlock
Forced Integer Overflow
Format String Injection
Fuzzing
Fuzzing and observing application log data/errors for application mapping
Fuzzing for garnering (through web or log) other adjacent user/sensitive data as an authorized system user (overly broad but valid SQL queries)
Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping
Harvesting Usernames or UserIDs via Application API Event Monitoring
Hijacking a privileged process
HTTP Request Smuggling
HTTP Response Smuggling
HTTP Response Splitting
HTTP Verb Tampering
ICMP Address Mask Request
ICMP Echo Request Ping
ICMP Error Message Echoing Integrity Probe
ICMP Error Message Quoting Probe
ICMP Information Request
ICMP IP 'ID' Field Error Message Probe
ICMP IP Total Length Field Probe
ICMP Timestamp Request
iFrame Overlay
IMAP/SMTP Command Injection
Implementing a callback to system routine (old AWT Queue)
Inducing Account Lockout
Information Gathering from Non-Traditional Sources
Information Gathering from Traditional Sources
Integrity Modification During Deployed Use
Integrity Modification during Distribution
Integrity Modification/Manipulation During Manufacture
Inter-component Protocol Manipulation
IP 'ID' Echoed Byte-Order Probe
IP (DF) 'Don't Fragment Bit' Echoing Probe
IP ID Sequencing Probe
JSON Hijacking (aka JavaScript Hijacking)
LDAP Injection
Leverage Executable Code in Nonexecutable Files
Leveraging Race Conditions via Symbolic Links
Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior
Leveraging/Manipulating Configuration File Search Paths
Lifting credential(s)/key material embedded in client distributions (thick or thin)
Lifting signing key and signing malicious code from a production environment
Local Code Inclusion
Locate and Exploit Test APIs
Lock Bumping
Lock Picking
Magnetic Strip Card Brute Force Attacks
Malicious Automated Software Update
Malicious Logic Inserted Into Product Software by Authorized Developer
Malicious Logic Insertion into Product Software during Update
Malicious Logic Insertion into Product Software via Configuration Management Manipulation
Malicious Logic Insertion into Product Software via Inclusion of 3rd Party Component Dependency
Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components
Malware Propagation via Infected Peripheral Device
Malware Propagation via USB U3 Autorun
Manipulate Application Registry Values
Manipulating hidden fields to change the normal flow of transactions (eShoplifting)
Manipulating Input to File System Calls
Manipulating Writeable Configuration Files
Manipulating Writeable Terminal Devices
MIME Conversion
Mobile Phishing (aka MobPhishing)
Modification of Existing Components with Counterfeit Hardware
Navigation Remapping To Propagate Malicoius Content
Object Relational Mapping Injection
OS Command Injection
Overflow Binary Resource File
Overflow Variables and Tags
Oversized Payloads Sent to XML Parsers
Passing Local Filenames to Functions That Expect a URL
Passive OS Fingerprinting
Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update
Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution
Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching
Password Recovery Exploitation
Pharming
PHP Local File Inclusion
PHP Remote File Inclusion
Pointer Attack
Poison Web Service Registry
Postfix, Null Terminate, and Backslash
Pretexting
Pretexting via Customer Service
Pretexting via Delivery Person
Pretexting via Phone
Pretexting via Tech Support
Principal Spoofing
Programming to included script-based APIs
Protocol Reverse Engineering
Rainbow Table Password Cracking
Read Sensitive Stings Within an Executable
Recursive Payloads Sent to XML Parsers
Redirect Access to Libraries
Reflection Attack in Authentication Protocol
Reflection Injection
Relative Path Traversal
Removal of filters: Input filters, output filters, data masking
Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements
Resource Depletion through DTD Injection in a SOAP Message
Resource Depletion through Flooding
Resource Depletion through Leak
Restful Privilege Elevation
Reusing Session IDs (aka Session Replay)
RFID Chip Deactivation or Destruction
Screen Temporary Files for Sensitive Information
Server Side Include (SSI) Injection
Session Credential Falsification through Manipulation
Session Credential Falsification through Prediction
Session Fixation
Session Sidejacking
SOAP Array Overflow
Social Information Gathering via Dumpster Diving
Social Information Gathering via Research
Spear Phishing
Spoofing of UDDI/ebXML Messages
SQL Injection through SOAP Parameter Tampering
Subversion of authorization checks: cache filtering, programmatic security, etc
Symlink Attacks
Target Influence via Eye Cues
Target Influence via Framing
Target Influence via Instant Rapport
Target Influence via Interview and Interrogation
Target Influence via Manipulation of Incentives
Target Influence via Modes of Thinking
Target Influence via Perception of Authority
Target Influence via Perception of Commitment and Consistency
Target Influence via Perception of Concession
Target Influence via Perception of Consensus or Social Proof
Target Influence via Perception of Liking
Target Influence via Perception of Obligation
Target Influence via Perception of Scarcity
