Pretraži prema CWE oznaci - CERT CVE

CWE lista

CWE ID Opis
CWE-547 The program uses hard-coded constants instead of symbolic names for security-critical values, which increases the likelihood of mistakes during code maintenance or security policy change.
CWE-548 A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.
CWE-549 The software does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.
CWE-55 A software system that accepts path input in the form of single dot directory exploit ('/./') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
CWE-550 Certain conditions, such as network failure, will cause a server error message to be displayed.
CWE-551 If a web server does not fully parse requested URLs before it examines them for authorization, it may be possible for an attacker to bypass authorization protection.
CWE-552 The product makes files or directories accessible to unauthorized actors, even though they should not be.
CWE-553 A possible shell file exists in /cgi-bin/ or other accessible directories. This is extremely dangerous and can be used by an attacker to execute commands on the web server.
CWE-554 The ASP.NET application does not use an input validation framework.
CWE-555 The J2EE application stores a plaintext password in a configuration file.