CWE dictionary
CWEid
Name
 
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-264
Permissions, Privileges, and Access Controls
CWE-352
Cross-Site Request Forgery (CSRF)
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-20
Improper Input Validation
CWE-200
Information Exposure
CWE-287
Improper Authentication
CWE-399
Resource Management Errors
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-189
Numeric Errors
CWE-310
Cryptographic Issues
CWE-255
Credentials Management
CWE-134
Uncontrolled Format String
CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE-476
NULL Pointer Dereference
CWE-121
Stack-based Buffer Overflow
CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE-284
Improper Access Control
CWE-16
Configuration
CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-123
Write-what-where Condition
CWE-276
Incorrect Default Permissions
CWE-285
Improper Authorization
CWE-306
Missing Authentication for Critical Function
CWE-434
Unrestricted Upload of File with Dangerous Type
CWE-592
Authentication Bypass Issues
CWE-611
Information Exposure Through XML External Entity Reference
CWE-73
External Control of File Name or Path
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-321
Use of Hard-coded Cryptographic Key
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
CWE-522
Insufficiently Protected Credentials
CWE-129
Improper Validation of Array Index
CWE-427
Uncontrolled Search Path Element
CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-122
Heap-based Buffer Overflow
CWE-190
Integer Overflow or Wraparound
CWE-256
Plaintext Storage of a Password
CWE-259
Use of Hard-coded Password
CWE-295
Certificate Issues
CWE-384
Session Fixation
CWE-428
Unquoted Search Path or Element
CWE-23
Relative Path Traversal
CWE-36
Absolute Path Traversal
CWE-201
Information Exposure Through Sent Data
CWE-208
Information Exposure Through Timing Discrepancy
CWE-209
Information Exposure Through an Error Message
CWE-219
Sensitive Data Under Web Root
CWE-269
Improper Privilege Management
CWE-302
Authentication Bypass by Assumed-Immutable Data
CWE-307
Improper Restriction of Excessive Authentication Attempts
CWE-316
Plaintext Storage in Memory
CWE-319
Cleartext Transmission of Sensitive Information
CWE-345
Insufficient Verification of Data Authenticity
CWE-404
Improper Resource Shutdown or Release

Copyright 2016, cxsecurity.com