Fluid Attacks Database

Database

Unexpected Injection

001. SQL injection - C Sharp SQL API 004. Remote command execution 008. Reflected cross-site scripting (XSS)010. Stored cross-site scripting (XSS)012. SQL injection - Java Persistence API 021. XPath injection 045. HTML code injection 063. Lack of data validation - Path Traversal 083. XML injection (XXE)089. Lack of data validation - Trust boundary violation 090. CSV injection 096. Insecure deserialization 105. Apache lucene query injection 106. NoSQL injection 107. LDAP injection 112. SQL injection - Java SQL API 121. HTTP parameter pollution 127. Lack of data validation - Type confusion 141. Lack of data validation - URL 146. SQL injection 154. Time-based SQL Injection 155. SQL Injection - Headers 184. Lack of data validation 185. Lack of data validation - Header x-amzn-RequestId 186. Lack of data validation - Web Service 187. Lack of data validation - Source Code 188. Lack of data validation - Modify DOM Elements 189. Lack of data validation - Content Spoofing 190. Lack of data validation - Session Cookie 191. Lack of data validation - Responses 192. Lack of data validation - Reflected Parameters 193. Lack of data validation - Host Header Injection 194. Lack of data validation - Input Length 195. Lack of data validation - Headers 196. Lack of data validation - Dates 197. Lack of data validation - Numbers 198. Lack of data validation - Out of range 199. Lack of data validation - Emails 274. Restricted fields manipulation 297. SQL injection - Code 321. Lack of data validation - HTML code 323. XML injection (XXE) - Unmarshaller 340. Lack of data validation - Special Characters 341. Lack of data validation - OTP 344. Lack of data validation - Non Sanitized Variables 353. Lack of data validation - Token 361. Missing secure obfuscation - JavaScript 362. Technical information leak - Content response 363. Weak credential policy - Password strength 364. Weak credential policy - Temporary passwords 365. Authentication mechanism absence or evasion - Response tampering 371. DOM-Based cross-site scripting (XSS)390. Prototype Pollution 422. Server side template injection 425. Server side cross-site scripting 429. Universal cross-site scripting (UXSS)430. Serverless - one dedicated IAM role per function 434. Client-side template injection 438. Error-based SQL Injection 442. SMTP header injection 450. Blind-based SQL injection 451. OData injection 452. Prompt injection 454. Improper output handling