Target Influence via The Human Buffer Overflow
Target Influence via Voice in NLP
Target Programs with Elevated Privileges
TCP 'RST' Flag Checksum Probe
TCP (ISN) Counter Rate Probe
TCP (ISN) Greatest Common Divisor Probe
TCP (ISN) Sequence Predictability Probe
TCP ACK Ping
TCP ACK Scan
TCP Congestion Control Flag (ECN) Probe
TCP Connect Scan
TCP FIN scan
TCP Initial Window Size Probe
TCP Null Scan
TCP Options Probe
TCP RPC Scan
TCP Sequence Number Probe
TCP SYN Ping
TCP SYN Scan
TCP Timestamp Probe
TCP Window Scan
TCP Xmas Scan
Traceroute Route Enumeration
Try All Common Application Switches and Options
Try Common(default) Usernames and Passwords
UDP Ping
UDP Scan
USB Memory Attacks
User-Controlled Filename
Using a Snap Gun Lock to Force a Lock
Using Alternative IP Address Encodings
Using Escaped Slashes in Alternate Encoding
Using Leading 'Ghost' Character Sequences to Bypass Input Filters
Using Meta-characters in E-mail Headers to Inject Malicious Payloads
Using Slashes and URL Encoding Combined to Bypass Validation Logic
Using Unicode Encoding to Bypass Validation Logic
Using Unpublished Web Service APIs
Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege
Using UTF-8 Encoding to Bypass Validation Logic
Utilizing REST's Trust in the System Resource to Register Man in the Middle
Web Logs Tampering
Web Server/Application Fingerprinting
Windows ::DATA Alternate Data Stream
WSDL Scanning
XML Attribute Blowup
XML Ping of Death
XML Routing Detour Attacks
XML Schema Poisoning
XPath Injection
XQuery Injection
XSS in IMG Tags
Abuse of transaction data strutcture
capec_v.0.5
exist_capec_v.0.5
cwe_v.0.5
exist_cwe_v.0.5
cwe_v0.3
Access to Critical Private Variable via Public Method
Allocation of File Descriptors or Handles Without Limits or Throttling
Apple '.DS_Store'
Array Declared Public, Final, and Static
ASP.NET Misconfiguration: Creating Debug Binary
ASP.NET Misconfiguration: Missing Custom Error Page
ASP.NET Misconfiguration: Not Using Input Validation Framework
ASP.NET Misconfiguration: Password in Configuration File
ASP.NET Misconfiguration: Use of Identity Impersonation
Assigning instead of Comparing
Attempt to Access Child of a Non-structure Pointer
Authentication Bypass by Alternate Name
Authentication Bypass by Assumed-Immutable Data
Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
Buffer Access Using Size of Source Buffer
Buffer Over-read
Buffer Under-read
Call to Non-ubiquitous API
Call to Thread run() instead of start()
Category:.NET Environment Issues
Category:Absolute Path Traversal
Category:Acceptance of Extraneous Untrusted Data With Trusted Data
Category:Access Control (Authorization) Issues
Category:Access Control Bypass Through User-Controlled Key
Category:Access of Memory Location After End of Buffer
Category:Access of Memory Location Before Start of Buffer
Category:Access of Uninitialized Pointer
Category:Addition of Data Structure Sentinel
Category:Algorithmic Complexity
Category:Allocation of Resources Without Limits or Throttling
Category:Always-Incorrect Control Flow Implementation
Category:Argument Injection or Modification
Category:ASP.NET Environment Issues
Category:Assignment of a Fixed Address to a Pointer
Category:Asymmetric Resource Consumption (Amplification)
Category:Authentication Bypass by Capture-replay
Category:Authentication Bypass by Primary Weakness
Category:Authentication Bypass by Spoofing
Category:Authentication Bypass Issues
Category:Authentication Bypass Using an Alternate Path or Channel
Category:Behavioral Change in New Version or Environment
Category:Behavioral Problems
Category:Buffer Access with Incorrect Length Value
Category:Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Category:Buffer Underwrite ('Buffer Underflow')
Category:Byte/Object Code
Category:Certificate Issues
Category:Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Category:Channel and Path Errors
Category:Channel Errors
Category:Cleansing, Canonicalization, and Comparison Errors
Category:Cleartext Storage of Sensitive Information
Category:Cleartext Transmission of Sensitive Information
Category:Client-Side Enforcement of Server-Side Security
Category:Code
Category:Coding Standards Violation
Category:Collapse of Data into Unsafe Value
Category:Comparison of Object References Instead of Object Contents
Category:Compiler Optimization Removal or Modification of Security-critical Code
Category:Compiler Removal of Code to Clear Buffers
Category:Concurrency Issues
Category:Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Category:Configuration
Category:Containment Errors (Container Errors)
Category:Context Switching Race Condition
Category:Covert Channel
Category:Covert Storage Channel
Category:Covert Timing Channel
Category:Creation of Temporary File in Directory with Incorrect Permissions
Category:Creation of Temporary File With Insecure Permissions
Category:Credentials Management
Category:Cryptographic Issues
Category:Dangerous Signal Handler not Disabled During Sensitive Operations
Category:Dangling Database Cursor ('Cursor Injection')
Category:Data Handling
Category:Data Structure Issues
Category:Deadlock
Category:Declaration of Catch for Generic Exception
Category:Declaration of Throws for Generic Exception
Category:Deletion of Data Structure Sentinel
