The weaknesses in this category are related to ways in which software does not properly manage the creation, usage, transfer, or destruction of important system resources.

image

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-494
Download of Code Without Integrity Check

CWE-829
Inclusion of Functionality from Untrusted Control Sphere

CWE-676
Use of Potentially Dangerous Function

CWE-131
Incorrect Calculation of Buffer Size

CWE-134
Uncontrolled Format String

CWE-190
Integer Overflow or Wraparound

Reference: http://www.sans.org/top25-software-errors/#cat1

See my other blogs at:

See my colleagues blogs at: