|
Object Injection
|
34/100 |
moderate-risk
|
|
Command Delimiters
|
33/100 |
moderate-risk
|
|
Buffer Manipulation
|
27/100 |
low-risk
|
|
Path Traversal
|
26/100 |
low-risk
|
|
Argument Injection
|
23/100 |
low-risk
|
|
Command Injection
|
22/100 |
low-risk
|
|
IMAP/SMTP Command Injection
|
22/100 |
low-risk
|
|
OS Command Injection
|
22/100 |
low-risk
|
|
Manipulating Writeable Terminal Devices
|
22/100 |
low-risk
|
|
Detect Unpublicized Web Services
|
21/100 |
low-risk
|
|
Detect Unpublicized Web Pages
|
21/100 |
low-risk
|
|
Code Injection
|
21/100 |
low-risk
|
|
Overflow Buffers
|
21/100 |
low-risk
|
|
Overflow Binary Resource File
|
21/100 |
low-risk
|
|
Exploiting Multiple Input Interpretation Layers
|
20/100 |
low-risk
|
|
Communication Channel Manipulation
|
19/100 |
low-risk
|
|
Force the System to Reset Values
|
19/100 |
low-risk
|
|
Manipulating Writeable Configuration Files
|
18/100 |
low-risk
|
|
Choosing Message Identifier
|
18/100 |
low-risk
|
|
Leverage Executable Code in Non-Executable Files
|
18/100 |
low-risk
|
|
Infected Software
|
18/100 |
low-risk
|
|
Command Line Execution through SQL Injection
|
18/100 |
low-risk
|
|
Embed Virus into DLL
|
18/100 |
low-risk
|
|
DLL Side-Loading
|
18/100 |
low-risk
|
|
Redirect Access to Libraries
|
18/100 |
low-risk
|
|
Hiding Malicious Data or Code within Files
|
18/100 |
low-risk
|
|
Create files with the same name as files protected with a higher classification
|
18/100 |
low-risk
|
|
Using Unpublished Interfaces or Functionality
|
17/100 |
low-risk
|
|
Fake the Source of Data
|
17/100 |
low-risk
|
|
Authentication Bypass
|
17/100 |
low-risk
|
|
Authentication Abuse
|
17/100 |
low-risk
|
|
Session Hijacking
|
17/100 |
low-risk
|
|
Token Impersonation
|
17/100 |
low-risk
|
|
Upload a Web Shell to a Web Server
|
17/100 |
low-risk
|
|
Manipulating Web Input to File System Calls
|
17/100 |
low-risk
|
|
Identity Spoofing
|
17/100 |
low-risk
|
|
Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
|
16/100 |
low-risk
|
|
Using Slashes in Alternate Encoding
|
16/100 |
low-risk
|
|
Manipulating User-Controlled Variables
|
16/100 |
low-risk
|
|
Parameter Injection
|
16/100 |
low-risk
|
|
HTTP Parameter Pollution (HPP)
|
16/100 |
low-risk
|
|
MIME Conversion
|
16/100 |
low-risk
|
|
Flash Parameter Injection
|
16/100 |
low-risk
|
|
Data Serialization External Entities Blowup
|
16/100 |
low-risk
|
|
Buffer Overflow in an API Call
|
15/100 |
low-risk
|
|
Using Slashes and URL Encoding Combined to Bypass Validation Logic
|
15/100 |
low-risk
|
|
Buffer Overflow via Symbolic Links
|
15/100 |
low-risk
|
|
Client-side Injection-induced Buffer Overflow
|
15/100 |
low-risk
|
|
Filter Failure through Buffer Overflow
|
15/100 |
low-risk
|
|
Using Escaped Slashes in Alternate Encoding
|
15/100 |
low-risk
|
|
Exploiting Trust in Client
|
15/100 |
low-risk
|
|
Buffer Overflow via Parameter Expansion
|
15/100 |
low-risk
|
|
LDAP Injection
|
15/100 |
low-risk
|
|
Buffer Overflow in Local Command-Line Utilities
|
15/100 |
low-risk
|
|
Overflow Variables and Tags
|
15/100 |
low-risk
|
|
Buffer Overflow via Environment Variables
|
15/100 |
low-risk
|
|
Inclusion of Code in Existing Process
|
14/100 |
low-risk
|
|
Identify Shared Files/Directories on System
|
14/100 |
low-risk
|
|
Peripheral Footprinting
|
14/100 |
low-risk
|
|
Eavesdropping
|
14/100 |
low-risk
|
|
Root/Jailbreak Detection Evasion via Hooking
|
14/100 |
low-risk
|
|
ICMP Echo Request Ping
|
14/100 |
low-risk
|
|
Install Malicious Extension
|
14/100 |
low-risk
|
|
Footprinting
|
14/100 |
low-risk
|
|
Excavation
|
14/100 |
low-risk
|
|
ICMP Error Message Echoing Integrity Probe
|
14/100 |
low-risk
|
|
PHP Local File Inclusion
|
14/100 |
low-risk
|
|
Code Inclusion
|
14/100 |
low-risk
|
|
ICMP Error Message Quoting Probe
|
14/100 |
low-risk
|
|
TCP 'RST' Flag Checksum Probe
|
14/100 |
low-risk
|
|
TCP Options Probe
|
14/100 |
low-risk
|
|
TCP Initial Window Size Probe
|
14/100 |
low-risk
|
|
Adversary in the Middle (AiTM)
|
14/100 |
low-risk
|
|
TCP Congestion Control Flag (ECN) Probe
|
14/100 |
low-risk
|
|
TCP (ISN) Sequence Predictability Probe
|
14/100 |
low-risk
|
|
TCP (ISN) Counter Rate Probe
|
14/100 |
low-risk
|
|
TCP (ISN) Greatest Common Divisor Probe
|
14/100 |
low-risk
|
|
TCP Sequence Number Probe
|
14/100 |
low-risk
|
|
TCP Timestamp Probe
|
14/100 |
low-risk
|
|
IP (DF) 'Don't Fragment Bit' Echoing Probe
|
14/100 |
low-risk
|
|
IP 'ID' Echoed Byte-Order Probe
|
14/100 |
low-risk
|
|
IP ID Sequencing Probe
|
14/100 |
low-risk
|
|
Passive OS Fingerprinting
|
14/100 |
low-risk
|
|
Account Footprinting
|
14/100 |
low-risk
|
|
Absolute Path Traversal
|
14/100 |
low-risk
|
|
Process Footprinting
|
14/100 |
low-risk
|
|
Remote Code Inclusion
|
14/100 |
low-risk
|
|
Local Execution of Code
|
14/100 |
low-risk
|
|
Shoulder Surfing
|
14/100 |
low-risk
|
|
File Discovery
|
14/100 |
low-risk
|
|
Establish Rogue Location
|
14/100 |
low-risk
|
|
Passing Local Filenames to Functions That Expect a URL
|
14/100 |
low-risk
|
|
Accessing Functionality Not Properly Constrained by ACLs
|
14/100 |
low-risk
|
|
Browser Fingerprinting
|
14/100 |
low-risk
|
|
DTD Injection
|
14/100 |
low-risk
|
|
Owner Footprinting
|
14/100 |
low-risk
|
|
Group Permission Footprinting
|
14/100 |
low-risk
|
|
Services Footprinting
|
14/100 |
low-risk
|
|
Active OS Fingerprinting
|
14/100 |
low-risk
|
|
Scanning for Vulnerable Software
|
14/100 |
low-risk
|