Category:Deployment of Wrong Handler
Category:DEPRECATED (Duplicate): Covert Timing Channel
Category:DEPRECATED (Duplicate): Failure to provide confidentiality for stored data
Category:DEPRECATED (Duplicate): General Information Management Problems
Category:DEPRECATED (Duplicate): HTTP response splitting
Category:DEPRECATED (Duplicate): Miscalculated Null Termination
Category:DEPRECATED (Duplicate): Proxied Trusted Channel
Category:DEPRECATED: Failure to Protect Stored Data from Modification
Category:DEPRECATED: General Special Element Problems
Category:DEPRECATED: Improper Sanitization of Custom Special Characters
Category:DEPRECATED: Incorrect Initialization
Category:DEPRECATED: State Synchronization Error
Category:Detection of Error Condition Without Action
Category:Direct Request ('Forced Browsing')
Category:Direct Use of Unsafe JNI
Category:Divide By Zero
Category:Double-Checked Locking
Category:Download of Code Without Integrity Check
Category:Duplicate Key in Associative List (Alist)
Category:Duplicate Operations on Resource
Category:Dynamic Variable Evaluation
Category:Embedded Malicious Code
Category:Encoding Error
Category:Environment
Category:Error Conditions, Return Values, Status Codes
Category:Error Handling
Category:Executable Regular Expression Error
Category:Execution with Unnecessary Privileges
Category:Expected Behavior Violation
Category:Expired Pointer Dereference
Category:Exposed Dangerous Method or Function
Category:Exposed Unsafe ActiveX Method
Category:Exposure of Resource to Wrong Sphere
Category:Expression Issues
Category:External Control of Assumed-Immutable Web Parameter
Category:External Control of Critical State Data
Category:External Control of File Name or Path
Category:External Control of System or Configuration Setting
Category:External Influence of Sphere Definition
Category:External Initialization of Trusted Variables or Data Stores
Category:Externally Controlled Reference to a Resource in Another Sphere
Category:Failure to Control Generation of Code ('Code Injection')
Category:Failure to Follow Specification
Category:Failure to Fulfill API Contract ('API Abuse')
Category:Failure to Handle Incomplete Element
Category:Failure to Handle Missing Parameter
Category:Failure to Provide Specified Functionality
Category:Failure to Sanitize Special Element
Category:Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Category:File and Directory Information Exposure
Category:File Descriptor Exhaustion
Category:Files or Directories Accessible to External Parties
Category:Function Call with Incorrectly Specified Arguments
Category:Guessable CAPTCHA
Category:Handler Errors
Category:Improper Access Control (Authorization)
Category:Improper Access of Indexable Resource ('Range Error')
Category:Improper Authentication
Category:Improper Check for Certificate Revocation
Category:Improper Check for Dropped Privileges
Category:Improper Check for Unusual or Exceptional Conditions
Category:Improper Check or Handling of Exceptional Conditions
Category:Improper Control of a Resource Through its Lifetime
Category:Improper Control of Document Type Definition
Category:Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
Category:Improper Control of Interaction Frequency
Category:Improper Control of Resource Identifiers ('Resource Injection')
Category:Improper Cross-boundary Removal of Sensitive Data
Category:Improper Encoding or Escaping of Output
Category:Improper Enforcement of Message or Data Structure
Category:Improper Filtering of Special Elements
Category:Improper Following of Chain of Trust for Certificate Validation
Category:Improper Handling of Additional Special Element
Category:Improper Handling of Case Sensitivity
Category:Improper Handling of Exceptional Conditions
Category:Improper Handling of Extra Parameters
Category:Improper Handling of Extra Values
Category:Improper Handling of File Names that Identify Virtual Resources
Category:Improper Handling of Highly Compressed Data (Data Amplification)
Category:Improper Handling of Incomplete Structural Elements
Category:Improper Handling of Inconsistent Special Elements
Category:Improper Handling of Inconsistent Structural Elements
Category:Improper Handling of Insufficient Permissions or Privileges
Category:Improper Handling of Insufficient Privileges
Category:Improper Handling of Length Parameter Inconsistency
Category:Improper Handling of Missing Special Element
Category:Improper Handling of Missing Values
Category:Improper Handling of Structural Elements
Category:Improper Handling of Syntactically Invalid Structure
Category:Improper Handling of Undefined Parameters
Category:Improper Handling of Undefined Values
Category:Improper Handling of Unexpected Data Type
Category:Improper Handling of Values
Category:Improper Initialization
Category:Improper Input Validation
Category:Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Category:Improper Link Resolution Before File Access ('Link Following')
Category:Improper Locking
Category:Improper Neutralization of CRLF Sequences ('CRLF Injection')
Category:Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Category:Improper Neutralization of Data within XPath Expressions ('XPath Injection')
