CSURFACE
THREAT SENSOR
Home
Analytics
News
About
Tools
Constellation
Libraries
CWE
CAPEC
MITRE ATT&CK
MITRE D3FEND
OWASP Top 10
Ransomware Groups
References
Support
EN
|
PT
CAPEC Library
Common Attack Pattern Enumeration
All
Meta
High-level categories
Standard
Specific patterns
Detailed
Implementation-level
CAPEC-3
Using Leading 'Ghost' Character Sequences to Bypass Input Filters
Medium
Medium
CAPEC-4
Using Alternative IP Address Encodings
High
Medium
CAPEC-5
Blue Boxing
Very High
Medium
CAPEC-7
Blind SQL Injection
High
High
CAPEC-8
Buffer Overflow in an API Call
High
High
CAPEC-9
Buffer Overflow in Local Command-Line Utilities
High
High
CAPEC-10
Buffer Overflow via Environment Variables
High
High
CAPEC-11
Cause Web Server Misclassification
High
Medium
CAPEC-13
Subverting Environment Variable Values
Very High
High
CAPEC-14
Client-side Injection-induced Buffer Overflow
High
Medium
CAPEC-16
Dictionary-based Password Attack
High
Medium
CAPEC-18
XSS Targeting Non-Script Elements
Very High
High
CAPEC-24
Filter Failure through Buffer Overflow
High
High
CAPEC-27
Leveraging Race Conditions via Symbolic Links
High
Medium
CAPEC-31
Accessing/Intercepting/Modifying HTTP Cookies
High
High
CAPEC-32
XSS Through HTTP Query Strings
High
High
CAPEC-33
HTTP Request Smuggling
High
Medium
CAPEC-34
HTTP Response Splitting
High
Medium
CAPEC-35
Leverage Executable Code in Non-Executable Files
Very High
High
CAPEC-37
Retrieve Embedded Sensitive Data
Very High
High
CAPEC-38
Leveraging/Manipulating Configuration File Search Paths
Very High
High
CAPEC-41
Using Meta-characters in E-mail Headers to Inject Malicious Payloads
High
High
CAPEC-42
MIME Conversion
High
High
CAPEC-43
Exploiting Multiple Input Interpretation Layers
High
Medium
CAPEC-44
Overflow Binary Resource File
Very High
High
CAPEC-45
Buffer Overflow via Symbolic Links
High
High
CAPEC-46
Overflow Variables and Tags
High
High
CAPEC-47
Buffer Overflow via Parameter Expansion
High
Medium
CAPEC-51
Poison Web Service Registry
Very High
High
CAPEC-52
Embedding NULL Bytes
High
High
CAPEC-53
Postfix, Null Terminate, and Backslash
High
High
CAPEC-55
Rainbow Table Password Cracking
Medium
Medium
CAPEC-57
Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
Very High
Medium
CAPEC-58
Restful Privilege Elevation
High
High
CAPEC-59
Session Credential Falsification through Prediction
High
High
CAPEC-60
Reusing Session IDs (aka Session Replay)
High
High
CAPEC-61
Session Fixation
High
Medium
CAPEC-64
Using Slashes and URL Encoding Combined to Bypass Validation Logic
High
High
CAPEC-65
Sniff Application Code
High
Low
CAPEC-67
String Format Overflow in syslog()
Very High
High
CAPEC-70
Try Common or Default Usernames and Passwords
High
Medium
CAPEC-71
Using Unicode Encoding to Bypass Validation Logic
High
Medium
CAPEC-72
URL Encoding
High
High
CAPEC-76
Manipulating Web Input to File System Calls
Very High
High
CAPEC-78
Using Escaped Slashes in Alternate Encoding
High
High
CAPEC-79
Using Slashes in Alternate Encoding
High
High
CAPEC-80
Using UTF-8 Encoding to Bypass Validation Logic
High
High
CAPEC-81
Web Server Logs Tampering
High
Medium
CAPEC-83
XPath Injection
High
High
CAPEC-84
XQuery Injection
Very High
High