Lopseg/vuln_list.txt

## vuln_list.txt
Account Hijacking
Allocation of Resources Without Limits or Throttling - CWE-770
Array Index Underflow - CWE-129
Authentication Bypass Using an Alternate Path or Channel - CWE-288
Brute Force - CWE-307
Buffer Over-read - CWE-126
Buffer Underflow - CWE-124
Buffer Under-read - CWE-127
Business Logic Errors - CWE-840
Classic Buffer Overflow - CWE-120
Cleartext Storage of Sensitive Information - CWE-312
Cleartext Transmission of Sensitive Information - CWE-319
Client-Side Enforcement of Server-Side Security - CWE-602
Code Injection - CWE-94
Command Injection - Generic - CWE-77
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') - CWE-362
CRLF Injection - CWE-93
Cross-Site Request Forgery (CSRF) - CWE-352
Cross-site Scripting (XSS) - DOM - CWE-79
Cross-site Scripting (XSS) - Generic - CWE-79
Cross-site Scripting (XSS) - Reflected - CWE-79
Cross-site Scripting (XSS) - Stored - CWE-79
Cryptographic Issues - Generic - CWE-310
Denial of Service- CWE-400
Deserialization of Untrusted Data - CWE-502
Double Free - CWE-415
Download of Code Without Integrity Check - CWE-494
Embedded Malicious Code - CWE-506
Execution with Unnecessary Privileges - CWE-250
Exposed Dangerous Method or Function - CWE-749
External Control of Critical State Data - CWE-642
Externally Controlled Reference to a Resource in Another Sphere - CWE-610
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) - CWE-75
File and Directory Information Exposure - CWE-538
Forced Browsing - CWE-425
Fraud
Heap Overflow - CWE-122
HTTP Request Smuggling - CWE-444
HTTP Response Splitting - CWE-113
Improper Access Control - Generic - CWE-284
Improper Authentication
Improper Authentication - Generic - CWE-287
Improper Authorization - CWE-285
Improper Certificate Validation - CWE-295
Improper Check or Handling of Exceptional Conditions - CWE-703
Improper Export of Android Application Components - CWE-926
Improper Following of a Certificate's Chain of Trust - CWE-296
Improper Handling of Highly Compressed Data (Data Amplification) - CWE-409
Improper Handling of Insufficient Permissions or Privileges - CWE-280
Improper Handling of URL Encoding (Hex Encoding) - CWE-177
Improper Export of Android Application Components - CWE-926
Improper Following of a Certificate's Chain of Trust - CWE-296
Improper Handling of Highly Compressed Data (Data Amplification) - CWE-409
Improper Handling of Insufficient Permissions or Privileges - CWE-280
Improper Handling of URL Encoding (Hex Encoding) - CWE-177
Improper Input Validation - CWE-20
Improper Neutralization of Escape, Meta, or Control Sequences - CWE-150
Improper Neutralization of HTTP Headers for Scripting Syntax - CWE-644
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - CWE-80
Improper Null Termination - CWE-170
Improper Privilege Management - CWE-269
Inadequate Encryption Strength - CWE-326
Inclusion of Functionality from Untrusted Control Sphere - CWE-829
Incomplete Blacklist - CWE-184
Incorrect Authorization - CWE-863
Incorrect Calculation of Buffer Size - CWE-131
Incorrect Comparison - CWE-697
Incorrect Permission Assignment for Critical Resource - CWE-732
Information Disclosure - CWE-200
Information Exposure Through an Error Message - CWE-209
Information Exposure Through Debug Information - CWE-215
Information Exposure Through Directory Listing - CWE-548
Information Exposure Through Discrepancy - CWE-203
Information Exposure Through Sent Data - CWE-201
Information Exposure Through Timing Discrepancy - CWE-208
Insecure Direct Object Reference (IDOR) - CWE-639
Insecure Storage of Sensitive Information - CWE-922
Insecure Temporary File - CWE-377
Insufficient Session Expiration - CWE-613
Insufficiently Protected Credentials - CWE-522
Integer Overflow - CWE-190
Integer Underflow - CWE-191
Key Exchange without Entity Authentication - CWE-322
LDAP Injection - CWE-90
Leftover Debug Code (Backdoor) - CWE-489
Malware - CAPEC-549
Man-in-the-Middle - CWE-300
Memory Corruption - Generic - CWE-119
Misconfiguration - CWE-16
Missing Authentication for Critical Function - CWE-306
Missing Authorization - CWE-862
Missing Encryption of Sensitive Data - CWE-311
Missing Required Cryptographic Step - CWE-325
Modification of Assumed-Immutable Data (MAID) - CWE-471
NULL Pointer Dereference - CWE-476
Off-by-one Error - CWE-193
Open Redirect - CWE-601
OS Command Injection - CWE-78
Out-of-bounds Read - CWE-125
Password in Configuration File - CWE-260