Category:Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
Category:Improper Neutralization of Delimiters
Category:Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Category:Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Category:Improper Neutralization of Equivalent Special Elements
Category:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Category:Improper Neutralization of Special Elements
Category:Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Category:Improper Neutralization of Special Elements used in a Command ('Command Injection')
Category:Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Category:Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Category:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Category:Improper Null Termination
Category:Improper Output Neutralization for Logs
Category:Improper Ownership Management
Category:Improper Preservation of Permissions
Category:Improper Privilege Management
Category:Improper Protection of Alternate Path
Category:Improper Release of Memory Before Removing Last Reference ('Memory Leak')
Category:Improper Resolution of Path Equivalence
Category:Improper Resource Locking
Category:Improper Resource Shutdown or Release
Category:Improper Restriction of Excessive Authentication Attempts
Category:Improper Restriction of Names for Files and Other Resources
Category:Improper Restriction of Operations within the Bounds of a Memory Buffer
Category:Improper Synchronization
Category:Improper Validation of Array Index
Category:Improper Validation of Certificate Expiration
Category:Improper Validation of Host-specific Certificate Data
Category:Improper Validation of Integrity Check Value
Category:Improper Verification of Cryptographic Signature
Category:Improperly Implemented Security Check for Standard
Category:Improperly Trusted Reverse DNS
Category:Inadequate Encryption Strength
Category:Inadvertently Introduced Weakness
Category:Inclusion of Functionality from Untrusted Control Sphere
Category:Inclusion of Web Functionality from an Untrusted Source
Category:Incomplete Blacklist
Category:Incomplete Blacklist to Cross-Site Scripting
Category:Incomplete Cleanup
Category:Incomplete Filtering of Special Elements
Category:Incomplete Internal State Distinction
Category:Incomplete Model of Endpoint Features
Category:Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Category:Incorrect Behavior Order
Category:Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
Category:Incorrect Behavior Order: Early Amplification
Category:Incorrect Behavior Order: Early Validation
Category:Incorrect Behavior Order: Validate Before Canonicalize
Category:Incorrect Behavior Order: Validate Before Filter
Category:Incorrect Calculation
Category:Incorrect Calculation of Buffer Size
Category:Incorrect Calculation of Multi-Byte String Length
Category:Incorrect Check of Function Return Value
Category:Incorrect Control Flow Scoping
Category:Incorrect Conversion between Numeric Types
Category:Incorrect Implementation of Authentication Algorithm
Category:Incorrect Ownership Assignment
Category:Incorrect Permission Assignment for Critical Resource
Category:Incorrect Pointer Scaling
Category:Incorrect Privilege Assignment
Category:Incorrect Regular Expression
Category:Incorrect Resource Transfer Between Spheres
Category:Incorrect Semantic Object Comparison
Category:Incorrect Synchronization
Category:Incorrect Type Conversion or Cast
Category:Incorrect Use of Privileged APIs
Category:Incorrect User Management
Category:Indicator of Poor Code Quality
Category:Information Exposure
Category:Information Exposure Through an Error Message
Category:Information Exposure Through Behavioral Discrepancy
Category:Information Exposure Through Discrepancy
Category:Information Loss or Omission
Category:Information Management Errors
Category:Initialization and Cleanup Errors
Category:Insecure Default Variable Initialization
Category:Insecure Temporary File
Category:Insufficient Comparison
Category:Insufficient Compartmentalization
Category:Insufficient Control Flow Management
Category:Insufficient Control of Network Message Volume (Network Amplification)
Category:Insufficient Encapsulation
Category:Insufficient Entropy
Category:Insufficient Logging
Category:Insufficient Psychological Acceptability
Category:Insufficient Resource Pool
Category:Insufficient Session Expiration
Category:Insufficient Type Distinction
Category:Insufficient UI Warning of Dangerous Operations
Category:Insufficient Verification of Data Authenticity
Category:Insufficiently Protected Credentials
Category:Integer Coercion Error
Category:Integer Overflow or Wraparound
Category:Integer Overflow to Buffer Overflow
Category:Integer Underflow (Wrap or Wraparound)
Category:Intended Information Leak
Category:Intentionally Introduced Nonmalicious Weakness
Category:Intentionally Introduced Weakness
Category:Interaction Error
Category:Interpretation Conflict
Category:J2EE Environment Issues
Category:J2EE Time and State Issues
Category:Key Exchange without Entity Authentication
Category:Key Management Errors
Category:Lack of Administrator Control over Security
Category:Least Privilege Violation
Category:Leftover Debug Code
Category:Location
Category:Logging of Excessive Data
Category:Logic/Time Bomb
