Buffer Errors weakness describes improper restriction of operations within the bounds of a memory buffer. Table of Content 1. Description 2. Potential impact 3. Attack patterns 4. Affected software 5. Severity and CVSS Scoring 1. Description ……………………………… Buffer errors are common for software that performs operations on a memory buffer. Due to the…

Improper Handling of Length Parameter Inconsistency is a security weakness that describes improper handling of a length field for associated data. Table of Content 1. Description 2. Potential impact 3. Attack patterns 4. Affected software 5. Severity and CVSS Scoring 1. Description ……………………………… This weakness describes a situation when the length of attacker-controlled…

Off-by-one error occurs when a program uses an improper maximum or minimum value that is one more or one less than the proper value. Table of Content 1. Description 2. Potential impact 3. Attack patterns 4. Affected software 5. Severity and CVSS Scoring 1. Description ……………………………… An off-by-one condition is a logic error…

PHP File Inclusion weakness describes improper control of filename within Include() or Require() statements in a PHP program. Table of Content 1. Description 2. Potential impact 3. Attack patterns 4. Affected software 5. Exploitation Examples 6. Severity and CVSS Scoring 1. Description ……………………………… This weakness occurs when a PHP application receives input and…

Code Injection weakness describes improper control of code generation. Table of Content 1. Description 2. Potential impact 3. Attack patterns 4. Affected software 5. Exploitation Examples 6. Severity and CVSS Scoring 1. Description ……………………………… This weakness describes a situation where the software uses untrusted input to contrast all parts of code and does…

XML Injection weakness describes improper neutralization of special elements used in XML queries. Table of Content 1. Description 2. Potential impact 3. Attack patterns 4. Affected software 5. Severity and CVSS Scoring 1. Description ……………………………… A variety of popular software (Apache Tomcat, OpenOffice, Microsoft Office, IM Jabber, Zend Framework, IBM WebSphere) uses eXtensible…

LDAP Injection weakness describes improper neutralization of special elements used in LDAP queries. Table of Content 1. Description 2. Potential impact 3. Attack patterns 4. Affected software 5. Severity and CVSS Scoring 1. Description ……………………………… This weakness describes a case where software does not properly validate external input before using it to construct…

SQL Injection is a weakness that is caused by improper neutralization of special elements used in an SQL query. Table of Content 1. Description 2. Potential impact 3. Attack patterns 4. Affected software 5. Exploitation Examples 6. Severity and CVSS Scoring 1. Description ……………………………… The basic form of SQL injection describes the direct…

Improper Handling of Undefined Parameters describes a case when an application uses an undefined parameter, field, or argument. Table of Content 1. Description 2. Potential impact 3. Attack patterns 4. Affected software 5. Severity and CVSS Scoring 1. Description ……………………………… This weakness occurs when software performs actions on parameters, fields, or arguments that…