BL

Bug List (List of bugs)

List

Auth
- Bypass
- Insuficient Rate Limit
  - Password Spraying
- Insufficient Session Expiration
- Insufficient Session Isolation
- Password Quality
- Predictable Credentials
- Magic Link Replay
- Unsafe Distribution
- Unsafe Storage
- Unsafe Transmission
- Username Enumeration
- Username Quality
Buffer Overflow
Cache Poisoning
Clickjacking
Cookie Tossing
CRLF
- Email Injection
- WAF bypass
Cross Site Referer Leak
Cross User Defacement
CSRF (cross site request forgery)
CSS Injection
CSTI (client side template injection)
CSWSH (cross site websocket hijacking)
CVEs
Dangling Markup
Dependency Confusion
DOM Clobbering
DOS (Denial of Service)
- Flooding
  - Application Layer
    - HTTP/2 Rapid Reset
    - RUDY (R-U-Dead-Yet)
    - Slowloris
  - Protocol Based
    - HTTP
    - ICMP
    - SYN
    - UDP
- Resource Exhaustion
  - API
    - GraphQL Query Deep Attacks
    - JSON Bomb
    - XML Entity Expansion
    - ZIP Bomb
  - Auth
    - Rate Limit Abuse
    - Session Table Overflow
    - Token Exhaustion
  - BackEnd
    - CPU
    - Databases
      - Full Table Scans
      - N+1 Query Problems
      - Transaction Locks
    - Disk Space
    - FileSystem
      - Path Traversal Depth
      - Symbolic Link
      - ZIP Slip
    - Lack of resources
      - Limited Bandwidth
      - Quota Exhaustion
    - Memory
  - FrontEnd
    - CSS based rendering exhaustion
    - Resources based Load Event Handler dangling
    - Infinite Loops in Scripts
  - Parser
    - Decompression Bombs
    - Depth
    - Regular Expression
Command Injection
Cryptographic Flaws
- Errors Leaking Cryptographic Data
- Fallback to insecure protocols/cryptography
- Hardcoded keys/primitives
- Insecure Key Exchange
- IV/nonce reuse
- Key reuse
- Memory Leaks
- Missing Autentication (no-AEAD)
- Missing HSTS
- PRNGs
- Padding Oracle
- Timming Attacks
- Weak Encryption Choices
Directory Listing
DNS Cache Poisoning
Formula Injection
GRPC Injections
Host Header Injection
HPP (http parameter pollution)
HTML Injection
HTTP Connection Contamination
HTTP hop-by-hop headers
HTTP Response Smuggling
HTTP Response Splitting
IDOR (Indirect Object Reference)
Information Leakage
- Direct
  - Artifacts
  - Repositories
  - Source Code
- Errors
- Logs
- Metadata in files
Insecure Deserialization
Insecure Logging
- Log Forging
- Log Injection
LFI (local file inclusion)
LLM flaws
- Bias
- Context Flooding
- Cross Modal Data Leaks
- Data Leaks
- DOS
- Evil Output
- Insecure Output Handling
- Insecure Sandbox
- Malicious Artifacts
- Membership Inference
- Model Evasion
- Model Exfiltration
- Model fingerprinting
- Model Poisoning
- Multimodal attacks
- Prompt Injection
  - Contextual
  - Cross Domain
  - Cross Modal
  - Cross Model
  - Direct
  - Indirect
  - Invisible
  - Meta-Prompt
  - MultiTurn
  - RAG Poisoning
  - Script Injection
- Rogue Fine-Tuning
- System Prompt Leaking
- Template Injection
- Training Data Extraction
- Training-Serving Skew
Logic Flaws
- Bussiness Logic Abuse
- Excesive Permissions
- Logic Flaws in Source Code
- Negative Number For Items
- Number over/underflow
Misconfiguration
- Insecure Certificates
- Insecure Cookies
- Insecure Default Config
- Missing HTTP Security Headers
NoSQLi (no simple query language injections)
Open Redirect
Path Traversal
Private Data Disclosure
Privilege Bypass
Privilege Scalation
Race Condition
RCE (remote Code Execution)
RCI (remote code inclusion)
RFI (remote file inclusion)
Session Fixation
SMTP Header Injection (simple mail transfer protocol header injection)
SSI injections (server side includes injection)
SSRF (server side request forgery)
SSTI (server side template injection)
Subdomain Takeover
SQLi (simple query language injection)
Template Injection
Type Juggling
URL Parser Confusion
VHost confusion
Web Cache Deception
XPath injection
XS-Leaks (cross site leaks)
- Cache Probing
- CSS tricks
- CORB Leaks
- CORP Leaks
- Element Leak
- Error Events
- Frame Counting
- ID Attribute
- Navigations
- postMessage Broadcasts
- Timming Attacks
  - Connection Pool
  - Clocks
  - Execution Timing
  - Hybrid Timing
  - Network Timing
  - Performance API
- Windows References
- XS-Search
XSS
- DOM
- Mutated
- Reflected
- Self
- Stored
XSW (xml signature wrapping)
XXE (xml external entity injection)
Zone Transfer Attack

Name		Name	Last commit message	Last commit date
Latest commit History 15 Commits
Auth/Bypass		Auth/Bypass
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Uh oh!

Repository files navigation

BL

List

About

Uh oh!

Releases

Packages

Uh oh!

Uh oh!

StringManolo/BL

Folders and files

Latest commit

History

Repository files navigation

BL

List

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Packages