Category:Mac Virtual File Problems
Category:Misinterpretation of Input
Category:Missing Check for Certificate Revocation after Initial Check
Category:Missing Critical Step in Authentication
Category:Missing Custom Error Page
Category:Missing Encryption of Sensitive Data
Category:Missing Handler
Category:Missing Initialization
Category:Missing Lock Check
Category:Missing Reference to Active Allocated Resource
Category:Missing Release of Resource after Effective Lifetime
Category:Missing Report of Error Condition
Category:Missing Required Cryptographic Step
Category:Missing Standardized Error Handling Mechanism
Category:Missing Support for Integrity Check
Category:Missing Synchronization
Category:Missing XML Validation
Category:Mobile Code Issues
Category:Modification of Assumed-Immutable Data (MAID)
Category:Motivation/Intent
Category:Multiple Binds to the Same Port
Category:Multiple Interpretations of UI Input
Category:Non-exit on Failed Initialization
Category:Non-Replicating Malicious Code
Category:Not Failing Securely ('Failing Open')
Category:Not Using Complete Mediation
Category:NULL Pointer Dereference
Category:Numeric Errors
Category:Numeric Truncation Error
Category:Object Model Violation: Just One of Equals and Hashcode Defined
Category:Obscured Security-relevant Information by Alternate Name
Category:Obsolete Feature in UI
Category:Off-by-one Error
Category:Often Misused: Arguments and Parameters
Category:Often Misused: String Management
Category:Omission of Security-relevant Information
Category:Omitted Break Statement in Switch
Category:Only Filtering Special Elements at a Specified Location
Category:Operation on a Resource after Expiration or Release
Category:Operation on Resource in Wrong Phase of Lifetime
Category:Origin Validation Error
Category:Other Intentional, Nonmalicious Weakness
Category:Out-of-bounds Read
Category:Out-of-bounds Write
Category:Overly Restrictive Account Lockout Mechanism
Category:Overly Restrictive Regular Expression
Category:Parameter Problems
Category:Partial Comparison
Category:Passing Mutable Objects to an Untrusted Method
Category:Password Aging with Long Expiration
Category:Pathname Traversal and Equivalence Errors
Category:Permission Issues
Category:Permission Race Condition During Resource Copy
Category:Permissions, Privileges, and Access Controls
Category:Permissive Regular Expression
Category:Permissive Whitelist
Category:Pointer Issues
Category:Predictability Problems
Category:Predictable Exact Value from Previous Values
Category:Predictable from Observable State
Category:Predictable Seed in PRNG
Category:Predictable Value Range from Previous Values
Category:Premature Release of Resource During Expected Lifetime
Category:Privacy Violation
Category:Privilege / Sandbox Issues
Category:Privilege Chaining
Category:Privilege Context Switching Error
Category:Privilege Defined With Unsafe Actions
Category:Privilege Dropping / Lowering Errors
Category:PRNG Seed Error
Category:Process Control
Category:Product UI does not Warn User of Unsafe Actions
Category:Product-External Error Message Information Leak
Category:Product-Generated Error Message Information Leak
Category:Protection Mechanism Failure
Category:Race Condition During Access to Alternate Channel
Category:Race Condition Enabling Link Following
Category:Race Condition in Switch
Category:Race Condition within a Thread
Category:Redirect Without Exit
Category:Relative Path Traversal
Category:Release of Invalid Pointer or Reference
Category:Reliance on a Single Factor in a Security Decision
Category:Reliance on Cookies without Validation and Integrity Checking
Category:Reliance on Data/Memory Layout
Category:Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
Category:Reliance on Security through Obscurity
Category:Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Category:Reliance on Untrusted Inputs in a Security Decision
Category:Replicating Malicious Code (Virus or Worm)
Category:Representation Errors
Category:Resource Locking Problems
Category:Resource Management Errors
Category:Response Discrepancy Information Exposure
Category:Return Inside Finally Block
Category:Return of Pointer Value Outside of Expected Range
Category:Return of Stack Variable Address
Category:Return of Wrong Status Code
Category:Returning a Mutable Object to an Untrusted Caller
Category:Reusing a Nonce, Key Pair in Encryption
Category:Reversible One-Way Hash
Category:Same Seed in PRNG
Category:Security Features
Category:Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
Category:Sensitive Information Uncleared Before Release
Category:Session Fixation
Category:Signal Errors
Category:Signal Handler Function Associated with Multiple Signals
Category:Signal Handler Race Condition
Category:Signal Handler with Functionality that is not Asynchronous-Safe
Category:Small Seed Space in PRNG
Category:Small Space of Random Values
Category:Source Code
Category:Spyware
Category:State Issues
Category:Storing Passwords in a Recoverable Format
Category:String Errors
Category:Struts Validation Problems
Category:Symbolic Name not Mapping to Correct Object
Category:Technology-specific Environment Issues
Category:Technology-Specific Input Validation Problems
Category:Technology-Specific Special Elements