Path Traversal - CWE-22
Path Traversal - CWE-35
Phishing - CAPEC-98
Plaintext Storage of a Password - CWE-256
Privacy Violation - CWE-359
Privilege Escalation - CAPEC-233
Relative Path Traversal - CWE-23
Reliance on Cookies without Validation and Integrity Checking in a Security Decision - CWE-784
Reliance on Reverse DNS Resolution for a Security-Critical Action - CWE-350
Reliance on Untrusted Inputs in a Security Decision - CWE-807
Remote File Inclusion - CWE-98
Replicating Malicious Code (Virus or Worm) - CWE-509
Resource Injection - CWE-99
Reusing a Nonce, Key Pair in Encryption - CWE-323
Reversible One-Way Hash - CWE-328
Scams
Security Through Obscurity - CWE-656
Server-Side Request Forgery (SSRF) - CWE-918
Session Fixation - CWE-384
Spam
SQL Injection - CWE-89
Stack Overflow - CWE-121
Storing Passwords in a Recoverable Format - CWE-257
Time-of-check Time-of-use (TOCTOU) Race Condition - CWE-367
Trust of System Event Data - CWE-360
Type Confusion - CWE-843
UI Redressing (Clickjacking) - CAPEC-103
Unchecked Error Condition - CWE-391
Uncontrolled Recursion - CWE-674
Unprotected Transport of Credentials - CWE-523
Unrestricted Upload of File with Dangerous Type - CWE-434
Untrusted Search Path - CWE-426
Unverified Password Change - CWE-620
Use After Free - CWE-416
Use of a Broken or Risky Cryptographic Algorithm - CWE-327
Use of a Key Past its Expiration Date - CWE-324
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) - CWE-338
Use of Externally-Controlled Format String - CWE-134
Use of Hard-coded Credentials - CWE-798
Use of Hard-coded Cryptographic Key - CWE-321
Use of Hard-coded Password - CWE-259
Use of Inherently Dangerous Function - CWE-242
Use of Insufficiently Random Values - CWE-330
User Interface (UI) Misrepresentation of Critical Information - CWE-451
Violation of Secure Design Principles - CWE-657
Weak Cryptography for Passwords - CWE-261
Weak Password Recovery Mechanism for Forgotten Password - CWE-640
Wrap-around Error - CWE-128
Write-what-where Condition - CWE-123
XML Entity Expansion - CWE-776
XML External Entities (XXE) - CWE-611
XML Injection - CWE-91
XSS - Reflected
XSS Using MIME Type Mismatch - CAPEC-209
	Account Hijacking
	Allocation of Resources Without Limits or Throttling - CWE-770
	Array Index Underflow - CWE-129
	Authentication Bypass Using an Alternate Path or Channel - CWE-288
	Brute Force - CWE-307
	Buffer Over-read - CWE-126
	Buffer Underflow - CWE-124
	Buffer Under-read - CWE-127
	Business Logic Errors - CWE-840
	Classic Buffer Overflow - CWE-120
	Cleartext Storage of Sensitive Information - CWE-312
	Cleartext Transmission of Sensitive Information - CWE-319
	Client-Side Enforcement of Server-Side Security - CWE-602
	Code Injection - CWE-94
	Command Injection - Generic - CWE-77
	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') - CWE-362
	CRLF Injection - CWE-93
	Cross-Site Request Forgery (CSRF) - CWE-352
	Cross-site Scripting (XSS) - DOM - CWE-79
	Cross-site Scripting (XSS) - Generic - CWE-79
	Cross-site Scripting (XSS) - Reflected - CWE-79
	Cross-site Scripting (XSS) - Stored - CWE-79
	Cryptographic Issues - Generic - CWE-310
	Denial of Service- CWE-400
	Deserialization of Untrusted Data - CWE-502
	Double Free - CWE-415
	Download of Code Without Integrity Check - CWE-494
	Embedded Malicious Code - CWE-506
	Execution with Unnecessary Privileges - CWE-250
	Exposed Dangerous Method or Function - CWE-749
	External Control of Critical State Data - CWE-642
	Externally Controlled Reference to a Resource in Another Sphere - CWE-610
	Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) - CWE-75
	File and Directory Information Exposure - CWE-538
	Forced Browsing - CWE-425
	Fraud
	Heap Overflow - CWE-122
	HTTP Request Smuggling - CWE-444
	HTTP Response Splitting - CWE-113
	Improper Access Control - Generic - CWE-284
	Improper Authentication
	Improper Authentication - Generic - CWE-287
	Improper Authorization - CWE-285
	Improper Certificate Validation - CWE-295
	Improper Check or Handling of Exceptional Conditions - CWE-703
	Improper Export of Android Application Components - CWE-926
	Improper Following of a Certificate's Chain of Trust - CWE-296
	Improper Handling of Highly Compressed Data (Data Amplification) - CWE-409
	Improper Handling of Insufficient Permissions or Privileges - CWE-280
	Improper Handling of URL Encoding (Hex Encoding) - CWE-177
	Improper Export of Android Application Components - CWE-926
