| Existing Patterns
Modified with Enhanced Material
|
| CAPEC-1 |
Accessing Functionality Not Properly Constrained by ACLs |
| CAPEC-3 |
Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
| CAPEC-4 |
Using Alternative IP Address Encodings |
| CAPEC-7 |
Blind SQL Injection |
| CAPEC-11 |
Cause Web Server Misclassification |
| CAPEC-19 |
Embedding Scripts within Scripts |
| CAPEC-23 |
File Content Injection |
| CAPEC-29 |
Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions |
| CAPEC-30 |
Hijacking a Privileged Thread of Execution |
| CAPEC-31 |
Accessing/Intercepting/Modifying HTTP Cookies |
| CAPEC-32 |
XSS Through HTTP Query Strings |
| CAPEC-33 |
HTTP Request Smuggling |
| CAPEC-34 |
HTTP Response Splitting |
| CAPEC-36 |
Using Unpublished APIs |
| CAPEC-40 |
Manipulating Writeable Terminal Devices |
| CAPEC-47 |
Buffer Overflow via Parameter Expansion |
| CAPEC-48 |
Passing Local Filenames to Functions That Expect a URL |
| CAPEC-49 |
Password Brute Forcing |
| CAPEC-59 |
Session Credential Falsification through Prediction |
| CAPEC-61 |
Session Fixation |
| CAPEC-62 |
Cross Site Request Forgery |
| CAPEC-64 |
Using Slashes and URL Encoding Combined to Bypass Validation Logic |
| CAPEC-66 |
SQL Injection |
| CAPEC-70 |
Try Common or Default Usernames and Passwords |
| CAPEC-83 |
XPath Injection |
| CAPEC-87 |
Forceful Browsing |
| CAPEC-89 |
Pharming |
| CAPEC-94 |
Man in the Middle Attack |
| CAPEC-100 |
Overflow Buffers |
| CAPEC-101 |
Server Side Include (SSI) Injection |
| CAPEC-102 |
Session Sidejacking |
| CAPEC-103 |
Clickjacking |
| CAPEC-104 |
Cross Zone Scripting |
| CAPEC-105 |
HTTP Request Splitting |
| CAPEC-107 |
Cross Site Tracing |
| CAPEC-108 |
Command Line Execution through SQL Injection |
| CAPEC-109 |
Object Relational Mapping Injection |
| CAPEC-110 |
SQL Injection through SOAP Parameter Tampering |
| CAPEC-111 |
JSON Hijacking (aka JavaScript Hijacking) |
| CAPEC-112 |
Brute Force |
| CAPEC-115 |
Authentication Bypass |
| CAPEC-120 |
Double Encoding |
| CAPEC-122 |
Privilege Abuse |
| CAPEC-124 |
Shared Data Manipulation |
| CAPEC-127 |
Directory Indexing |
| CAPEC-128 |
Integer Attacks |
| CAPEC-129 |
Pointer Manipulation |
| CAPEC-130 |
Excessive Allocation |
| CAPEC-131 |
Resource Leak Exposure |
| CAPEC-132 |
Symlink Attack |
| CAPEC-133 |
Try All Common Switches |
| CAPEC-134 |
Email Injection |
| CAPEC-135 |
Format String Injection |
| CAPEC-137 |
Parameter Injection |
| CAPEC-138 |
Reflection Injection |
| CAPEC-139 |
Relative Path Traversal |
| CAPEC-140 |
Bypassing of Intermediate Forms in Multiple-Form Sets |
| CAPEC-142 |
DNS Cache Poisoning |
| CAPEC-145 |
Checksum Spoofing |
| CAPEC-148 |
Content Spoofing |
| CAPEC-149 |
Explore for Predictable Temporary File Names |
| CAPEC-150 |
Collect Data from Common Resource Locations |
| CAPEC-151 |
Identity Spoofing |
| CAPEC-153 |
Input Data Manipulation |
| CAPEC-154 |
Resource Location Spoofing |
| CAPEC-155 |
Screen Temporary Files for Sensitive Information |
| CAPEC-158 |
Sniffing Network Traffic |
| CAPEC-160 |
Exploit Script-Based APIs |
