Pretraži prema CWE oznaci - CERT CVE

CWE lista

CWE ID Opis
CWE-529 The product stores access control list files in a directory or other container that is accessible to actors outside of the intended control sphere.
CWE-53 A software system that accepts path input in the form of multiple internal backslash ('\multiple\trailing\\slash') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
CWE-530 A backup file is stored in a directory or archive that is made accessible to unauthorized actors.
CWE-531 Accessible test applications can pose a variety of security risks. Since developers or administrators rarely consider that someone besides themselves would even know about the existence of these applications, it is common for them to contain sensitive information or functions.
CWE-532 Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
CWE-533 This entry has been deprecated because its abstraction was too low-level. See CWE-532.
CWE-534 This entry has been deprecated because its abstraction was too low-level. See CWE-532.
CWE-535 A command shell error message indicates that there exists an unhandled exception in the web application code. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system.
CWE-536 A servlet error message indicates that there exists an unhandled exception in your web application code and may provide useful information to an attacker.
CWE-537 In many cases, an attacker can leverage the conditions that cause unhandled exception errors in order to gain unauthorized access to the system.