| Subverting Environment Variable Values |
|
CWE-15
|
External Control of System or Configuration Setting
|
|
CWE-20
|
Improper Input Validation
|
|
CWE-73
|
External Control of File Name or Path
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
CWE-285
|
Improper Authorization
|
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
|
CWE-353
|
Missing Support for Integrity Check
|
|
| XML Schema Poisoning |
|
CWE-15
|
External Control of System or Configuration Setting
|
|
CWE-472
|
External Control of Assumed-Immutable Web Parameter
|
|
| Configuration/Environment Manipulation |
|
CWE-15
|
External Control of System or Configuration Setting
|
|
CWE-1233
|
Improper Hardware Lock Protection for Security Sensitive Controls
|
|
CWE-1234
|
Hardware Internal or Debug Modes Allow Override of Locks
|
|
CWE-1304
|
Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation
|
|
CWE-1328
|
Security Version Number Mutable to Older Versions
|
|
| Manipulate Registry Information |
|
CWE-15
|
External Control of System or Configuration Setting
|
|
| Modification of Registry Run Keys |
|
CWE-15
|
External Control of System or Configuration Setting
|
|
| Schema Poisoning |
|
CWE-15
|
External Control of System or Configuration Setting
|
|
| Target Programs with Elevated Privileges |
|
CWE-15
|
External Control of System or Configuration Setting
|
|
CWE-250
|
Execution with Unnecessary Privileges
|
|
| Manipulating Web Input to File System Calls |
|
CWE-15
|
External Control of System or Configuration Setting
|
|
CWE-22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
|
CWE-23
|
Relative Path Traversal
|
|
CWE-59
|
Improper Link Resolution Before File Access ('Link Following')
|
|
CWE-73
|
External Control of File Name or Path
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
|
CWE-272
|
Least Privilege Violation
|
|
CWE-285
|
Improper Authorization
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-348
|
Use of Less Trusted Source
|
|
| Manipulating User-Controlled Variables |
|
CWE-15
|
External Control of System or Configuration Setting
|
|
CWE-94
|
Improper Control of Generation of Code ('Code Injection')
|
|
CWE-96
|
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
|
|
CWE-285
|
Improper Authorization
|
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
|
CWE-473
|
PHP External Variable Modification
|
|
CWE-1321
|
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
|