[Forgot Password]
Login  Register Subscribe

25354

 
 

132805

 
 

139176

 
 

909

 
 

113006

 
 

156

 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

The product processes an XML document that can contain XML entities with URLs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG is not cryptographically strong.

A Pseudo-Random Number Generator (PRNG) uses seeds incorrectly.

The software requires the use of XML documents and allows their structure to be defined with a Document Type Definition (DTD). The software allows the DTD to recursively define entities which can lead to explosive growth of data when parsed.

The application uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.

The software uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the encoding that is expected by the downstream component.

The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.


Pages:      Start    2    3    4    5    6    7    8    9    10    11    12    13    14    15    ..   90

© SecPod Technologies