HTTP Response Splitting [CWE-113] — The HacktivistsHTTP Response Splitting weakness describes improper neutralization of CRLF sequences in HTTP headers.May 24, 2022May 24, 2022
Buffer Errors [CWE-119] — The HacktivistsBuffer Errors weakness describes improper restriction of operations within the bounds of a memory buffer.May 24, 2022May 24, 2022
Improper Handling of Length Parameter Inconsistency [CWE-130] — The HacktivistsImproper Handling of Length Parameter Inconsistency is a security weakness that describes improper handling of a length field for…May 24, 2022May 24, 2022
Off-by-one Error [CWE-193] — The HacktivistsOff-by-one error occurs when a program uses an improper maximum or minimum value that is one more or one less than the proper value.May 24, 2022May 24, 2022
PHP File Inclusion [CWE-98] — The HacktivistsPHP File Inclusion weakness describes improper control of filename within Include() or Require() statements in a PHP program.May 24, 2022May 24, 2022
Code Injection [CWE-94] — The HacktivistsCode Injection weakness describes improper control of code generation.May 24, 2022May 24, 2022
XML Injection [CWE-91] — The HacktivistsXML Injection weakness describes improper neutralization of special elements used in XML queries.May 24, 2022May 24, 2022
LDAP Injection [CWE-90] — The HacktivistsLDAP Injection weakness describes improper neutralization of special elements used in LDAP queries.May 24, 2022May 24, 2022
SQL Injection [CWE-89] — The HacktivistsSQL Injection is a weakness that is caused by improper neutralization of special elements used in an SQL query.May 24, 2022May 24, 2022
Published inSystem WeaknessImproper Handling of Undefined Parameters [CWE-236] — The HacktivistsImproper Handling of Undefined Parameters describes a case when an application uses an undefined parameter, field, or argument.May 11, 2022May 11, 2022
Incorrect Default Permissions [CWE-276] — The HacktivistsIncorrect Default Permissions weakness describes a case where software sets insecure permissions to objects on a system.May 11, 2022May 11, 2022
Improper Access Control [CWE-284] — The HacktivistsImproper Access Control weakness describes a failure in the AAA security model.May 11, 2022May 11, 2022
Session Fixation [CWE-384] — The HacktivistsSession Fixation weakness describes a case where an application incorrectly handles session identifiers when establishing new sessions.May 11, 2022May 11, 2022
Cross-Site Scripting — XSS [CWE-79] — The HacktivistsCross-Site scripting or XSS is a weakness that is caused by improper neutralization of input during web page generation.May 11, 2022May 11, 2022
Improper Authentication [CWE-287] — The HacktivistsImproper Authentication weakness describes improper mechanisms of user’s identity verification.Mar 19, 2021Mar 19, 2021
Improper Authorization [CWE-285] — The HacktivistsImproper Authorization weakness describes improper mechanisms of user’s authorization.Mar 18, 2021Mar 18, 2021
Improper Validation of Certificate with Host Mismatch [CWE-297] — The HacktivistsThis weakness describes Improper Validation of Certificate with Host Mismatch.Mar 18, 2021Mar 18, 2021
Missing Authentication for Critical Function [CWE-306] — The HacktivistsThis weakness describes Missing Authentication for Critical Function.Mar 17, 2021Mar 17, 2021
Cleartext Storage of Sensitive Information [CWE-312] — The HacktivistsCleartext Storage of Sensitive Information weakness describes a case where sensitive information is stored in clear text in location…Mar 17, 2021Mar 17, 2021
Unrestricted Upload of File with Dangerous Type [CWE-434]— The HacktivistsArbitrary file upload weakness describes improper or absent validation of file types when uploading files.Mar 16, 2021Mar 16, 2021