[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 909 Download | Alert*

The product stores sensitive information in files or directories that are accessible to actors outside of the intended control sphere.

The software specifies a regular expression in a way that causes data to be improperly matched or compared.

The software does not enforce or incorrectly enforces that structured messages or data are well-formed before being read from an upstream component or sent to a downstream component.

The software does not properly protect an assumed-immutable element from being modified by an attacker.

The code has features that do not directly introduce a weakness or vulnerability, but indicate that the product has not been carefully developed or maintained.

Software that does not appropriately monitor or control resource consumption can lead to adverse system performance.

Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.

The software allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in violation of the intended security policy for that actor.

Weaknesses in this category are related to improper management of system state.

The software receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.

Pages:      Start    4    5    6    7    8    9    10    11    12    13    14    15    16    17    ..   90

© SecPod Technologies