1. Homepage
  2. RvR
  3. Application
  4. Attack Vectors
RvR logo





# Attack Vector Name Attack Vector Short Name Also Known As Vector Type Severity Relevance Layer Platforms Target Type Attack Category I Attack Sub Category I D P M S View
1 SQL Injection SQL Injection Sequel Injection Attack Critical Generic Application-Level Any Application Server Side Syntax Injection Code Injection Y Y Y
3 HQL Injection HQL Injection ORM Injection Attack Major Generic Application-Level Any Application Server Side Syntax Injection Code Injection Y Y Y
4 SQL Filter Injection SQL Filter Injection SQL Rowset Injection Attack Medium Technology Specific Application-Level ASP.Net, Mono Application Server Side Syntax Injection Code Injection Y Y Y
5 Server Side Include Injection SSI Injection Attack Critical Generic Application-Level Any Web Application Server Side Syntax Injection Code Injection Y
6 Server Side Javascript Injection SSJS Injection NoSQL Injection - deprecated Attack Critical Generic Application-Level Any Application Server Side Syntax Injection Code Injection Y Y Y
7 Mongo NoSQL Injection 2014 Variant Mongo NoSQL Injection Attack Major Generic Application-Level Any Application Server Side Syntax Injection Code Injection Y Y Y
8 ASP Javascript Code Injection ASP-JS Injection ASP Remote Dynamic Code Evaluation Attack Critical Technology Specific Application-Level ASP Classic Web Application Server Side Syntax Injection Code Injection Y Y Y
9 ASP VBScript Code Injection ASP-VBS Injection ASP Remote Dynamic Code Evaluation Attack Critical Technology Specific Application-Level ASP Classic Web Application Server Side Syntax Injection Code Injection Y Y Y
10 PHP Code Injection PHP Injection PHP Dynamic Code Evaluation Attack Critical Technology Specific Application-Level PHP Web Application Server Side Syntax Injection Code Injection Y Y Y
11 Java Code Injection Java Injection JSP Code Injection, ScriptEngine Code Injection, Rhino Code Injection - Variation Attack Critical Technology Specific Application-Level Java, JEE, J2EE, JSP Application Server Side Syntax Injection Code Injection Y Y Y
12 Python Code Injection Python Injection Attack Critical Technology Specific Application-Level Python Application Server Side Syntax Injection Code Injection Y Y Y
13 Perl Code Injection Perl Injection Attack Critical Technology Specific Application-Level Perl Application Server Side Syntax Injection Code Injection Y Y Y
14 Ruby Code Injection Ruby Injection Attack Critical Technology Specific Application-Level Ruby Application Server Side Syntax Injection Code Injection Y Y Y
15 PHP Object Injection PHP Object Injection Attack Critical Technology Specific Application-Level PHP Web Application Server Side Syntax Injection Code Injection Y Y Y
16 PHP preg_replace Abuse PHP preg_replace Abuse Attack Critical Technology Specific Application-Level PHP Web Application Server Side Syntax Injection Code Injection Y Y Y
17 ABAP Code Injection ABAP Injection ABAP Dynamic Code Evaluation Attack Critical Technology Specific Application-Level ABAP, SAP Web Application, SAP GUI Application Server Side Syntax Injection Code Injection Y Y Y
18 OS Command Injection OS Command Injection OS Commanding, Shell Injection Attack Critical Generic Application-Level Any Application Server Side Syntax Injection Code Injection Y Y Y
19 LDAP Injection LDAP Injection Attack Major Generic Application-Level Any Application Server Side Syntax Injection Code Injection Y Y Y
20 Format String Injection Format String Injection String Format Overflow Attack Critical Technology Specific Application-Level C, CPP, ASM Application Server Side Syntax Injection Code Injection Y Y Y
21 Null Byte Injection Null-Byte Injection Poison Null Byte, Embedding Null Code Attack Medium Generic Application-Level Any Application Server Side Syntax Injection Delimiter Injection Y Y Y
22 SMTP Injection SMTP Injection MX Injection, Mail Command Injection, Email Injection Attack Medium Generic Application-Level Any Application Server Side Syntax Injection CRLF Based Protocol Manipulation Y Y Y
23 IMAP Injection IMAP Injection MX Injection, Mail Command Injection Attack Medium Generic Application-Level Any Application Server Side Syntax Injection CRLF Based Protocol Manipulation Y Y Y
24 POP3 Injection POP3 Injection POP3 MX Injection Attack Medium Generic Application-Level Any Application Server Side Syntax Injection CRLF Based Protocol Manipulation Y Y Y
25 Email Header Injection Email Header Injection Attack Medium Generic Application-Level Any Application Server Side Syntax Injection Protocol Manipulation Y Y Y
26 Escape Sequence Injection Escape Sequence Injection Attack Major Technology Version Specific Application-Level Any Application Server Side Syntax Injection Code Injection Y Y Y
27 HTTP Request Injection HTTP Request Injection HRI Attack Major Generic Application-Level Any Application Server Side Syntax Injection CRLF Based Protocol Manipulation Y Y Y
28 HTTP Request Header Injection HTTP Request Header Injection Attack Medium Generic Application-Level Any Application Server Side Syntax Injection CRLF Based Protocol Manipulation Y Y Y
29 Reflection Injection Reflection Injection Attack Major Technology Specific Application-Level Java, JEE, J2EE, JSP, ASP.Net, Mono Application Server Side Syntax Injection Code Injection Y Y Y
30 XML Injection XML Injection Attack Medium Generic Application-Level Any Application Server Side Syntax Injection Protocol Manipulation Y Y Y
31 XQUERY Injection XQUERY Injection Attack Major Generic Application-Level Any Application Server Side Syntax Injection Code Injection Y Y Y
32 XPATH Injection XPATH Injection Attack Major Generic Application-Level Any Application Server Side Syntax Injection Code Injection Y Y Y
33 Connection String Parameter Pollution CSPP Attack Major Generic Application-Level Any Application Server Side Syntax Injection Protocol Manipulation Y Y Y
34 Special Element Injection Special Element Injection Parameter Delimiter Injection Attack Medium Generic Application-Level Any Application Server Side Syntax Injection Delimiter Injection Y Y Y
35 Windows DATA Alternate Data Stream Windows DATA ADS ADS Major Generic Application-Level Any Application Server Side Syntax Injection Protocol Manipulation Y Y Y
36 Expression Language Injection EL Injection Attack Critical Technology Specific Application-Level Spring Framework - Java Web Application Server Side Syntax Injection Code Injection Y Y Y
37 OGNL Expression Injection OGNL Expression Injection Attack Major Technology Version Specific Application-Level JSP Struts Web Application Server Side Syntax Injection Code Injection Y
38 RoR YAML Injection RoR YAML Injection RoR Code Execution, Ruby On Rails Code Execution Attack Critical Technology Version Specific Application-Level Ruby Web Application Server Side Syntax Injection Code Injection Y
39 Unsigned Server Side Control Property Injection Unsigned Server Control Property Injection EoDSeC Attack Major Technology Specific Application-Level ASP.Net, Mono, JSF Web Application Server Side Syntax Injection Protocol Manipulation Y
157 EL3 Injection EL3 Injection Lambda Injection Attack Critical Technology Specific Application-Level Java, EL3 Application Server Side Syntax Injection Code Injection Y Y Y
281 Memcached Injection Memcached Injection Attack Critical Generic Application-Level Any Web Application Server Side Syntax Injection Code Injection Y Y Y



TECAPI ©

Join