Threat name | Description |
SQL Injection | A security weakness where attackers insert harmful SQL commands into a website’s database queries. This can let them view, change, or delete information they shouldn’t have access to. |
Cross-Site Scripting | When attackers place malicious scripts into a trusted website, causing it to display unwanted content or steal data from visitors. |
Local File Inclusion | A flaw that allows attackers to trick a website into loading or showing files stored on its own server. This can lead to stolen information, harmful code execution, or further attacks. |
Remote File Inclusion | A vulnerability where a website is tricked into loading files from an outside server. If those files contain malicious code, the attacker can take control of the website’s behavior. |
PHP/Java Code Injection | When attackers add harmful PHP or Java code to a website’s programming. The site then runs this code, which can happen if user input isn’t properly checked or filtered. |
HTTPoxy | A flaw in some web applications that lets attackers redirect web traffic by manipulating certain server settings, potentially intercepting or altering data. |
Shellshock | A bug in some Linux/Unix systems that lets attackers run their own commands on the system by sending specially crafted data to the server. |
Unix/Windows Shell Injection | When attackers send harmful commands through a vulnerable application, giving them the ability to run those commands directly on the server’s operating system. |
Session Fixation | A method where attackers force or guess a user’s session ID (the “key” that keeps you logged in) so they can hijack the account during an active session |
Scanner/Bot Detection | Security measures that detect and limit automated tools, like bots or scanners, that try to find weaknesses or overload the website |
Metadata/Error Leakages | When a website accidentally reveals private or sensitive details in hidden data or error messages, which attackers can use to their advantage. |