Category:Technology-Specific Time and State Issues
Category:Temporary File Issues
Category:The UI Performs the Wrong Action
Category:Time and State
Category:Time-of-check Time-of-use (TOCTOU) Race Condition
Category:Timing Discrepancy Information Leak
Category:Transmission of Private Resources into a New Sphere ('Resource Leak')
Category:Trapdoor
Category:Trojan Horse
Category:Truncation of Security-relevant Information
Category:Trust Boundary Violation
Category:Trust of System Event Data
Category:Type Errors
Category:UI Discrepancy for Security Feature
Category:UI Misrepresentation of Critical Information
Category:Uncaught Exception
Category:Uncaught Exception in Servlet
Category:Unchecked Error Condition
Category:Unchecked Input for Loop Condition
Category:Unchecked Return Value
Category:Unchecked Return Value to NULL Pointer Dereference
Category:Uncontrolled Format String
Category:Uncontrolled Recursion
Category:Uncontrolled Resource Consumption ('Resource Exhaustion')
Category:Uncontrolled Search Path Element
Category:Undefined Behavior for Input to API
Category:Unexpected Sign Extension
Category:Unexpected Status Code or Return Value
Category:Unimplemented or Unsupported Feature in UI
Category:Unintended Proxy/Intermediary
Category:UNIX File Descriptor Leak
Category:UNIX Path Link Problems
Category:Unlock of a Resource that is not Locked
Category:Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')
Category:Unprotected Alternate Channel
Category:Unprotected Primary Channel
Category:Unquoted Search Path or Element
Category:Unrestricted Externally Accessible Lock
Category:Unrestricted Upload of File with Dangerous Type
Category:Unsynchronized Access to Shared Data in a Multithreaded Context
Category:Untrusted Pointer Dereference
Category:Untrusted Search Path
Category:Unverified Ownership
Category:Use After Free
Category:Use of a Broken or Risky Cryptographic Algorithm
Category:Use of a Key Past its Expiration Date
Category:Use of a Non-reentrant Function in a Concurrent Context
Category:Use of a One-Way Hash with a Predictable Salt
Category:Use of a One-Way Hash without a Salt
Category:Use of Client-Side Authentication
Category:Use of Cryptographically Weak PRNG
Category:Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Category:Use of Function with Inconsistent Implementations
Category:Use of Hard-coded Credentials
Category:Use of Hard-coded Cryptographic Key
Category:Use of Hard-coded Password
Category:Use of Incorrect Byte Ordering
Category:Use of Incorrect Operator
Category:Use of Incorrectly-Resolved Name or Reference
Category:Use of Inherently Dangerous Function
Category:Use of Insufficiently Random Values
Category:Use of Invariant Value in Dynamically Changing Context
Category:Use of Less Trusted Source
Category:Use of Low-Level Functionality
Category:Use of Multiple Resources with Duplicate Identifier
Category:Use of NullPointerException Catch to Detect NULL Pointer Dereference
Category:Use of Obsolete Functions
Category:Use of Out-of-range Pointer Offset
Category:Use of Password System for Primary Authentication
Category:Use of Pointer Subtraction to Determine Size
Category:Use of Potentially Dangerous Function
Category:Use of Single-factor Authentication
Category:User Interface Errors
Category:User Interface Security Issues
Category:Variable Extraction Error
Category:Violation of Secure Design Principles
Category:Weak Password Recovery Mechanism for Forgotten Password
Category:Weak Password Requirements
Category:Weaknesses that Affect Files or Directories
Category:Weaknesses that Affect Memory
Category:Weaknesses that Affect System Processes
Category:Web Problems
Category:Windows Path Link Problems
Category:Windows Virtual File Problems
Category:Wrap-around Error
Category:Write-what-where Condition
Category:XML Injection (aka Blind XPath Injection)
clone() Method Without super.clone()
Command Shell in Externally Accessible Directory
Comparing instead of Assigning
Comparison of Classes by Name
Creation of chroot Jail Without Changing Working Directory
Critical Public Variable Without Final Modifier
Critical Variable Declared Public
Cross-Site Request Forgery (CSRF)
CWEToOntology_v.0.3.zip
Data Leak Between Sessions
Dead Code
DEPRECATED: Often Misused: Path Manipulation
Deserialization of Untrusted Data
Double Decoding of the Same Data
Double Free
Doubled Character XSS Manipulations
EJB Bad Practices: Use of AWT Swing
EJB Bad Practices: Use of Class Loader
EJB Bad Practices: Use of Java I/O
EJB Bad Practices: Use of Sockets
EJB Bad Practices: Use of Synchronization Primitives
Empty Password in Configuration File
Empty Synchronized Block
Explicit Call to Finalize()
Exposed IOCTL with Insufficient Access Control
Exposure of Access Control List Files to an Unauthorized Control Sphere
Exposure of Backup File to an Unauthorized Control Sphere
Exposure of Core Dump File to an Unauthorized Control Sphere
Exposure of CVS Repository to an Unauthorized Control Sphere
Exposure of System Data to an Unauthorized Control Sphere
Expression is Always False
Expression is Always True
Failure to Sanitize Paired Delimiters
finalize() Method Declared Public
finalize() Method Without super.finalize()
Free of Memory not on the Heap
