CWE-20 - CERT CVE

CWE-20 - Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CAPEC ID Naziv
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-101 Server Side Include (SSI) Injection
CAPEC-104 Cross Zone Scripting
CAPEC-108 Command Line Execution through SQL Injection
CAPEC-109 Object Relational Mapping Injection
CAPEC-110 SQL Injection through SOAP Parameter Tampering
CAPEC-120 Double Encoding
CAPEC-13 Subverting Environment Variable Values
CAPEC-135 Format String Injection
CAPEC-136 LDAP Injection
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-153 Input Data Manipulation
CAPEC-182 Flash Injection
CAPEC-209 XSS Using MIME Type Mismatch
CAPEC-22 Exploiting Trust in Client
CAPEC-23 File Content Injection
CAPEC-230 XML Nested Payloads
CAPEC-231 Oversized Serialized Data Payloads
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-250 XML Injection
CAPEC-261 Fuzzing for garnering other adjacent user/sensitive data
CAPEC-267 Leverage Alternate Encoding
CAPEC-28 Fuzzing
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-42 MIME Conversion
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-473 Signature Spoof
CAPEC-52 Embedding NULL Bytes
CAPEC-53 Postfix, Null Terminate, and Backslash
CAPEC-588 DOM-Based XSS
CAPEC-63 Cross-Site Scripting (XSS)
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-67 String Format Overflow in syslog()
CAPEC-7 Blind SQL Injection
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic
CAPEC-72 URL Encoding
CAPEC-73 User-Controlled Filename
CAPEC-78 Using Escaped Slashes in Alternate Encoding
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-8 Buffer Overflow in an API Call
CAPEC-80 Using UTF-8 Encoding to Bypass Validation Logic
CAPEC-81 Web Logs Tampering
CAPEC-83 XPath Injection
CAPEC-85 AJAX Fingerprinting
CAPEC-88 OS Command Injection
CAPEC-9 Buffer Overflow in Local Command-Line Utilities