CWE-507 |
The software appears to contain benign or useful functionality, but it also contains code that is hidden from normal operation that violates the intended security policy of the user or the system administrator. |
CWE-508 |
Non-replicating malicious code only resides on the target system or software that is attacked; it does not attempt to spread to other systems. |
CWE-509 |
Replicating malicious code, including viruses and worms, will attempt to attack other systems once it has successfully compromised the target system or software. |
CWE-51 |
A software system that accepts path input in the form of multiple internal slash ('/multiple//internal/slash/') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
CWE-510 |
A trapdoor is a hidden piece of code that responds to a special input, allowing its user access to resources without passing through the normal security enforcement mechanism. |
CWE-511 |
The software contains code that is designed to disrupt the legitimate operation of the software (or its environment) when a certain time passes, or when a certain logical condition is met. |
CWE-512 |
The software collects personally identifiable information about a human user or the user's activities, but the software accesses this information using other resources besides itself, and it does not require that user's explicit approval or direct input into the software. |
CWE-514 |
A covert channel is a path that can be used to transfer information in a way not intended by the system's designers. |
CWE-515 |
A covert storage channel transfers information through the setting of bits by one program and the reading of those bits by another. What distinguishes this case from that of ordinary operation is that the bits are used to convey encoded information. |
CWE-516 |
This weakness can be found at CWE-385. |