CSURFACE
THREAT SENSOR
Home
Analytics
News
About
Tools
Constellation
Libraries
CWE
CAPEC
MITRE ATT&CK
MITRE D3FEND
OWASP Top 10
Ransomware Groups
References
Support
EN
|
PT
CAPEC Library
Common Attack Pattern Enumeration
All
Meta
High-level categories
Standard
Specific patterns
Detailed
Implementation-level
CAPEC-1
Accessing Functionality Not Properly Constrained by ACLs
High
High
CAPEC-2
Inducing Account Lockout
Medium
High
CAPEC-6
Argument Injection
High
High
CAPEC-12
Choosing Message Identifier
High
High
CAPEC-15
Command Delimiters
High
High
CAPEC-17
Using Malicious Files
Very High
High
CAPEC-19
Embedding Scripts within Scripts
High
High
CAPEC-20
Encryption Brute Forcing
Low
Low
CAPEC-23
File Content Injection
Very High
High
CAPEC-29
Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
High
High
CAPEC-30
Hijacking a Privileged Thread of Execution
Very High
Low
CAPEC-36
Using Unpublished Interfaces or Functionality
High
Medium
CAPEC-39
Manipulating Opaque Client-based Data Tokens
Medium
High
CAPEC-40
Manipulating Writeable Terminal Devices
Very High
High
CAPEC-48
Passing Local Filenames to Functions That Expect a URL
High
High
CAPEC-49
Password Brute Forcing
High
Medium
CAPEC-50
Password Recovery Exploitation
High
Medium
CAPEC-54
Query System for Information
Low
High
CAPEC-56
DEPRECATED: Removing/short-circuiting 'guard logic'
CAPEC-62
Cross Site Request Forgery
Very High
High
CAPEC-63
Cross-Site Scripting (XSS)
Very High
High
CAPEC-66
SQL Injection
High
High
CAPEC-68
Subvert Code-signing Facilities
Very High
Low
CAPEC-69
Target Programs with Elevated Privileges
Very High
High
CAPEC-73
User-Controlled Filename
High
High
CAPEC-75
Manipulating Writeable Configuration Files
Very High
High
CAPEC-77
Manipulating User-Controlled Variables
Very High
High
CAPEC-82
DEPRECATED: Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
CAPEC-87
Forceful Browsing
High
High
CAPEC-88
OS Command Injection
High
High
CAPEC-89
Pharming
Very High
High
CAPEC-90
Reflection Attack in Authentication Protocol
High
High
CAPEC-97
Cryptanalysis
Very High
Low
CAPEC-98
Phishing
Very High
High
CAPEC-99
DEPRECATED: XML Parser Attack
CAPEC-100
Overflow Buffers
Very High
High
CAPEC-103
Clickjacking
High
Medium
CAPEC-104
Cross Zone Scripting
High
Medium
CAPEC-111
JSON Hijacking (aka JavaScript Hijacking)
High
High
CAPEC-121
Exploit Non-Production Interfaces
High
Low
CAPEC-126
Path Traversal
Very High
High
CAPEC-128
Integer Attacks
Medium
CAPEC-133
Try All Common Switches
Medium
CAPEC-134
Email Injection
Medium
CAPEC-135
Format String Injection
High
High
CAPEC-136
LDAP Injection
High
High
CAPEC-138
Reflection Injection
Very High
CAPEC-140
Bypassing of Intermediate Forms in Multiple-Form Sets
Medium
CAPEC-141
Cache Poisoning
High
High
CAPEC-150
Collect Data from Common Resource Locations
Medium