| CAPEC-162 |
Manipulating Hidden Fields |
| CAPEC-163 |
Spear Phishing |
| CAPEC-165 |
File Manipulation |
| CAPEC-166 |
Force the System to Reset Values |
| CAPEC-168 |
Windows ::DATA Alternate Data Stream |
| CAPEC-170 |
Web Application Fingerprinting |
| CAPEC-180 |
Exploiting Incorrectly Configured Access Control Security Levels |
| CAPEC-182 |
Flash Injection |
| CAPEC-183 |
IMAP/SMTP Command Injection |
| CAPEC-187 |
Malicious Automated Software Update |
| CAPEC-191 |
Read Sensitive Strings Within an Executable |
| CAPEC-193 |
PHP Remote File Inclusion |
| CAPEC-195 |
Principal Spoof |
| CAPEC-197 |
XML Entity Expansion |
| CAPEC-198 |
XSS Targeting Error Pages |
| CAPEC-200 |
Removal of filters: Input filters, output filters, data masking |
| CAPEC-201 |
XML Entity Blowup |
| CAPEC-203 |
Manipulate Application Registry Values |
| CAPEC-206 |
Lifting signing key and signing malicious code from a production environment |
| CAPEC-208 |
Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements |
| CAPEC-219 |
XML Routing Detour Attacks |
| CAPEC-221 |
XML External Entities |
| CAPEC-222 |
iFrame Overlay |
| CAPEC-228 |
DTD Injection |
| CAPEC-229 |
XML Attribute Blowup |
| CAPEC-234 |
Hijacking a privileged process |
| CAPEC-236 |
Catching exception throw/signal from privileged block |
| CAPEC-237 |
Calling Signed Code From Another Language Within A Sandbox Allow This |
| CAPEC-247 |
XSS Using Invalid Characters |
| CAPEC-250 |
XML Injection |
| CAPEC-251 |
Local Code Inclusion |
| CAPEC-256 |
SOAP Array Overflow |
| CAPEC-273 |
HTTP Response Smuggling |
| CAPEC-275 |
DNS Rebinding |
| CAPEC-285 |
ICMP Echo Request Ping |
| CAPEC-294 |
ICMP Address Mask Request |
| CAPEC-295 |
ICMP Timestamp Request |
| CAPEC-296 |
ICMP Information Request |
| CAPEC-406 |
Dumpster Diving |
| CAPEC-407 |
Pretexting |
| CAPEC-410 |
Information Elicitation |
| CAPEC-412 |
Pretexting via Customer Service |
| CAPEC-413 |
Pretexting via Tech Support |
| CAPEC-414 |
Pretexting via Delivery Person |
| CAPEC-415 |
Pretexting via Phone |
| CAPEC-416 |
Manipulate Human Behavior |
| CAPEC-417 |
Influence Perception |
| CAPEC-418 |
Influence Perception of Reciprocation |
| CAPEC-420 |
Influence Perception of Scarcity |
| CAPEC-421 |
Influence Perception of Authority |
| CAPEC-422 |
Influence Perception of Commitment and Consistency |
| CAPEC-423 |
Influence Perception of Liking |
| CAPEC-424 |
Influence Perception of Consensus or Social Proof |
| CAPEC-425 |
Target Influence via Framing |
| CAPEC-426 |
Influence via Incentives |
| CAPEC-427 |
Influence via Psychological Principles |
| CAPEC-429 |
Target Influence via Eye Cues |
| CAPEC-463 |
Padding Oracle Crypto Attack |
| CAPEC-491 |
XML Quadratic Expansion |
| CAPEC-506 |
Tapjacking |
| CAPEC-546 |
Probe Application Memory |
| CAPEC-588 |
DOM-Based XSS |
| CAPEC-590 |
IP Address Blocking |
| CAPEC-591 |
Reflected XSS |
| CAPEC-592 |
Stored XSS |
| CAPEC-603 |
Blockage |
| CAPEC-604 |
Wi-Fi Jamming |
| CAPEC-610 |
Cellular Data Injection |
| CAPEC-611 |
BitSquatting |
| CAPEC-624 |
Fault Injection |
