|Paid content will be excluded from the download.
| Matches : 909
|The software receives input from an upstream component, but it
does not neutralize or incorrectly neutralizes code syntax before using the
input in a dynamic evaluation call (e.g. "eval").
The software receives input from an upstream component, but it
does not neutralize or incorrectly neutralizes code syntax before inserting the
input into an executable resource, such as a library, configuration file, or
The software generates a web page, but does not neutralize or
incorrectly neutralizes user-controllable input that could be interpreted as a
server-side include (SSI) directive.
The PHP application receives input from an upstream component,
but it does not restrict or incorrectly restricts the input before its usage in
"require," "include," or similar functions.
The use of IP addresses as authentication is flawed and can
easily be spoofed by malicious users.
The product performs a calculation to determine how much memory
to allocate, but an integer overflow can occur that causes less memory to be
allocated than expected, leading to a buffer overflow.
The product, while copying or cloning a resource, does not set
the resource's permissions or access control until the copy is complete, leaving
the resource exposed to other spheres while the copy is taking
The product does not check for an error after calling a
function that can return with a NULL pointer if the function fails, which leads
to a resultant NULL pointer dereference.
The product uses a blacklist-based protection mechanism to
defend against XSS attacks, but the blacklist is incomplete, allowing XSS
variants to succeed.
The software uses a sequential operation to read or write a
buffer, but it uses an incorrect length value that causes it to access memory
that is outside of the bounds of the buffer.
Pages:      Start    2    3    4    5    6    7    8    9    10    11    12    13    14    15    ..   90
© 2013 SecPod Technologies