	Improper Following of a Certificate's Chain of Trust - CWE-296
	Improper Handling of Highly Compressed Data (Data Amplification) - CWE-409
	Improper Handling of Insufficient Permissions or Privileges - CWE-280
	Improper Handling of URL Encoding (Hex Encoding) - CWE-177
	Improper Input Validation - CWE-20
	Improper Neutralization of Escape, Meta, or Control Sequences - CWE-150
	Improper Neutralization of HTTP Headers for Scripting Syntax - CWE-644
	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - CWE-80
	Improper Null Termination - CWE-170
	Improper Privilege Management - CWE-269
	Inadequate Encryption Strength - CWE-326
	Inclusion of Functionality from Untrusted Control Sphere - CWE-829
	Incomplete Blacklist - CWE-184
	Incorrect Authorization - CWE-863
	Incorrect Calculation of Buffer Size - CWE-131
	Incorrect Comparison - CWE-697
	Incorrect Permission Assignment for Critical Resource - CWE-732
	Information Disclosure - CWE-200
	Information Exposure Through an Error Message - CWE-209
	Information Exposure Through Debug Information - CWE-215
	Information Exposure Through Directory Listing - CWE-548
	Information Exposure Through Discrepancy - CWE-203
	Information Exposure Through Sent Data - CWE-201
	Information Exposure Through Timing Discrepancy - CWE-208
	Insecure Direct Object Reference (IDOR) - CWE-639
	Insecure Storage of Sensitive Information - CWE-922
	Insecure Temporary File - CWE-377
	Insufficient Session Expiration - CWE-613
	Insufficiently Protected Credentials - CWE-522
	Integer Overflow - CWE-190
	Integer Underflow - CWE-191
	Key Exchange without Entity Authentication - CWE-322
	LDAP Injection - CWE-90
	Leftover Debug Code (Backdoor) - CWE-489
	Malware - CAPEC-549
	Man-in-the-Middle - CWE-300
	Memory Corruption - Generic - CWE-119
	Misconfiguration - CWE-16
	Missing Authentication for Critical Function - CWE-306
	Missing Authorization - CWE-862
	Missing Encryption of Sensitive Data - CWE-311
	Missing Required Cryptographic Step - CWE-325
	Modification of Assumed-Immutable Data (MAID) - CWE-471
	NULL Pointer Dereference - CWE-476
	Off-by-one Error - CWE-193
	Open Redirect - CWE-601
	OS Command Injection - CWE-78
	Out-of-bounds Read - CWE-125
	Password in Configuration File - CWE-260
	Path Traversal - CWE-22
	Path Traversal - CWE-35
	Phishing - CAPEC-98
	Plaintext Storage of a Password - CWE-256
	Privacy Violation - CWE-359
	Privilege Escalation - CAPEC-233
	Relative Path Traversal - CWE-23
	Reliance on Cookies without Validation and Integrity Checking in a Security Decision - CWE-784
	Reliance on Reverse DNS Resolution for a Security-Critical Action - CWE-350
	Reliance on Untrusted Inputs in a Security Decision - CWE-807
	Remote File Inclusion - CWE-98
	Replicating Malicious Code (Virus or Worm) - CWE-509
	Resource Injection - CWE-99
	Reusing a Nonce, Key Pair in Encryption - CWE-323
	Reversible One-Way Hash - CWE-328
	Scams
	Security Through Obscurity - CWE-656
	Server-Side Request Forgery (SSRF) - CWE-918
	Session Fixation - CWE-384
	Spam
	SQL Injection - CWE-89
	Stack Overflow - CWE-121
	Storing Passwords in a Recoverable Format - CWE-257
	Time-of-check Time-of-use (TOCTOU) Race Condition - CWE-367
	Trust of System Event Data - CWE-360
	Type Confusion - CWE-843
	UI Redressing (Clickjacking) - CAPEC-103
	Unchecked Error Condition - CWE-391
	Uncontrolled Recursion - CWE-674
	Unprotected Transport of Credentials - CWE-523
	Unrestricted Upload of File with Dangerous Type - CWE-434
	Untrusted Search Path - CWE-426
	Unverified Password Change - CWE-620
	Use After Free - CWE-416
	Use of a Broken or Risky Cryptographic Algorithm - CWE-327
	Use of a Key Past its Expiration Date - CWE-324
	Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) - CWE-338
	Use of Externally-Controlled Format String - CWE-134
	Use of Hard-coded Credentials - CWE-798
	Use of Hard-coded Cryptographic Key - CWE-321
	Use of Hard-coded Password - CWE-259
	Use of Inherently Dangerous Function - CWE-242
	Use of Insufficiently Random Values - CWE-330
	User Interface (UI) Misrepresentation of Critical Information - CWE-451
	Violation of Secure Design Principles - CWE-657
	Weak Cryptography for Passwords - CWE-261
	Weak Password Recovery Mechanism for Forgotten Password - CWE-640
	Wrap-around Error - CWE-128
	Write-what-where Condition - CWE-123
	XML Entity Expansion - CWE-776
	XML External Entities (XXE) - CWE-611
	XML Injection - CWE-91
	XSS - Reflected
	XSS Using MIME Type Mismatch - CAPEC-209