Tag: top25-cwes

Integer overflow

An integer overflow might cause security issues when it is used for resource management or execution control.

SQL injection

The use of untrusted inputs in a SQL database query can enable attackers to read, modify, or delete sensitive data in the database.

Improper input validation

Improper input validation can enable attacks and lead to unwanted behavior.

Weak obfuscation of web requests

Weak obfuscation of web requests makes your application vulnerable.

Sendfile injection

The software allows user input to control or influence paths or file names that are used in file system operations.

XML external entity

Objects that parse or handle XML can lead to XML external entity (XXE) attacks when they are misconfigured.

Server side request forgery

Insufficient sanitization of potentially untrusted URLs on the server side can allow server requests to unwanted destinations.

Resource leak

Allocated resources are not released properly.

Cross-site request forgery

Insecure configuration can lead to a cross-site request forgery (CRSF) vulnerability.

Deserialization of untrusted object

Deserialization of untrusted objects can lead to security vulnerabilities such as, inadvertently running remote code.

Unsanitized input is run as code

Scripts generated from unsanitized inputs can lead to malicious behavior and inadvertently running code remotely.

Sensitive information leak

Exposure of sensitive information can lead to an unauthorized actor having access to the information.

Loose file permissions

Weak file permissions can lead to privilege escalation.

OS command injection

Constructing operating system or shell commands with unsanitized user input can lead to inadvertently running malicious code.

NoSQL injection

User input can be vulnerable to injection attacks.

Path traversal

Creating file paths from untrusted input might give a malicious actor access to sensitive files.

Cross-site scripting

Relying on potentially untrusted user inputs when constructing web application outputs can lead to cross-site scripting vulnerabilities.

URL redirection to untrusted site

User-controlled input that specifies a link to an external site could lead to phishing attacks and allow user credentials to be stolen.