[Forgot Password]
Login  Register Subscribe

24547

 
 

132803

 
 

128796

 
 

909

 
 

106110

 
 

152

 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

Weaknesses in this category are related to the management of credentials.

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

The program accesses or uses a pointer that has not been initialized.

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems.

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

Weaknesses in this category are typically found within source code.

The software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90

© SecPod Technologies