CSURFACE
THREAT SENSOR
Home
Analytics
News
About
Tools
Constellation
Libraries
CWE
CAPEC
MITRE ATT&CK
MITRE D3FEND
OWASP Top 10
Ransomware Groups
References
Support
EN
|
PT
CAPEC Library
Common Attack Pattern Enumeration
All
Meta
High-level categories
Standard
Specific patterns
Detailed
Implementation-level
CAPEC-1
Accessing Functionality Not Properly Constrained by ACLs
High
High
CAPEC-2
Inducing Account Lockout
Medium
High
CAPEC-3
Using Leading 'Ghost' Character Sequences to Bypass Input Filters
Medium
Medium
CAPEC-4
Using Alternative IP Address Encodings
High
Medium
CAPEC-5
Blue Boxing
Very High
Medium
CAPEC-6
Argument Injection
High
High
CAPEC-7
Blind SQL Injection
High
High
CAPEC-8
Buffer Overflow in an API Call
High
High
CAPEC-9
Buffer Overflow in Local Command-Line Utilities
High
High
CAPEC-10
Buffer Overflow via Environment Variables
High
High
CAPEC-11
Cause Web Server Misclassification
High
Medium
CAPEC-12
Choosing Message Identifier
High
High
CAPEC-13
Subverting Environment Variable Values
Very High
High
CAPEC-14
Client-side Injection-induced Buffer Overflow
High
Medium
CAPEC-15
Command Delimiters
High
High
CAPEC-16
Dictionary-based Password Attack
High
Medium
CAPEC-17
Using Malicious Files
Very High
High
CAPEC-18
XSS Targeting Non-Script Elements
Very High
High
CAPEC-19
Embedding Scripts within Scripts
High
High
CAPEC-20
Encryption Brute Forcing
Low
Low
CAPEC-21
Exploitation of Trusted Identifiers
High
High
CAPEC-22
Exploiting Trust in Client
High
High
CAPEC-23
File Content Injection
Very High
High
CAPEC-24
Filter Failure through Buffer Overflow
High
High
CAPEC-25
Forced Deadlock
High
Low
CAPEC-26
Leveraging Race Conditions
High
High
CAPEC-27
Leveraging Race Conditions via Symbolic Links
High
Medium
CAPEC-28
Fuzzing
Medium
High
CAPEC-29
Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
High
High
CAPEC-30
Hijacking a Privileged Thread of Execution
Very High
Low
CAPEC-31
Accessing/Intercepting/Modifying HTTP Cookies
High
High
CAPEC-32
XSS Through HTTP Query Strings
High
High
CAPEC-33
HTTP Request Smuggling
High
Medium
CAPEC-34
HTTP Response Splitting
High
Medium
CAPEC-35
Leverage Executable Code in Non-Executable Files
Very High
High
CAPEC-36
Using Unpublished Interfaces or Functionality
High
Medium
CAPEC-37
Retrieve Embedded Sensitive Data
Very High
High
CAPEC-38
Leveraging/Manipulating Configuration File Search Paths
Very High
High
CAPEC-39
Manipulating Opaque Client-based Data Tokens
Medium
High
CAPEC-40
Manipulating Writeable Terminal Devices
Very High
High
CAPEC-41
Using Meta-characters in E-mail Headers to Inject Malicious Payloads
High
High
CAPEC-42
MIME Conversion
High
High
CAPEC-43
Exploiting Multiple Input Interpretation Layers
High
Medium
CAPEC-44
Overflow Binary Resource File
Very High
High
CAPEC-45
Buffer Overflow via Symbolic Links
High
High
CAPEC-46
Overflow Variables and Tags
High
High
CAPEC-47
Buffer Overflow via Parameter Expansion
High
Medium
CAPEC-48
Passing Local Filenames to Functions That Expect a URL
High
High
CAPEC-49
Password Brute Forcing
High
Medium
CAPEC-50
Password Recovery Exploitation
High
Medium