Pretraži prema CWE oznaci - CERT CVE

CWE lista

CWE ID Opis
CWE-249 This entry has been deprecated because of name confusion and an accidental combination of multiple weaknesses. Most of its content has been transferred to CWE-785.
CWE-25 The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/../" sequences that can resolve to a location that is outside of that directory.
CWE-250 The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
CWE-252 The software does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
CWE-253 The software incorrectly checks a return value from a function, which prevents the software from detecting errors or exceptional conditions.
CWE-256 Storing a password in plaintext may result in a system compromise.
CWE-257 The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.
CWE-258 Using an empty string as a password is insecure.
CWE-259 The software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
CWE-26 The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/dir/../filename" sequences that can resolve to a location that is outside of that directory.