Fluid Attacks Database

Database

Functionality Abuse

002. Asymmetric denial of service 003. Symmetric denial of service 014. Insecure functionality 033. Password change without identity check 048. Lack of root detection 055. Insecure service configuration - ADB Backups 058. Debugging enabled in production - APK 060. Insecure service configuration - Host verification 061. Remote File Inclusion 064. Traceability loss - Server's clock 065. Cached form fields 067. Improper resource allocation 070. Insecure service configuration - ELB 073. Improper authorization control for web services - RDS 079. Non-upgradable dependencies 087. Account lockout 088. Privacy violation 093. Hidden fields manipulation 095. Data uniqueness not properly verified 101. Lack of protection against deletion 102. Email uniqueness not properly verified 108. Improper control of interaction frequency 109. Unrestricted access between network segments - RDS 110. HTTP request smuggling 113. Improper type assignation 117. Unverifiable files 118. Regulation infringement 120. Improper dependency pinning 122. Email flooding 124. Race condition 138. Inappropriate coding practices 140. Insecure exceptions - Empty or no catch 143. Inappropriate coding practices - Eval function 145. Inappropriate coding practices - Cyclomatic complexity 164. Insecure service configuration 165. Insecure service configuration - AWS 166. Insecure service configuration - Kerberoast 167. Insecure service configuration - Wireless Certificates 168. Insecure service configuration - Keystore 169. Insecure service configuration - Keys 170. Insecure service configuration - Antivirus 171. Insecure service configuration - Firewall 172. Insecure service configuration - App Backup 173. Insecure service configuration - Backup 174. Insecure service configuration - Backdoor 175. Insecure service configuration - DNS 176. Insecure service configuration - SSH 177. Insecure service configuration - Security Groups 178. Insecure service configuration - RDP 179. Insecure service configuration - SMB 180. Insecure service configuration - SMTP 181. Insecure service configuration - DynamoDB 183. Debugging enabled in production 200. Traceability loss 211. Asymmetric denial of service - ReDoS 231. Message flooding 233. Incomplete functional code 255. Insecure functionality - Pass the hash 256. Lack of protection against deletion - RDS 257. Lack of protection against deletion - EC2 258. Lack of protection against deletion - ELB 259. Lack of protection against deletion - DynamoDB 260. Insecure Binary compilation 267. Excessive Privileges - Kubernetes 268. Insecure service configuration - Webview 270. Insecure functionality - File Creation 271. Insecure functionality - Password management 272. Insecure functionality - Masking 273. Insecure functionality - Fingerprint 278. Insecure exceptions - NullPointerException 285. Insecure service configuration - App Transport Security 293. Insecure service configuration - Key pair 294. Insecure service configuration - OTP 302. Insecure functionality - Session management 304. Inappropriate coding practices - Performance 308. Enabled default configuration 312. Insecure service configuration - Signatures 313. Insecure service configuration - Certificates 314. Insecure service configuration - DB 315. Insecure service configuration - CloudDB 316. Improper resource allocation - Buffer overflow 317. Improper resource allocation - Memory leak 319. Insecure service configuration - Roles 320. Insecure service configuration - LDAP 324. Insecure functionality - User management 333. Insecure service configuration - EC2 334. Insecure service configuration - IAM 335. Insecure service configuration - Bucket 338. Insecure service configuration - Salt 339. Insecure service configuration - Request Validation 343. Insecure service configuration - BREACH Attack 347. Insecure service configuration - Task Hijacking 352. Insecure service configuration - Non Masked Variables 356. Symmetric denial of service - SMTP 357. Symmetric denial of service - FTP 358. Insecure service configuration - DocumentBuilderFactory 366. Inappropriate coding practices - Transparency Conflict 380. Supply Chain Attack - Docker 381. Supply Chain Attack - Terraform 382. Insufficient data authenticity validation - Front bypass 384. Inappropriate coding practices - Wildcard export 386. Cross-Site Leak - Frame Counting 387. Insecure service configuration - Object Reutilization 391. Inappropriate coding practices - Unused properties 392. Security controls bypass or absence - Firewall 393. Use of software with known vulnerabilities in development 394. Insufficient data authenticity validation - Cloudtrail Logs 395. Insecure generation of random numbers - Static IV 396. Insecure service configuration - KMS 398. Fragment Injection 399. Security controls absence - Monitoring 400. Traceability Loss - AWS 401. Insecure service configuration - AKV Secret Expiration 402. Traceability Loss - Azure 403. Insecure service configuration - usesCleartextTraffic 404. OS Command Injection 405. Excessive privileges - Access Mode 410. Dependency Confusion 411. Insecure encryption algorithm - Default encryption 412. Lack of protection against deletion - Azure Key Vault 413. Insecure file upload - DLL Injection 414. Insecure service configuration - Header Checking 415. Insecure service configuration - Container level access policy 416. XAML injection 417. Account Takeover 418. Insecure service configuration - Docker 419. Traceability Loss - Kubernetes 420. Password reset poisoning 423. Inappropriate coding practices - System exit 426. Supply Chain Attack - Kubernetes 428. Inappropriate coding practices - invalid file 431. Supply Chain Attack - Lock Files 432. Inappropriate coding practices - relative path command 437. Supply Chain Attack - GitHub Actions 443. Insecure service configuration - Business logic 444. Sensitive Information in Auto-Generated Screenshots 445. Bucket takeover 446. Insecure service configuration - Azure 447. Supply Chain Attack - Gradle