Free of Pointer not at Start of Buffer
Function Call With Incorrect Argument Type
Function Call With Incorrect Number of Arguments
Function Call With Incorrect Order of Arguments
Function Call With Incorrect Variable or Reference as Argument
Function Call With Incorrectly Specified Argument Value
Heap-based Buffer Overflow
Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
Improper Cleanup on Thrown Exception
Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Improper Handling of Alternate Encoding
Improper Handling of Apple HFS+ Alternate Data Stream Path
Improper Handling of Insufficient Entropy in TRNG
Improper Handling of Mixed Encoding
Improper Handling of Unicode Encoding
Improper Handling of URL Encoding (Hex Encoding)
Improper Handling of Windows ::DATA Alternate Data Stream
Improper Handling of Windows Device Names
Improper Neutralization of Alternate XSS Syntax
Improper Neutralization of Comment Delimiters
Improper Neutralization of Encoded URI Schemes in a Web Page
Improper Neutralization of Escape, Meta, or Control Sequences
Improper Neutralization of Expression/Command Delimiters
Improper Neutralization of HTTP Headers for Scripting Syntax
Improper Neutralization of Input Leaders
Improper Neutralization of Input Terminators
Improper Neutralization of Internal Special Elements
Improper Neutralization of Invalid Characters in Identifiers in Web Pages
Improper Neutralization of Leading Special Elements
Improper Neutralization of Line Delimiters
Improper Neutralization of Macro Symbols
Improper Neutralization of Multiple Internal Special Elements
Improper Neutralization of Multiple Leading Special Elements
Improper Neutralization of Multiple Trailing Special Elements
Improper Neutralization of Null Byte or NUL Character
Improper Neutralization of Parameter/Argument Delimiters
Improper Neutralization of Quoting Syntax
Improper Neutralization of Record Delimiters
Improper Neutralization of Script in an Error Message Web Page
Improper Neutralization of Script in Attributes in a Web Page
Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Improper Neutralization of Section Delimiters
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
Improper Neutralization of Substitution Characters
Improper Neutralization of Trailing Special Elements
Improper Neutralization of Value Delimiters
Improper Neutralization of Variable Name Delimiters
Improper Neutralization of Whitespace
Improper Neutralization of Wildcards or Matching Symbols
Incomplete Filtering of Multiple Instances of Special Elements
Incomplete Filtering of One or More Instances of Special Elements
Incomplete Identification of Uploaded File Variables (PHP)
Incorrect Block Delimitation
Incorrect Default Permissions
Incorrect Execution-Assigned Permissions
Incorrect Short Circuit Evaluation
Information Exposure Through an External Behavioral Inconsistency
Information Exposure Through Debug Information
Information Exposure Through Sent Data
Information Exposure through WSDL File
Information Leak Through Browser Caching
Information Leak Through Caching
Information Leak through Class Cloning
Information Leak Through Cleanup Log Files
Information Leak Through Comments
Information Leak Through Debug Log Files
Information Leak Through Directory Listing
Information Leak Through Environmental Variables
Information Leak Through Include Source Code
Information Leak Through Indexing of Private Data
Information Leak Through Java Runtime Error Message
Information Leak Through Log Files
Information Leak Through Persistent Cookies
Information Leak Through Query Strings in GET Request
Information Leak Through Server Error Message
Information Leak Through Server Log Files
Information Leak Through Servlet Runtime Error Message
Information Leak Through Shell Error Message
Information Leak Through Source Code
Information Leak Through Test Code
Information Leak Through XML External Entity File Disclosure
Insecure Inherited Permissions
Insecure Preserved Inherited Permissions
Insufficient Entropy in PRNG
Internal Behavioral Inconsistency Information Leak
J2EE Bad Practices: Direct Management of Connections
J2EE Bad Practices: Direct Use of Sockets
J2EE Bad Practices: Direct Use of Threads
J2EE Bad Practices: Non-serializable Object Stored in Session
J2EE Bad Practices: Use of System.exit()
J2EE Framework: Saving Unserializable Objects to Disk
J2EE Misconfiguration: Data Transmission Without Encryption
J2EE Misconfiguration: Entity Bean Declared Remote
J2EE Misconfiguration: Insufficient Session-ID Length
J2EE Misconfiguration: Missing Custom Error Page
J2EE Misconfiguration: Plaintext Password in Configuration File
J2EE Misconfiguration: Weak Access Permissions for EJB Methods
Mismatched Memory Management Routines
Missing Authentication for Critical Function
Missing Default Case in Switch Statement
Missing Password Field Masking
Missing Reference to Active File Descriptor or Handle
Missing Release of File Descriptor or Handle after Effective Lifetime
Multiple Locks of a Critical Resource
Multiple Unlocks of a Critical Resource
Not Using a Random IV with CBC Mode
Not Using Password Aging
Null Byte Interaction Error (Poison Null Byte)
Only Filtering One Instance of a Special Element
Only Filtering Special Elements at an Absolute Position
