Search
Weaknesses
| CWE | Weakness | Actions |
|---|---|---|
| CWE-256 |
Plaintext Storage of a Password
The product stores a password in plaintext within resources such as memory or files. |
|
| CWE-842 |
Placement of User into Incorrect Group
The product or the administrator places a user into an incorrect group. |
|
| CWE-1097 |
Persistent Storable Data Element without Associated Comparison Control Element
The product uses a storable data element that does not have all of the associated functions or methods that are necessary to support comparison. |
|
| CWE-625 |
Permissive Regular Expression
The product uses a regular expression that does not sufficiently restrict the set of allowed values. |
|
| CWE-183 |
Permissive List of Allowed Inputs
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses. |
|
| CWE-942 |
Permissive Cross-domain Security Policy with Untrusted Domains
The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate. |
|
| CWE-689 |
Permission Race Condition During Resource Copy
The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the resource exposed to other spheres while the copy is taking place. |
|
| CWE-31 |
Path Traversal: 'dir\..\..\filename'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize 'dir\..\..\filename' (multiple internal backslash dot dot) sequences that can resolve to a location that is outside of that directory. |
|
| CWE-27 |
Path Traversal: 'dir/../../filename'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal "../" sequences that can resolve to a location that is outside of that directory. |
|
| CWE-30 |
Path Traversal: '\dir\..\filename'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\dir\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory. |
|
| CWE-38 |
Path Traversal: '\absolute\pathname\here'
The product accepts input in the form of a backslash absolute path ('\absolute\pathname\here') without appropriate validation, which can allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
|
| CWE-40 |
Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
The product accepts input that identifies a Windows UNC share ('\\UNC\share\name') that potentially redirects access to an unintended location or arbitrary file. |
|
| CWE-29 |
Path Traversal: '\..\filename'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory. |
|
| CWE-39 |
Path Traversal: 'C:dirname'
The product accepts input that contains a drive letter or Windows volume letter ('C:dirname') that potentially redirects access to an unintended location or arbitrary file. |
|
| CWE-26 |
Path Traversal: '/dir/../filename'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/dir/../filename" sequences that can resolve to a location that is outside of that directory. |
|
| CWE-37 |
Path Traversal: '/absolute/pathname/here'
The product accepts input in the form of a slash absolute path ('/absolute/pathname/here') without appropriate validation, which can allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
|
| CWE-25 |
Path Traversal: '/../filedir'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/../" sequences that can resolve to a location that is outside of that directory. |
|
| CWE-28 |
Path Traversal: '..\filedir'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "..\" sequences that can resolve to a location that is outside of that directory. |
|
| CWE-24 |
Path Traversal: '../filedir'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory. |
|
| CWE-35 |
Path Traversal: '.../...//'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. |