| CWE-654 |
Reliance on a Single Factor in a Security Decision |
|
|
| CWE-653 |
Insufficient Compartmentalization |
|
|
| CWE-652 |
Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') |
|
|
| CWE-651 |
Exposure of WSDL File Containing Sensitive Information |
|
|
| CWE-650 |
Trusting HTTP Permission Methods on the Server Side |
|
|
| CWE-65 |
Windows Hard Link |
|
|
| CWE-649 |
Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking |
|
|
| CWE-648 |
Incorrect Use of Privileged APIs |
|
|
| CWE-647 |
Use of Non-Canonical URL Paths for Authorization Decisions |
|
|
| CWE-646 |
Reliance on File Name or Extension of Externally-Supplied File |
|
|
| CWE-645 |
Overly Restrictive Account Lockout Mechanism |
|
|
| CWE-644 |
Improper Neutralization of HTTP Headers for Scripting Syntax |
|
|
| CWE-643 |
Improper Neutralization of Data within XPath Expressions ('XPath Injection') |
|
|
| CWE-642 |
External Control of Critical State Data |
|
|
| CWE-641 |
Improper Restriction of Names for Files and Other Resources |
|
|
| CWE-640 |
Weak Password Recovery Mechanism for Forgotten Password |
|
|
| CWE-64 |
Windows Shortcut Following (.LNK) |
|
|
| CWE-639 |
Authorization Bypass Through User-Controlled Key |
|
|
| CWE-638 |
Not Using Complete Mediation |
|
|
| CWE-637 |
Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') |
|
|