Only Filtering Special Elements Relative to a Marker
Operator Precedence Logic Error
Password in Configuration File
Path Equivalence: ' filename' (Leading Space)
Path Equivalence: '//multiple/leading/slash'
Path Equivalence: '/./' (Single Dot Directory)
Path Equivalence: '/multiple//internal/slash'
Path Equivalence: '/multiple/trailing/slash//'
Path Equivalence: '\multiple\\internal\backslash'
Path Equivalence: 'fakedir/../realdir/filename'
Path Equivalence: 'file name' (Internal Whitespace)
Path Equivalence: 'file...name' (Multiple Internal Dot)
Path Equivalence: 'file.name' (Internal Dot)
Path Equivalence: 'filedir*' (Wildcard)
Path Equivalence: 'filedir\' (Trailing Backslash)
Path Equivalence: 'filename ' (Trailing Space)
Path Equivalence: 'filename/' (Trailing Slash)
Path Equivalence: 'filename.' (Trailing Dot)
Path Equivalence: 'filename....' (Multiple Trailing Dot)
Path Equivalence: Windows 8.3 Filename
Path Traversal: '/../filedir'
Path Traversal: '/absolute/pathname/here'
Path Traversal: '/dir/../filename'
Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
Path Traversal: '\..\filename'
Path Traversal: '\absolute\pathname\here'
Path Traversal: '\dir\..\filename'
Path Traversal: '../filedir'
Path Traversal: '..\filedir'
Path Traversal: '.../...//'
Path Traversal: '...' (Triple Dot)
Path Traversal: '....//'
Path Traversal: '....' (Multiple Dot)
Path Traversal: 'C:dirname'
Path Traversal: 'dir/../../filename'
Path Traversal: 'dir\..\..\filename'
PHP External Variable Modification
Plaintext Storage in a Cookie
Plaintext Storage in a File or on Disk
Plaintext Storage in Executable
Plaintext Storage in GUI
Plaintext Storage in Memory
Plaintext Storage in the Registry
Plaintext Storage of a Password
Privacy Leak through Data Queries
Private Array-Typed Field Returned From A Public Method
Process Environment Information Leak
Public cloneable() Method Without Final ('Object Hijack')
Public Data Assigned to Private Array-Typed Field
Public Static Field Not Marked Final
Public Static Final Field References Mutable Object
Reachable Assertion
Reflection Attack in an Authentication Protocol
Regular Expression without Anchors
Reliance on Cookies without Validation and Integrity Checking in a Security Decision
Reliance on DNS Lookups in a Security Decision
Reliance on File Name or Extension of Externally-Supplied File
Reliance on Package-level Scope
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Sensitive Data Storage in Improperly Locked Memory
Sensitive Data Under FTP Root
Sensitive Data Under Web Root
Serializable Class Containing Sensitive Data
Signal Handler Use of a Non-reentrant Function
Signed to Unsigned Conversion Error
SQL Injection: Hibernate
Stack-based Buffer Overflow
Struts: Duplicate Validation Forms
Struts: Form Bean Does Not Extend Validation Class
Struts: Form Field Without Validator
Struts: Incomplete validate() Method Definition
Struts: Non-private Field in ActionForm Class
Struts: Plug-in Framework not in Use
Struts: Unused Validation Form
Struts: Unvalidated Action Form
Struts: Validator Turned Off
Struts: Validator Without Form Field
Suspicious Comment
Trust of OpenSSL Certificate Without Validation
Trusting HTTP Permission Methods on the Server Side
Trusting Self-reported DNS Name
Trusting Self-reported IP Address
Uncontrolled Memory Allocation
UNIX Hard Link
UNIX Symbolic Link (Symlink) Following
Unparsed Raw Web Content Delivery
Unprotected Transport of Credentials
Unprotected Windows Messaging Channel ('Shatter')
Unrestricted Recursive Entity References in DTDs ('XML Bomb')
Unsafe ActiveX Control Marked Safe For Scripting
Unsigned to Signed Conversion Error
Unused Variable
Unvalidated Function Hook Arguments
Unverified Password Change
URL Redirection to Untrusted Site ('Open Redirect')
Use of Dynamic Class Loading
Use of getlogin() in Multithreaded Application
Use of Hard-coded, Security-relevant Constants
Use of Inner Class Containing Sensitive Data
Use of Non-Canonical URL Paths for Authorization Decisions
Use of Path Manipulation Function without Maximum-sized Buffer
Use of RSA Algorithm without OAEP
Use of Singleton Pattern Without Synchronization in a Multithreaded Context
Use of sizeof() on a Pointer Type
Use of umask() with chmod-style Argument
Use of Uninitialized Variable
Use of Wrong Operator in String Comparison
Using Referer Field for Authentication
Weak Cryptography for Passwords
Windows Hard Link
Windows Shortcut Following (.LNK)
Access Control Bypass Through User-Controlled SQL Primary Key
cwe_v0.5
Access Control Bypass Through User-Controlled SQL Primary Key
Access to Critical Private Variable via Public Method
Allocation of File Descriptors or Handles Without Limits or Throttling
Apple '.DS_Store'
Array Declared Public, Final, and Static
ASP.NET Misconfiguration: Creating Debug Binary
ASP.NET Misconfiguration: Missing Custom Error Page
ASP.NET Misconfiguration: Not Using Input Validation Framework
ASP.NET Misconfiguration: Password in Configuration File
ASP.NET Misconfiguration: Use of Identity Impersonation
Assigning instead of Comparing
Attempt to Access Child of a Non-structure Pointer
Authentication Bypass by Alternate Name
Authentication Bypass by Assumed-Immutable Data
Authen