Information-Disclosure
File Inclusion (LFI/RFI) — Executing or Exposing Files via Improper Input Handling
File Inclusion vulnerabilities, including Local File Inclusion (LFI) and Remote File Inclusion (RFI), allow attackers to include unintended files in application execution flow. This SECMONS glossary entry explains how file inclusion works, how it differs from path traversal, and how defenders should mitigate it.
Out-of-Bounds Read (CWE-125) — Reading Memory Beyond Intended Limits
An out-of-bounds read occurs when a program reads data outside the boundaries of an allocated memory buffer. This SECMONS glossary entry explains how out-of-bounds reads happen, their security impact, and how they relate to memory corruption and data exposure vulnerabilities.
Path Traversal (Directory Traversal) — Accessing Files Outside Intended Directories
Path Traversal, also known as Directory Traversal, is a vulnerability that allows attackers to access files and directories outside the intended application root. This SECMONS glossary entry explains how path traversal works, its impact, and how defenders should prevent and detect it.