CAPEC Library

Common Attack Pattern Enumeration

All Meta High-level categories Standard Specific patterns Detailed Implementation-level
CAPEC-1
Accessing Functionality Not Properly Constrained by ACLs
High High
CAPEC-2
Inducing Account Lockout
Medium High
CAPEC-6
Argument Injection
High High
CAPEC-12
Choosing Message Identifier
High High
CAPEC-15
Command Delimiters
High High
CAPEC-17
Using Malicious Files
Very High High
CAPEC-19
Embedding Scripts within Scripts
High High
CAPEC-20
Encryption Brute Forcing
Low Low
CAPEC-23
File Content Injection
Very High High
CAPEC-29
Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
High High
CAPEC-30
Hijacking a Privileged Thread of Execution
Very High Low
CAPEC-36
Using Unpublished Interfaces or Functionality
High Medium
CAPEC-39
Manipulating Opaque Client-based Data Tokens
Medium High
CAPEC-40
Manipulating Writeable Terminal Devices
Very High High
CAPEC-48
Passing Local Filenames to Functions That Expect a URL
High High
CAPEC-49
Password Brute Forcing
High Medium
CAPEC-50
Password Recovery Exploitation
High Medium
CAPEC-54
Query System for Information
Low High
CAPEC-56
DEPRECATED: Removing/short-circuiting 'guard logic'
CAPEC-62
Cross Site Request Forgery
Very High High
CAPEC-63
Cross-Site Scripting (XSS)
Very High High
CAPEC-66
SQL Injection
High High
CAPEC-68
Subvert Code-signing Facilities
Very High Low
CAPEC-69
Target Programs with Elevated Privileges
Very High High
CAPEC-73
User-Controlled Filename
High High
CAPEC-75
Manipulating Writeable Configuration Files
Very High High
CAPEC-77
Manipulating User-Controlled Variables
Very High High
CAPEC-82
DEPRECATED: Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
CAPEC-87
Forceful Browsing
High High
CAPEC-88
OS Command Injection
High High
CAPEC-89
Pharming
Very High High
CAPEC-90
Reflection Attack in Authentication Protocol
High High
CAPEC-97
Cryptanalysis
Very High Low
CAPEC-98
Phishing
Very High High
CAPEC-99
DEPRECATED: XML Parser Attack
CAPEC-100
Overflow Buffers
Very High High
CAPEC-103
Clickjacking
High Medium
CAPEC-104
Cross Zone Scripting
High Medium
CAPEC-111
JSON Hijacking (aka JavaScript Hijacking)
High High
CAPEC-121
Exploit Non-Production Interfaces
High Low
CAPEC-126
Path Traversal
Very High High
CAPEC-128
Integer Attacks
Medium
CAPEC-133
Try All Common Switches
Medium
CAPEC-134
Email Injection
Medium
CAPEC-135
Format String Injection
High High
CAPEC-136
LDAP Injection
High High
CAPEC-138
Reflection Injection
Very High
CAPEC-140
Bypassing of Intermediate Forms in Multiple-Form Sets
Medium
CAPEC-141
Cache Poisoning
High High
CAPEC-150
Collect Data from Common Resource Locations
Medium